Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d24acbe0-298b-4159-997a-8e21aadfa320.roa
File:                     d24acbe0-298b-4159-997a-8e21aadfa320.roa (raw, json)
Hash identifier:          vlCTbJizXe3IyB2wjF7FlkWwS9zVAcm6H/PWMGBT08Q=
Subject key identifier:   E7:A3:40:A5:82:66:00:72:FF:BD:62:3B:07:12:A7:90:07:79:F3:26
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2213AF78435E360A7D3FEBAD177933BA6330EF0F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d24acbe0-298b-4159-997a-8e21aadfa320.roa
Signing time:             Fri 19 Jul 2024 00:00:00 +0000
ROA not before:           Fri 19 Jul 2024 00:00:00 +0000
ROA not after:            Fri 23 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:13:af:78:43:5e:36:0a:7d:3f:eb:ad:17:79:33:ba:63:30:ef:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 19 00:00:00 2024 GMT
            Not After : Aug 23 23:59:59 2024 GMT
        Subject: serialNumber=d669caf7a910c50edf80cd7efae82d6b2256bf7e8cf114738a6f20a4661c1a10, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3b:b1:e7:d5:a6:ad:29:fd:d4:80:00:e1:65:
                    23:56:71:49:36:5b:8f:92:ef:e5:6b:71:22:d3:46:
                    a2:ec:61:06:1d:4c:49:87:9f:b4:a7:c6:5e:d5:1a:
                    68:ca:9b:93:83:81:a8:33:ca:74:b8:47:ee:88:b3:
                    23:f3:77:18:ea:d7:65:cd:1a:ca:85:00:4c:4a:93:
                    f8:72:c5:0e:4d:b1:7e:d6:c1:cd:d0:42:c4:f9:d9:
                    f4:2a:62:bc:67:80:3a:99:55:a1:9d:45:e4:c1:19:
                    8d:fe:e3:05:a1:c6:46:d8:83:72:69:24:33:12:22:
                    0e:00:8a:73:d8:5e:d1:fa:23:24:bf:d7:97:4f:c1:
                    19:34:aa:84:de:f5:e6:d2:2d:e8:e3:41:76:fb:d5:
                    8f:18:cf:81:38:40:bb:db:91:27:8c:5a:1f:f2:06:
                    46:7a:2e:c3:b4:a6:3f:11:88:08:6e:93:1c:83:fe:
                    76:93:da:b1:8a:77:b8:e0:a7:b0:21:e9:a5:bd:98:
                    2a:69:00:39:9e:7a:bd:1b:e4:36:38:c4:fe:b7:43:
                    60:0d:23:c6:31:23:aa:a0:e4:06:99:96:53:43:4e:
                    2e:4a:cb:f2:33:05:3a:00:00:05:60:02:cd:32:26:
                    0a:35:75:3e:95:24:87:2f:e6:ed:0e:96:27:d3:d6:
                    f3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:A3:40:A5:82:66:00:72:FF:BD:62:3B:07:12:A7:90:07:79:F3:26
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d24acbe0-298b-4159-997a-8e21aadfa320.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:17:fe:b4:5a:b7:dd:1d:a9:87:36:eb:6a:41:77:14:89:52:
         fc:97:54:98:9f:7c:d6:5e:02:b2:62:8a:cc:56:51:ca:f3:ce:
         cc:ae:e9:28:cb:6a:54:75:e5:5f:89:cc:4c:74:cc:67:4d:17:
         5f:34:4b:54:c0:e2:d0:b2:68:6d:4f:3c:19:8f:41:d2:b1:25:
         e7:ed:aa:ab:0d:e1:4f:bb:a1:4e:ca:1c:60:e6:10:10:ad:83:
         fb:c3:e1:03:4b:a0:b5:7d:83:cb:45:e0:5a:56:10:95:4f:da:
         e6:0f:7a:53:45:32:4f:8c:fc:03:ab:79:b0:aa:c5:8d:d1:49:
         71:71:94:02:ec:05:ae:0f:59:c9:c1:84:ee:ae:99:a1:ab:8d:
         b2:ac:0b:16:69:c4:14:aa:a5:b6:e0:38:d6:b3:18:f2:c4:6b:
         61:ab:6d:cc:e8:2e:95:9e:84:53:f4:11:9d:6a:11:70:b3:56:
         c4:96:45:ff:72:2f:77:80:17:41:6f:77:a0:ee:e7:7f:ba:16:
         71:68:7e:91:f2:62:12:4d:4a:1a:c1:d7:e5:c9:e3:9f:73:28:
         d4:8b:28:09:17:bd:59:b4:a0:cb:f0:bb:e9:a2:82:79:c5:a1:
         75:41:f9:c7:77:af:39:e7:9c:80:d5:a9:7f:d0:f0:64:00:61:
         21:e1:d4:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIhOveENeNgp9P+utF3kzumMw7w8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzE5MDAwMDAwWhcNMjQwODIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNjY5Y2FmN2E5MTBjNTBlZGY4MGNkN2VmYWU4MmQ2YjIy
NTZiZjdlOGNmMTE0NzM4YTZmMjBhNDY2MWMxYTEwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuO7Hn1aatKf3UgADhZSNWcUk2W4+S7+VrcSLTRqLsYQYd
TEmHn7Snxl7VGmjKm5ODgagzynS4R+6IsyPzdxjq12XNGsqFAExKk/hyxQ5NsX7W
wc3QQsT52fQqYrxngDqZVaGdReTBGY3+4wWhxkbYg3JpJDMSIg4AinPYXtH6IyS/
15dPwRk0qoTe9ebSLejjQXb71Y8Yz4E4QLvbkSeMWh/yBkZ6LsO0pj8RiAhukxyD
/naT2rGKd7jgp7Ah6aW9mCppADmeer0b5DY4xP63Q2ANI8YxI6qg5AaZllNDTi5K
y/IzBToAAAVgAs0yJgo1dT6VJIcv5u0OlifT1vM3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU56NApYJmAHL/vWI7BxKnkAd58yYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QyNGFjYmUwLTI5OGItNDE1OS05OTdhLThlMjFhYWRmYTMyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALYX/rRat90dqYc262pBdxSJUvyX
VJiffNZeArJiisxWUcrzzsyu6SjLalR15V+JzEx0zGdNF180S1TA4tCyaG1PPBmP
QdKxJeftqqsN4U+7oU7KHGDmEBCtg/vD4QNLoLV9g8tF4FpWEJVP2uYPelNFMk+M
/AOrebCqxY3RSXFxlALsBa4PWcnBhO6umaGrjbKsCxZpxBSqpbbgONazGPLEa2Gr
bczoLpWehFP0EZ1qEXCzVsSWRf9yL3eAF0Fvd6Du53+6FnFofpHyYhJNShrB1+XJ
459zKNSLKAkXvVm0oMvwu+mignnFoXVB+cd3rznnnIDVqX/Q8GQAYSHh1E4=
-----END CERTIFICATE-----