Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d9570ca9-60e3-43ec-b86b-ef15756517f0.roa
File:                     d9570ca9-60e3-43ec-b86b-ef15756517f0.roa (raw, json)
Hash identifier:          XY451qX4dMCw4/euAkcLqaklCifO0zqdSqau4nj3zD8=
Subject key identifier:   57:C6:7D:A7:86:C8:BB:37:FF:96:7E:D4:86:B9:47:A0:91:1C:62:54
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       233AF56F66356848AB2CCDA0DB3E0683904C6037
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d9570ca9-60e3-43ec-b86b-ef15756517f0.roa
Signing time:             Tue 26 Nov 2024 00:00:00 +0000
ROA not before:           Tue 26 Nov 2024 00:00:00 +0000
ROA not after:            Tue 31 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:3a:f5:6f:66:35:68:48:ab:2c:cd:a0:db:3e:06:83:90:4c:60:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 26 00:00:00 2024 GMT
            Not After : Dec 31 23:59:59 2024 GMT
        Subject: serialNumber=78ce08e0e41933e5e93d5f8287e24e52fb141c26f74f7ee59a7165aca43531d8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:35:27:db:94:85:69:be:c4:ef:b9:06:9c:f9:
                    40:be:6b:dd:71:5c:b8:1b:df:cf:a7:3e:8d:26:15:
                    63:de:33:0d:b0:04:fc:55:57:82:63:04:b3:d9:72:
                    08:6c:a9:0d:18:72:41:55:ab:78:43:74:9e:33:b9:
                    7a:23:9b:6a:62:c0:6e:1c:53:a2:2a:2d:c8:eb:be:
                    79:65:a4:a7:67:8f:61:b4:1c:3d:de:79:17:f5:ff:
                    8e:db:3e:22:a2:47:9b:9d:0d:00:b9:76:67:94:3b:
                    83:3f:f9:63:71:b8:5c:0b:96:9c:8d:66:0c:37:cc:
                    70:54:22:22:7e:0e:30:f6:bc:e8:ce:66:98:e7:e3:
                    72:0c:39:69:3a:72:35:31:28:d6:2f:23:22:22:88:
                    3b:29:16:be:18:03:a4:fc:eb:b7:28:63:5f:eb:67:
                    e6:4d:88:b4:87:98:af:f7:30:0c:bf:84:30:86:49:
                    4b:0d:e2:1a:14:b0:6d:36:05:24:65:e2:11:1a:ad:
                    93:55:a8:82:13:52:8b:99:14:5c:5f:38:4f:03:9d:
                    ab:6a:a9:31:7b:23:f0:66:20:85:ec:a3:b7:4c:5a:
                    12:8c:91:b7:fd:f4:27:1b:f2:61:7c:59:e2:8b:b8:
                    1c:1a:6a:5f:7a:9e:6f:b0:77:27:94:27:4b:78:7e:
                    d3:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:C6:7D:A7:86:C8:BB:37:FF:96:7E:D4:86:B9:47:A0:91:1C:62:54
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d9570ca9-60e3-43ec-b86b-ef15756517f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:c7:37:3b:3e:27:4d:3d:d6:9e:b6:63:cd:02:37:85:92:b0:
         1d:1c:cf:fb:8a:3e:60:7f:d4:14:91:6a:65:44:48:32:36:78:
         c4:fa:78:74:87:64:33:ae:db:84:26:db:12:de:f3:f0:69:c5:
         a7:13:4d:c8:49:f4:ff:40:19:b3:f9:55:58:c3:5b:fa:82:b2:
         67:48:71:a9:6e:dd:02:54:45:00:a3:6a:2d:ae:d4:b0:85:f9:
         20:ac:50:b0:66:88:b4:8f:33:11:6d:9a:01:7d:6f:b3:58:8a:
         8c:30:fa:3e:da:db:a8:a2:2a:ca:bc:2a:08:fe:9a:38:26:1c:
         bb:9f:ad:aa:99:22:14:5f:70:a7:fd:30:6b:ce:0a:19:a9:32:
         67:87:65:ef:94:7d:09:13:0b:94:5e:03:a3:24:5e:8a:ae:42:
         0a:52:16:c4:13:a7:5d:1b:0b:85:3a:8b:ec:8e:6c:a2:eb:68:
         0b:02:4a:a3:e7:21:89:32:56:53:76:40:03:64:a8:69:99:ff:
         8d:20:4b:04:dc:74:0d:31:34:4a:40:5b:3e:d0:41:20:5d:e6:
         cc:57:58:8e:81:41:72:8e:35:7f:bf:8d:af:97:75:ef:9e:76:
         8a:5c:0b:e9:ad:d2:4e:82:46:14:53:c9:ea:92:59:b9:93:ee:
         d3:d5:e8:bf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIzr1b2Y1aEirLM2g2z4Gg5BMYDcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTI2MDAwMDAwWhcNMjQxMjMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3OGNlMDhlMGU0MTkzM2U1ZTkzZDVmODI4N2UyNGU1MmZi
MTQxYzI2Zjc0ZjdlZTU5YTcxNjVhY2E0MzUzMWQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClNSfblIVpvsTvuQac+UC+a91xXLgb38+nPo0mFWPeMw2w
BPxVV4JjBLPZcghsqQ0YckFVq3hDdJ4zuXojm2piwG4cU6IqLcjrvnllpKdnj2G0
HD3eeRf1/47bPiKiR5udDQC5dmeUO4M/+WNxuFwLlpyNZgw3zHBUIiJ+DjD2vOjO
Zpjn43IMOWk6cjUxKNYvIyIiiDspFr4YA6T867coY1/rZ+ZNiLSHmK/3MAy/hDCG
SUsN4hoUsG02BSRl4hEarZNVqIITUouZFFxfOE8DnatqqTF7I/BmIIXso7dMWhKM
kbf99Ccb8mF8WeKLuBwaal96nm+wdyeUJ0t4ftOfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV8Z9p4bIuzf/ln7UhrlHoJEcYlQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q5NTcwY2E5LTYwZTMtNDNlYy1iODZiLWVmMTU3NTY1MTdmMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJrHNzs+J0091p62Y80CN4WSsB0c
z/uKPmB/1BSRamVESDI2eMT6eHSHZDOu24Qm2xLe8/BpxacTTchJ9P9AGbP5VVjD
W/qCsmdIcalu3QJURQCjai2u1LCF+SCsULBmiLSPMxFtmgF9b7NYioww+j7a26ii
Ksq8Kgj+mjgmHLufraqZIhRfcKf9MGvOChmpMmeHZe+UfQkTC5ReA6MkXoquQgpS
FsQTp10bC4U6i+yObKLraAsCSqPnIYkyVlN2QANkqGmZ/40gSwTcdA0xNEpAWz7Q
QSBd5sxXWI6BQXKONX+/ja+Xde+edopcC+mt0k6CRhRTyeqSWbmT7tPV6L8=
-----END CERTIFICATE-----