Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8613fae-6914-47df-a629-e710deff2193.roa
File:                     d8613fae-6914-47df-a629-e710deff2193.roa (raw, json)
Hash identifier:          6JluE489KYFjIYZGLhwLZlrAOmpUjWJXe1A7M3+Vc1Y=
Subject key identifier:   0A:D1:4B:8C:60:C9:95:D7:76:7B:A0:59:3E:97:94:49:43:8A:AD:74
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       24DD26AF533C4C3D9C0237932CFDE0BE521EC25E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8613fae-6914-47df-a629-e710deff2193.roa
Signing time:             Mon 25 Dec 2023 00:00:00 +0000
ROA not before:           Mon 25 Dec 2023 00:00:00 +0000
ROA not after:            Mon 29 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:dd:26:af:53:3c:4c:3d:9c:02:37:93:2c:fd:e0:be:52:1e:c2:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 25 00:00:00 2023 GMT
            Not After : Jan 29 23:59:59 2024 GMT
        Subject: serialNumber=51ee799c4c9e67c0e1a67d4bf6ed3028e019a4cd1552e5ad55818bcb359f8f69, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5d:5b:2a:49:e4:db:0e:2d:6e:93:ab:d8:b4:
                    8f:fb:d2:9c:79:ce:4c:ca:1b:53:66:cf:f0:94:bf:
                    2c:a2:1c:75:64:a5:0e:ea:62:c3:70:a3:0d:fd:6a:
                    c8:1e:30:d2:2b:c2:42:64:94:67:97:2b:87:fe:07:
                    e0:9c:05:17:f1:ec:8e:d9:cf:a3:d1:50:c6:0c:97:
                    eb:82:fd:43:1d:9c:83:8a:80:f5:0f:06:fc:ca:88:
                    51:92:2b:86:48:51:16:58:ea:e1:0c:9e:53:8c:15:
                    96:b4:5d:c2:6d:18:fe:9d:4e:af:f0:90:4b:85:4e:
                    c5:8f:b5:a1:6f:74:e8:88:53:a6:51:42:9f:58:e4:
                    1c:34:49:1d:cf:f6:08:68:6b:96:5e:ad:5b:6e:1a:
                    ed:b3:a3:0c:1d:56:46:a0:f9:6f:59:42:46:39:82:
                    eb:bd:f1:c4:08:e4:4b:57:9a:7d:6c:a4:8a:28:6c:
                    3e:21:6f:27:50:e0:4d:65:61:7f:47:29:05:af:cb:
                    54:62:26:f2:16:d1:72:82:e3:3e:ec:9f:06:c5:cd:
                    2d:6a:e1:89:e7:fc:0e:9a:27:f0:c6:59:dc:a1:a0:
                    05:f6:c0:58:3e:a0:f5:47:94:92:2c:ae:97:7e:12:
                    c9:da:40:a7:c8:a2:f3:a4:a0:58:49:35:7c:df:44:
                    2f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:D1:4B:8C:60:C9:95:D7:76:7B:A0:59:3E:97:94:49:43:8A:AD:74
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8613fae-6914-47df-a629-e710deff2193.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:56:b8:de:a6:c3:7e:c4:37:97:7b:aa:88:93:6d:1b:22:2b:
         48:40:00:b9:4a:96:b8:87:f6:dd:c9:c5:f5:fc:53:d3:b4:9f:
         07:5b:18:bd:4d:a6:4c:0e:b4:9c:3e:16:e5:df:0a:7a:9e:90:
         06:dd:a2:9a:f4:87:5c:3f:37:6d:90:9c:23:6d:65:8a:2a:1d:
         e2:da:51:3d:c1:38:33:dc:df:94:d0:51:85:c2:41:d0:2f:0c:
         90:e5:1a:06:fb:7f:c6:89:17:78:2c:26:6d:3a:df:72:27:3c:
         54:3c:61:fd:6a:48:2b:30:0d:70:db:2c:71:6f:55:93:06:97:
         3f:ff:ac:e5:24:0a:0f:b6:9a:32:80:38:c4:28:7e:3b:f8:4c:
         f7:a6:57:b2:3f:49:32:91:b7:40:22:fc:df:03:57:96:18:5f:
         4e:27:0a:41:cb:34:fd:e0:35:30:7f:90:67:76:fe:f9:fb:df:
         3d:0a:22:a6:80:60:b9:a0:7d:99:c5:5d:7b:0e:fb:b8:b6:af:
         73:9c:b1:50:d1:38:79:48:9c:d4:8b:10:8f:47:1a:9a:2f:dd:
         80:d7:c8:c7:90:a2:8d:6e:06:55:40:26:86:aa:1e:f6:54:68:
         45:8e:f7:83:84:cc:80:ff:f8:1a:b3:c2:d5:66:fd:7c:db:f0:
         18:3c:00:c1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJN0mr1M8TD2cAjeTLP3gvlIewl4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjI1MDAwMDAwWhcNMjQwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MWVlNzk5YzRjOWU2N2MwZTFhNjdkNGJmNmVkMzAyOGUw
MTlhNGNkMTU1MmU1YWQ1NTgxOGJjYjM1OWY4ZjY5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChXVsqSeTbDi1uk6vYtI/70px5zkzKG1Nmz/CUvyyiHHVk
pQ7qYsNwow39asgeMNIrwkJklGeXK4f+B+CcBRfx7I7Zz6PRUMYMl+uC/UMdnIOK
gPUPBvzKiFGSK4ZIURZY6uEMnlOMFZa0XcJtGP6dTq/wkEuFTsWPtaFvdOiIU6ZR
Qp9Y5Bw0SR3P9ghoa5ZerVtuGu2zowwdVkag+W9ZQkY5guu98cQI5EtXmn1spIoo
bD4hbydQ4E1lYX9HKQWvy1RiJvIW0XKC4z7snwbFzS1q4Ynn/A6aJ/DGWdyhoAX2
wFg+oPVHlJIsrpd+EsnaQKfIovOkoFhJNXzfRC/1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCtFLjGDJldd2e6BZPpeUSUOKrXQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q4NjEzZmFlLTY5MTQtNDdkZi1hNjI5LWU3MTBkZWZmMjE5My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEBWuN6mw37EN5d7qoiTbRsiK0hA
ALlKlriH9t3JxfX8U9O0nwdbGL1NpkwOtJw+FuXfCnqekAbdopr0h1w/N22QnCNt
ZYoqHeLaUT3BODPc35TQUYXCQdAvDJDlGgb7f8aJF3gsJm0633InPFQ8Yf1qSCsw
DXDbLHFvVZMGlz//rOUkCg+2mjKAOMQofjv4TPemV7I/STKRt0Ai/N8DV5YYX04n
CkHLNP3gNTB/kGd2/vn73z0KIqaAYLmgfZnFXXsO+7i2r3OcsVDROHlInNSLEI9H
Gpov3YDXyMeQoo1uBlVAJoaqHvZUaEWO94OEzID/+BqzwtVm/Xzb8Bg8AME=
-----END CERTIFICATE-----