Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dae77856-de2c-40b8-8aa7-90e550615e02.roa
File:                     dae77856-de2c-40b8-8aa7-90e550615e02.roa (raw, json)
Hash identifier:          80FgLFNKbAyAqk9+W/JAM6ZjBiJ7c0CaRS7sh9ZdrPc=
Subject key identifier:   92:82:64:57:31:18:17:78:74:7D:94:68:AB:9B:71:54:D8:52:E2:05
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6F2545D307FC5EB4A011ADCBBF4D273849F53390
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dae77856-de2c-40b8-8aa7-90e550615e02.roa
Signing time:             Sun 21 Jan 2024 00:00:00 +0000
ROA not before:           Sun 21 Jan 2024 00:00:00 +0000
ROA not after:            Sun 25 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:25:45:d3:07:fc:5e:b4:a0:11:ad:cb:bf:4d:27:38:49:f5:33:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 21 00:00:00 2024 GMT
            Not After : Feb 25 23:59:59 2024 GMT
        Subject: serialNumber=130bb1bae62693c6606f6daf2d7bd64d3ef54531d937fe59197d4fb32d3efacc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:58:07:02:55:8d:0e:9a:4b:d9:ea:21:f1:2b:
                    69:a4:9c:1c:94:cf:50:d1:61:02:8b:5a:73:37:fb:
                    61:4e:12:83:e4:e1:59:c4:56:4c:5d:64:5b:eb:46:
                    1f:73:65:ad:73:2e:68:cb:5f:bb:33:e1:20:48:2d:
                    35:10:2f:2c:48:54:d8:ca:79:82:5e:b0:4d:7c:91:
                    0a:51:ec:41:04:00:0b:19:e4:19:63:06:7f:76:53:
                    00:9a:d4:f9:ff:c2:1c:3c:b0:00:01:17:27:dd:d9:
                    1f:e2:af:7e:f3:71:ae:69:1e:aa:dd:ec:6f:cb:2a:
                    61:0f:26:ec:f2:63:6c:df:1e:96:67:ad:6a:a4:22:
                    62:1a:61:5c:24:86:cb:43:d9:a4:6b:03:9b:ee:e2:
                    c5:22:02:82:df:ae:6e:cf:79:f8:12:d5:a0:01:30:
                    30:e8:e5:2f:93:c7:11:23:8c:09:36:8d:c9:b2:c3:
                    4a:cc:14:13:09:a8:40:70:24:66:58:2f:0b:62:c5:
                    30:c6:10:c2:5a:b6:f9:f0:57:b9:0e:7b:09:5e:e5:
                    32:11:30:2c:23:20:11:32:fe:65:9f:73:79:fc:17:
                    1c:ed:d7:1e:dc:0b:5a:c7:98:6b:58:7a:d0:34:c3:
                    f5:17:f3:55:0d:93:cd:45:ee:33:84:b4:9c:91:3e:
                    03:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:82:64:57:31:18:17:78:74:7D:94:68:AB:9B:71:54:D8:52:E2:05
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dae77856-de2c-40b8-8aa7-90e550615e02.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:79:f5:eb:a0:03:32:4c:cb:41:51:e6:83:06:4a:45:f3:d0:
         f5:f5:0e:83:d5:3d:5e:52:a1:2d:34:82:a9:2b:2d:7c:91:dc:
         d6:2c:84:5e:3a:5c:10:8b:ab:6a:7c:f0:ac:fe:d2:04:a1:56:
         f5:d6:c8:df:ef:20:09:7e:8b:3e:cf:58:c2:6f:bf:43:f9:5c:
         11:2d:5a:fc:63:72:a9:fe:ae:c3:cb:0a:e6:f0:68:db:9e:fb:
         c6:02:43:68:83:d9:78:b3:55:03:c8:f8:2a:1c:3f:d5:ad:a9:
         fd:15:15:f7:20:d5:f6:f2:91:ad:39:a6:b9:cb:f2:7f:7b:69:
         0a:da:ed:7f:d7:09:da:db:86:7f:28:df:0c:0f:2d:2d:97:15:
         de:b3:04:d9:d7:4b:c5:7e:3f:44:ef:0c:b2:98:1d:2b:5d:50:
         1d:a7:b2:be:a1:e2:9e:c3:f6:28:4a:d5:b5:ba:ec:1c:d7:56:
         4f:5d:2c:82:29:cc:c1:64:a9:05:fa:d7:83:6a:f0:ff:8e:f6:
         bf:6c:0a:fe:7c:24:aa:1c:20:16:18:9e:f4:c6:12:55:9f:43:
         ae:74:06:5c:4e:fc:a5:ea:f2:3e:c8:47:2b:fe:ad:b8:7d:08:
         fd:56:60:0d:60:28:0a:4a:55:d0:46:88:a7:cb:d8:c1:1e:7f:
         52:0e:cd:94
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbyVF0wf8XrSgEa3Lv00nOEn1M5AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTIxMDAwMDAwWhcNMjQwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzBiYjFiYWU2MjY5M2M2NjA2ZjZkYWYyZDdiZDY0ZDNl
ZjU0NTMxZDkzN2ZlNTkxOTdkNGZiMzJkM2VmYWNjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrWAcCVY0OmkvZ6iHxK2mknByUz1DRYQKLWnM3+2FOEoPk
4VnEVkxdZFvrRh9zZa1zLmjLX7sz4SBILTUQLyxIVNjKeYJesE18kQpR7EEEAAsZ
5BljBn92UwCa1Pn/whw8sAABFyfd2R/ir37zca5pHqrd7G/LKmEPJuzyY2zfHpZn
rWqkImIaYVwkhstD2aRrA5vu4sUiAoLfrm7PefgS1aABMDDo5S+TxxEjjAk2jcmy
w0rMFBMJqEBwJGZYLwtixTDGEMJatvnwV7kOewle5TIRMCwjIBEy/mWfc3n8Fxzt
1x7cC1rHmGtYetA0w/UX81UNk81F7jOEtJyRPgO3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkoJkVzEYF3h0fZRoq5txVNhS4gUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RhZTc3ODU2LWRlMmMtNDBiOC04YWE3LTkwZTU1MDYxNWUwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABJ59eugAzJMy0FR5oMGSkXz0PX1
DoPVPV5SoS00gqkrLXyR3NYshF46XBCLq2p88Kz+0gShVvXWyN/vIAl+iz7PWMJv
v0P5XBEtWvxjcqn+rsPLCubwaNue+8YCQ2iD2XizVQPI+CocP9Wtqf0VFfcg1fby
ka05prnL8n97aQra7X/XCdrbhn8o3wwPLS2XFd6zBNnXS8V+P0TvDLKYHStdUB2n
sr6h4p7D9ihK1bW67BzXVk9dLIIpzMFkqQX614Nq8P+O9r9sCv58JKocIBYYnvTG
ElWfQ650BlxO/KXq8j7IRyv+rbh9CP1WYA1gKApKVdBGiKfL2MEef1IOzZQ=
-----END CERTIFICATE-----