Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d4729502-ae82-460e-b5e3-731c19a1af49.roa
File:                     d4729502-ae82-460e-b5e3-731c19a1af49.roa (raw, json)
Hash identifier:          xsP8XXEcV98n8/dFckgR9U4bOiuqI6eLlZVP4k9ckOM=
Subject key identifier:   0B:CB:CE:B3:80:38:39:4F:96:2A:38:5D:26:A2:CD:50:91:A8:FA:7D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0FB14111485474DA7B40C48629035FAFF4680ED8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d4729502-ae82-460e-b5e3-731c19a1af49.roa
Signing time:             Wed 16 Oct 2024 00:00:00 +0000
ROA not before:           Wed 16 Oct 2024 00:00:00 +0000
ROA not after:            Wed 20 Nov 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:b1:41:11:48:54:74:da:7b:40:c4:86:29:03:5f:af:f4:68:0e:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 16 00:00:00 2024 GMT
            Not After : Nov 20 23:59:59 2024 GMT
        Subject: serialNumber=41cf9a4012b9715916222ff5c3cbab306c1a1123a336139017576281147e7436, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ca:71:e0:10:4b:45:57:8b:0a:2a:14:1d:6d:
                    82:c3:46:88:42:b1:2f:38:29:d6:91:d1:ed:a8:79:
                    b9:ee:93:a1:0d:e6:06:c9:09:99:e6:52:43:9b:26:
                    3e:16:d1:55:c6:94:33:bf:67:6b:33:39:69:9e:65:
                    51:ba:7e:4c:98:82:2a:af:20:ab:61:f0:9f:3e:42:
                    a5:19:6c:e9:d8:5d:de:a0:d5:32:1b:9a:15:7f:ea:
                    2d:74:73:2a:71:18:4f:83:cf:4a:06:7a:7c:ae:8e:
                    7d:78:a9:b5:a1:c9:dd:d4:be:64:e6:67:2a:da:09:
                    dd:ed:d4:25:11:e7:32:84:ec:09:5d:49:2d:d2:71:
                    ba:c8:7c:e9:92:6b:74:78:67:03:d8:ef:d0:f5:a6:
                    46:48:6e:d1:69:32:b3:39:a7:fa:66:a8:a7:39:29:
                    c7:46:c9:ef:4c:d1:c6:ce:0d:e5:70:73:4c:be:ad:
                    6a:ce:b0:b9:27:fa:77:2d:17:da:40:79:c1:8d:13:
                    bf:85:aa:39:5c:e9:19:c2:9f:97:4c:d3:a4:7c:c4:
                    ad:cf:6c:59:fd:c7:87:05:3d:db:06:ce:97:f6:04:
                    ef:fc:bc:a0:53:b7:b9:84:f7:70:35:41:be:e4:7d:
                    ff:e9:6b:cb:d2:d2:a9:ae:2c:52:d7:fa:09:9e:22:
                    cd:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:CB:CE:B3:80:38:39:4F:96:2A:38:5D:26:A2:CD:50:91:A8:FA:7D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d4729502-ae82-460e-b5e3-731c19a1af49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:cb:70:96:25:76:d2:94:4d:2d:89:dc:3d:9c:2e:d3:ff:d1:
         f5:19:0a:47:f2:01:0f:c8:55:d3:d3:f4:07:fc:ed:48:8e:68:
         c4:b9:bb:61:19:ce:5f:7b:89:45:da:4c:4d:4d:de:3e:f0:c9:
         56:52:24:3e:fa:59:86:de:16:5a:4b:57:c9:65:9e:7f:ee:cd:
         ea:4d:65:c1:7f:8f:d2:7a:8c:ad:5a:53:75:10:99:87:e5:ea:
         b2:9b:f7:b0:e3:b0:fe:ab:a6:31:79:1b:8a:90:c4:41:0a:d3:
         88:c0:7c:c6:5f:15:ff:c6:4b:fd:c5:80:42:19:ed:74:e0:3d:
         00:45:cd:1a:6d:87:54:7c:92:01:76:8f:75:c3:76:04:6f:36:
         ef:e8:e7:4a:e4:86:4b:70:ad:72:ff:50:fe:40:60:7d:bf:4a:
         0f:8b:c7:0f:ce:e9:ee:21:8f:bc:fc:ab:8d:0d:99:05:c8:5e:
         88:8b:60:fb:15:e9:68:c9:4a:cd:bf:6d:d8:ca:f0:1c:be:d7:
         88:d8:b0:d9:95:c8:c6:bd:dd:fa:a2:a8:de:34:12:09:12:35:
         0a:b9:8e:6d:eb:67:61:d6:78:b0:c7:37:52:cc:21:24:a5:8f:
         05:df:4a:e3:4f:47:ab:b5:cd:55:ed:e7:9e:7f:d2:c9:1f:ea:
         bb:c7:32:02
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD7FBEUhUdNp7QMSGKQNfr/RoDtgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDE2MDAwMDAwWhcNMjQxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MWNmOWE0MDEyYjk3MTU5MTYyMjJmZjVjM2NiYWIzMDZj
MWExMTIzYTMzNjEzOTAxNzU3NjI4MTE0N2U3NDM2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYynHgEEtFV4sKKhQdbYLDRohCsS84KdaR0e2oebnuk6EN
5gbJCZnmUkObJj4W0VXGlDO/Z2szOWmeZVG6fkyYgiqvIKth8J8+QqUZbOnYXd6g
1TIbmhV/6i10cypxGE+Dz0oGenyujn14qbWhyd3UvmTmZyraCd3t1CUR5zKE7Ald
SS3ScbrIfOmSa3R4ZwPY79D1pkZIbtFpMrM5p/pmqKc5KcdGye9M0cbODeVwc0y+
rWrOsLkn+nctF9pAecGNE7+Fqjlc6RnCn5dM06R8xK3PbFn9x4cFPdsGzpf2BO/8
vKBTt7mE93A1Qb7kff/pa8vS0qmuLFLX+gmeIs2lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUC8vOs4A4OU+WKjhdJqLNUJGo+n0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q0NzI5NTAyLWFlODItNDYwZS1iNWUzLTczMWMxOWExYWY0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIvLcJYldtKUTS2J3D2cLtP/0fUZ
CkfyAQ/IVdPT9Af87UiOaMS5u2EZzl97iUXaTE1N3j7wyVZSJD76WYbeFlpLV8ll
nn/uzepNZcF/j9J6jK1aU3UQmYfl6rKb97DjsP6rpjF5G4qQxEEK04jAfMZfFf/G
S/3FgEIZ7XTgPQBFzRpth1R8kgF2j3XDdgRvNu/o50rkhktwrXL/UP5AYH2/Sg+L
xw/O6e4hj7z8q40NmQXIXoiLYPsV6WjJSs2/bdjK8By+14jYsNmVyMa93fqiqN40
EgkSNQq5jm3rZ2HWeLDHN1LMISSljwXfSuNPR6u1zVXt555/0skf6rvHMgI=
-----END CERTIFICATE-----