Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/df54866c-41e6-4218-a66a-24ea6255600c.roa
File:                     df54866c-41e6-4218-a66a-24ea6255600c.roa (raw, json)
Hash identifier:          f0vZsUuhhY8JpGNe8xkgBID3BQEDUDGXBN4Nr8glXcQ=
Subject key identifier:   8E:A3:F3:AA:CE:77:AA:2A:87:99:B5:F8:99:62:BE:8E:3F:D5:09:97
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5554A0B57A6C18CE55CDF3DF454719ADA1FE9D03
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/df54866c-41e6-4218-a66a-24ea6255600c.roa
Signing time:             Fri 06 Sep 2024 00:00:00 +0000
ROA not before:           Fri 06 Sep 2024 00:00:00 +0000
ROA not after:            Fri 11 Oct 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:54:a0:b5:7a:6c:18:ce:55:cd:f3:df:45:47:19:ad:a1:fe:9d:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  6 00:00:00 2024 GMT
            Not After : Oct 11 23:59:59 2024 GMT
        Subject: serialNumber=7b21d18ff08bca4450b6e7084c7de554d6e2498e6485b2d918a08fa20f99e6dd, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:44:b2:8e:3a:57:ef:db:3a:8d:11:b6:f8:82:
                    b5:5b:07:c5:10:0d:15:1a:6c:7b:4d:02:f9:b1:ed:
                    9d:d2:03:15:25:e4:de:43:3a:9b:45:06:80:bb:bf:
                    52:91:71:d8:8d:f1:70:f1:f9:e0:f0:a2:aa:a2:08:
                    c7:0d:51:18:04:cd:d5:7e:4b:e2:83:23:9a:d3:f0:
                    8d:7a:8a:ba:25:48:f1:e0:13:7c:40:8e:1c:46:dd:
                    01:21:8b:a5:b4:91:35:3f:d7:a4:49:98:36:ee:16:
                    ae:97:12:de:87:78:49:d0:cc:1b:22:f2:51:2a:d6:
                    36:c1:7d:9f:d7:f2:cb:fe:67:43:4c:8c:50:cc:e5:
                    d7:e5:6b:d5:d6:c6:64:7a:db:6c:73:99:07:f4:30:
                    0e:a8:fa:25:bf:46:b0:88:ab:6f:73:62:0c:8a:79:
                    83:96:3c:34:1a:13:15:f6:67:62:c7:8a:9b:d5:6a:
                    27:9f:3f:3b:f0:35:b6:07:15:9b:4e:4d:8d:f2:ef:
                    d4:7a:10:04:88:e9:a7:2d:78:d7:a3:b1:a5:5d:d7:
                    77:3b:e2:95:fa:cc:47:c0:8b:48:a5:0e:96:f9:e6:
                    92:ce:c3:5c:f6:5f:43:28:a7:ed:a3:68:3c:66:11:
                    0d:4e:34:85:19:23:b1:65:43:72:c4:83:5c:d9:cc:
                    10:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:A3:F3:AA:CE:77:AA:2A:87:99:B5:F8:99:62:BE:8E:3F:D5:09:97
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/df54866c-41e6-4218-a66a-24ea6255600c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:17:a8:d8:d3:6f:8e:12:ac:64:38:16:76:be:6e:21:23:0d:
         e3:52:78:ae:e8:4d:63:2b:1a:ad:93:ed:76:2d:c5:2e:c1:d1:
         d5:e5:1f:2f:99:cc:51:10:bd:2d:90:df:e8:f7:76:95:3b:c2:
         f0:a2:cf:a4:c1:a5:d1:50:dc:9f:65:d9:e6:61:cb:80:5f:a2:
         11:a7:8e:04:97:03:66:b6:b9:a3:f2:f2:1b:21:e0:46:4b:69:
         d4:6a:c1:ae:f3:fb:34:3e:1e:30:e9:88:2a:d0:39:d7:ef:a5:
         78:1b:5b:1b:16:f2:0b:c3:8d:86:87:20:1b:ae:ad:0e:1d:42:
         c9:eb:df:6d:46:b3:ae:c1:45:36:a1:e7:8c:6e:42:f5:17:0f:
         8c:57:a7:d0:9e:c5:5a:96:9a:5e:10:6f:1d:18:95:2c:25:2d:
         08:20:6d:eb:20:63:f0:48:38:53:ae:4d:03:fe:f5:56:75:3e:
         3f:f2:01:d1:89:2b:9a:44:f0:80:96:31:a6:26:fb:43:0d:9d:
         cc:17:1b:3f:85:c8:ef:c0:b5:1c:55:3b:3f:27:0c:d3:21:e2:
         75:17:ad:e4:a4:4d:e2:32:18:07:60:b3:52:a9:f6:61:f6:8f:
         b0:64:be:84:a8:54:2f:0b:42:38:d8:98:96:22:e6:c8:07:3a:
         5d:35:3a:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVVSgtXpsGM5VzfPfRUcZraH+nQMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwOTA2MDAwMDAwWhcNMjQxMDExMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YjIxZDE4ZmYwOGJjYTQ0NTBiNmU3MDg0YzdkZTU1NGQ2
ZTI0OThlNjQ4NWIyZDkxOGEwOGZhMjBmOTllNmRkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcRLKOOlfv2zqNEbb4grVbB8UQDRUabHtNAvmx7Z3SAxUl
5N5DOptFBoC7v1KRcdiN8XDx+eDwoqqiCMcNURgEzdV+S+KDI5rT8I16irolSPHg
E3xAjhxG3QEhi6W0kTU/16RJmDbuFq6XEt6HeEnQzBsi8lEq1jbBfZ/X8sv+Z0NM
jFDM5dfla9XWxmR622xzmQf0MA6o+iW/RrCIq29zYgyKeYOWPDQaExX2Z2LHipvV
aiefPzvwNbYHFZtOTY3y79R6EASI6acteNejsaVd13c74pX6zEfAi0ilDpb55pLO
w1z2X0Mop+2jaDxmEQ1ONIUZI7FlQ3LEg1zZzBDTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjqPzqs53qiqHmbX4mWK+jj/VCZcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RmNTQ4NjZjLTQxZTYtNDIxOC1hNjZhLTI0ZWE2MjU1NjAwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG0XqNjTb44SrGQ4Fna+biEjDeNS
eK7oTWMrGq2T7XYtxS7B0dXlHy+ZzFEQvS2Q3+j3dpU7wvCiz6TBpdFQ3J9l2eZh
y4BfohGnjgSXA2a2uaPy8hsh4EZLadRqwa7z+zQ+HjDpiCrQOdfvpXgbWxsW8gvD
jYaHIBuurQ4dQsnr321Gs67BRTah54xuQvUXD4xXp9CexVqWml4Qbx0YlSwlLQgg
besgY/BIOFOuTQP+9VZ1Pj/yAdGJK5pE8ICWMaYm+0MNncwXGz+FyO/AtRxVOz8n
DNMh4nUXreSkTeIyGAdgs1Kp9mH2j7BkvoSoVC8LQjjYmJYi5sgHOl01Olc=
-----END CERTIFICATE-----