Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdbef81-48c1-4299-90c4-c51667c052a0.roa
File:                     dcdbef81-48c1-4299-90c4-c51667c052a0.roa (raw, json)
Hash identifier:          lECXp3d/GwZiNyUKorYTwqxCZYhlsz4HDQFJpcuVZcY=
Subject key identifier:   66:D0:BD:79:0D:06:22:89:C5:8B:AF:1F:A9:64:20:3A:6C:38:94:A3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       36175DD4B9D2BBA443D45C61211EE9BAA52C490C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdbef81-48c1-4299-90c4-c51667c052a0.roa
Signing time:             Thu 07 Nov 2024 00:00:00 +0000
ROA not before:           Thu 07 Nov 2024 00:00:00 +0000
ROA not after:            Thu 12 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:17:5d:d4:b9:d2:bb:a4:43:d4:5c:61:21:1e:e9:ba:a5:2c:49:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  7 00:00:00 2024 GMT
            Not After : Dec 12 23:59:59 2024 GMT
        Subject: serialNumber=b6a976726bf47e09e611f957ec0dd3ee0ae6ec58f0fbb67b295fdbabca1703f5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:63:82:37:6c:f3:80:b7:2e:cc:8b:74:9d:26:
                    69:bc:1c:f3:9f:56:71:28:bc:78:ba:66:65:f2:50:
                    56:7c:22:4a:27:0d:1e:69:4b:68:47:6e:b1:9e:6b:
                    88:f8:c5:4e:56:1f:e1:b6:ca:ac:9d:d0:d0:3c:a3:
                    55:1e:ee:ec:45:d7:17:22:d8:3e:88:67:e3:f3:5e:
                    01:82:76:ce:e4:36:0b:ad:25:07:c6:6b:07:79:54:
                    0f:07:ac:85:d3:15:95:00:6c:4a:30:27:53:a9:5e:
                    c0:1b:20:a7:db:63:c2:57:6c:cb:3f:f0:a0:19:80:
                    86:d8:57:6b:f7:ee:66:fc:08:96:8e:18:41:fa:ed:
                    6f:ae:25:3f:b1:e3:01:e3:31:23:c9:ab:79:d2:aa:
                    b3:8d:74:4e:e5:8e:05:2e:5e:6c:55:a5:5d:e9:35:
                    05:62:50:4e:27:23:e5:9a:2a:10:97:65:c3:76:a0:
                    b4:56:ed:c8:e5:e2:16:33:99:d0:f9:08:dc:fe:ff:
                    68:f8:b6:71:27:fa:06:18:10:d7:6f:6c:e1:72:65:
                    c5:f1:5d:f8:04:63:e2:bd:c1:a0:8d:e0:02:ac:75:
                    dd:14:29:14:a9:aa:70:87:7b:71:8d:c8:ef:2c:a7:
                    5f:61:99:11:b7:5e:fa:c7:d1:a4:10:c0:75:8e:2b:
                    fd:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D0:BD:79:0D:06:22:89:C5:8B:AF:1F:A9:64:20:3A:6C:38:94:A3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdbef81-48c1-4299-90c4-c51667c052a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:d8:ae:6c:43:2f:69:88:d0:60:fe:c3:c6:f0:9c:77:d1:ed:
         19:37:bb:ad:29:5b:1f:4a:b5:3f:ee:73:27:6a:97:0c:68:1c:
         f8:01:29:2a:36:32:67:ae:24:dd:f7:47:e9:dd:8e:5d:6e:34:
         73:2c:e9:57:2d:32:b9:58:13:f7:e7:9d:d5:01:2c:94:c2:ed:
         38:0f:37:40:c4:d6:c1:11:4e:12:74:f5:34:af:84:f3:86:83:
         9c:e3:9a:fd:76:9d:b0:13:fe:a7:75:a4:db:d8:74:76:e6:6f:
         54:c4:39:a8:1b:91:2a:86:7e:ac:04:07:95:cd:7a:04:47:d7:
         99:31:ff:d9:97:c8:35:2f:9a:92:4b:5e:74:fa:f4:bb:f8:da:
         9e:0b:32:39:14:54:e5:db:12:df:a6:77:f4:57:d8:e8:d2:d3:
         36:26:39:37:0a:74:89:b0:93:07:e9:85:98:79:4a:84:7c:a2:
         02:f5:29:ab:6d:15:cb:be:c4:8f:b3:3f:bd:0a:50:61:55:c8:
         00:f3:d5:88:8f:21:84:f8:9c:4e:62:eb:b8:ad:ff:47:56:6c:
         33:e4:f6:43:59:7c:ba:2d:23:3f:b4:1a:6b:36:26:d6:b7:04:
         5c:db:a4:5e:ac:19:d8:8e:5e:1a:19:f7:db:43:c4:a3:1d:f8:
         13:52:fa:d7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNhdd1LnSu6RD1FxhIR7puqUsSQwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTA3MDAwMDAwWhcNMjQxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNmE5NzY3MjZiZjQ3ZTA5ZTYxMWY5NTdlYzBkZDNlZTBh
ZTZlYzU4ZjBmYmI2N2IyOTVmZGJhYmNhMTcwM2Y1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5Y4I3bPOAty7Mi3SdJmm8HPOfVnEovHi6ZmXyUFZ8Ikon
DR5pS2hHbrGea4j4xU5WH+G2yqyd0NA8o1Ue7uxF1xci2D6IZ+PzXgGCds7kNgut
JQfGawd5VA8HrIXTFZUAbEowJ1OpXsAbIKfbY8JXbMs/8KAZgIbYV2v37mb8CJaO
GEH67W+uJT+x4wHjMSPJq3nSqrONdE7ljgUuXmxVpV3pNQViUE4nI+WaKhCXZcN2
oLRW7cjl4hYzmdD5CNz+/2j4tnEn+gYYENdvbOFyZcXxXfgEY+K9waCN4AKsdd0U
KRSpqnCHe3GNyO8sp19hmRG3XvrH0aQQwHWOK/2hAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZtC9eQ0GIonFi68fqWQgOmw4lKMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RjZGJlZjgxLTQ4YzEtNDI5OS05MGM0LWM1MTY2N2MwNTJhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABfYrmxDL2mI0GD+w8bwnHfR7Rk3
u60pWx9KtT/ucydqlwxoHPgBKSo2MmeuJN33R+ndjl1uNHMs6VctMrlYE/fnndUB
LJTC7TgPN0DE1sERThJ09TSvhPOGg5zjmv12nbAT/qd1pNvYdHbmb1TEOagbkSqG
fqwEB5XNegRH15kx/9mXyDUvmpJLXnT69Lv42p4LMjkUVOXbEt+md/RX2OjS0zYm
OTcKdImwkwfphZh5SoR8ogL1KattFcu+xI+zP70KUGFVyADz1YiPIYT4nE5i67it
/0dWbDPk9kNZfLotIz+0Gms2Jta3BFzbpF6sGdiOXhoZ99tDxKMd+BNS+tc=
-----END CERTIFICATE-----