Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d38fa3e7-6a0e-4ae8-81e3-827ab720c8fa.roa
File:                     d38fa3e7-6a0e-4ae8-81e3-827ab720c8fa.roa (raw, json)
Hash identifier:          fkqq3jWQNG0oJDtmzj119Mo9l9zDGVQL3K+4WqBxI8E=
Subject key identifier:   69:13:E2:4C:AC:31:F9:F3:8E:45:73:94:4C:FA:F6:58:2F:45:CA:BB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2BDDCCA05ED8C5AB747761190271D015F7968DC7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d38fa3e7-6a0e-4ae8-81e3-827ab720c8fa.roa
Signing time:             Wed 31 Jan 2024 00:00:00 +0000
ROA not before:           Wed 31 Jan 2024 00:00:00 +0000
ROA not after:            Wed 06 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:dd:cc:a0:5e:d8:c5:ab:74:77:61:19:02:71:d0:15:f7:96:8d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 31 00:00:00 2024 GMT
            Not After : Mar  6 23:59:59 2024 GMT
        Subject: serialNumber=7be7acaaf621e6d94b5e5c1e5bfe6fe35e2d330ba8faf11b3376060f5f59b2e9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:70:b7:ef:56:31:23:e3:38:f4:ae:0b:61:01:
                    05:a4:f6:94:10:e4:8b:7b:22:5a:3b:c2:ec:9c:77:
                    92:3a:c9:e0:af:20:28:e1:32:11:9c:3a:a2:14:e9:
                    d9:10:65:52:86:2a:3b:e7:45:81:a7:a9:25:4e:08:
                    e0:28:c5:2c:e3:8b:95:f1:db:a8:de:9a:90:e5:86:
                    11:81:a0:bc:48:80:3e:2b:e5:ae:e5:c4:9c:0d:82:
                    51:9b:fe:7e:68:f5:70:05:49:88:a2:bc:f4:09:c1:
                    87:ed:b0:1f:9b:4b:0d:9a:3d:64:7d:7a:6d:30:d1:
                    0e:2a:af:05:bd:6a:57:f1:ed:7c:4c:65:82:c8:4e:
                    62:77:8e:cf:59:c3:e1:2a:f8:64:41:72:d6:5d:eb:
                    c2:42:07:b8:24:43:fc:95:97:a5:73:dc:77:20:1e:
                    48:90:42:0b:f3:f5:f1:fc:73:a5:e9:15:64:92:11:
                    ce:a7:61:e7:32:54:5f:5e:15:5c:56:21:d9:57:13:
                    c4:a2:f8:76:6d:79:84:6f:c8:88:c0:82:40:dc:c6:
                    ba:25:22:02:0f:54:95:15:d7:c4:77:f8:17:c7:a6:
                    0a:c9:65:43:29:53:4c:fd:a8:39:1a:52:9c:63:ae:
                    9e:0b:5b:79:c2:b0:e5:96:a0:2a:f5:90:5b:72:6d:
                    ae:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:13:E2:4C:AC:31:F9:F3:8E:45:73:94:4C:FA:F6:58:2F:45:CA:BB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d38fa3e7-6a0e-4ae8-81e3-827ab720c8fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:c5:c1:0e:43:3d:8e:de:6b:f7:18:85:68:e8:d2:41:1d:45:
         9f:ea:fb:86:7b:04:0a:94:5c:48:e5:b0:1f:8e:32:40:52:a4:
         24:49:cd:1e:cb:b9:05:82:e3:15:ad:b8:9e:0f:72:4b:76:13:
         ee:b7:da:aa:89:01:80:68:d8:de:92:89:81:e7:5f:17:b2:f4:
         fc:f3:21:cc:bb:90:9e:7a:46:b3:40:20:0e:8c:a3:89:1d:91:
         69:f2:75:c1:36:15:84:48:bd:df:6f:89:6e:9e:28:e5:d6:ba:
         e1:ef:f2:3d:f7:3b:fe:80:96:67:f8:34:1f:75:24:66:a2:65:
         bd:52:1f:d4:f8:01:99:c5:ec:18:91:61:8c:32:ea:e6:c3:69:
         c2:4f:65:41:b2:d5:b1:67:54:5d:39:5a:62:ce:5a:2b:a4:21:
         26:27:47:33:2b:42:14:37:30:d5:ce:c2:9e:aa:59:67:ab:2a:
         66:ee:82:fe:c2:9a:de:a3:4b:48:28:5d:02:59:b2:26:cf:e1:
         05:5b:62:2a:e8:57:ca:86:bc:65:16:ae:2a:e0:51:46:8d:05:
         d3:d0:1d:59:16:e7:0f:02:2e:8b:40:a2:26:d4:7b:55:f3:53:
         50:56:28:80:7f:88:d2:0d:5d:c7:a5:ce:1e:f0:82:bc:b1:a7:
         90:9b:e1:a5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK93MoF7Yxat0d2EZAnHQFfeWjccwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTMxMDAwMDAwWhcNMjQwMzA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YmU3YWNhYWY2MjFlNmQ5NGI1ZTVjMWU1YmZlNmZlMzVl
MmQzMzBiYThmYWYxMWIzMzc2MDYwZjVmNTliMmU5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTcLfvVjEj4zj0rgthAQWk9pQQ5It7Ilo7wuycd5I6yeCv
ICjhMhGcOqIU6dkQZVKGKjvnRYGnqSVOCOAoxSzji5Xx26jempDlhhGBoLxIgD4r
5a7lxJwNglGb/n5o9XAFSYiivPQJwYftsB+bSw2aPWR9em0w0Q4qrwW9alfx7XxM
ZYLITmJ3js9Zw+Eq+GRBctZd68JCB7gkQ/yVl6Vz3HcgHkiQQgvz9fH8c6XpFWSS
Ec6nYecyVF9eFVxWIdlXE8Si+HZteYRvyIjAgkDcxrolIgIPVJUV18R3+BfHpgrJ
ZUMpU0z9qDkaUpxjrp4LW3nCsOWWoCr1kFtyba4vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaRPiTKwx+fOORXOUTPr2WC9FyrswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QzOGZhM2U3LTZhMGUtNGFlOC04MWUzLTgyN2FiNzIwYzhmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH/FwQ5DPY7ea/cYhWjo0kEdRZ/q
+4Z7BAqUXEjlsB+OMkBSpCRJzR7LuQWC4xWtuJ4Pckt2E+632qqJAYBo2N6SiYHn
Xxey9PzzIcy7kJ56RrNAIA6Mo4kdkWnydcE2FYRIvd9viW6eKOXWuuHv8j33O/6A
lmf4NB91JGaiZb1SH9T4AZnF7BiRYYwy6ubDacJPZUGy1bFnVF05WmLOWiukISYn
RzMrQhQ3MNXOwp6qWWerKmbugv7Cmt6jS0goXQJZsibP4QVbYiroV8qGvGUWrirg
UUaNBdPQHVkW5w8CLotAoibUe1XzU1BWKIB/iNINXcelzh7wgryxp5Cb4aU=
-----END CERTIFICATE-----