Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e1db80cb-b85b-4876-a160-00c3f53033a0.roa
File:                     e1db80cb-b85b-4876-a160-00c3f53033a0.roa (raw, json)
Hash identifier:          THcBlYJEacx/Sbu9TGLaDh2yBG69JMsobvGW4t0iDJ8=
Subject key identifier:   13:0C:0E:F4:AE:D3:17:B4:81:2B:AE:C0:DE:C3:E1:F2:A1:DA:19:B3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3B5621D0CEAE52C7DB8DD95E0E61489925A0B341
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e1db80cb-b85b-4876-a160-00c3f53033a0.roa
Signing time:             Sun 07 Jan 2024 00:00:00 +0000
ROA not before:           Sun 07 Jan 2024 00:00:00 +0000
ROA not after:            Sun 11 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:56:21:d0:ce:ae:52:c7:db:8d:d9:5e:0e:61:48:99:25:a0:b3:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan  7 00:00:00 2024 GMT
            Not After : Feb 11 23:59:59 2024 GMT
        Subject: serialNumber=0100f6c4b0be0ac4ee1d1682f4f46db86f9c6660301239e0816244ca46821804, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2e:23:dc:3c:9e:25:d9:fa:24:93:8f:5f:8c:
                    84:49:3c:59:7d:29:6c:ec:88:f2:e9:fa:9d:5c:8c:
                    61:bc:5f:79:72:74:57:0f:54:cc:a0:9c:2a:f2:8e:
                    08:54:5c:01:c2:b7:20:ef:0e:2c:4b:ab:94:56:70:
                    ab:e6:91:34:d5:f9:63:91:64:01:9b:dd:43:26:63:
                    a2:6f:15:93:e8:5b:4a:14:c6:e7:5e:2a:d9:64:1f:
                    66:23:ea:ce:e6:bc:6e:5b:6a:8b:55:d4:09:93:c6:
                    60:13:c5:53:a0:fd:6d:b1:85:b5:14:ba:e8:e4:5e:
                    07:a4:6d:a2:21:a3:fd:15:d9:c7:aa:9a:d1:2d:8e:
                    da:6e:19:93:19:f1:06:4b:c8:d4:63:93:7d:d4:ca:
                    5c:e5:4d:22:03:76:a0:49:ec:3a:a8:36:24:36:f8:
                    95:83:b2:3d:56:98:3b:14:0b:58:13:3d:92:ed:b0:
                    45:a5:57:36:54:78:2d:d7:75:f9:b7:ea:02:2a:bd:
                    d4:f2:cd:be:9c:35:ed:6c:51:ee:ff:8f:a8:a7:1b:
                    62:d2:0c:47:df:06:45:a6:de:8a:ea:76:7a:15:07:
                    03:58:a7:ad:f6:be:17:31:57:ed:62:5b:04:48:b0:
                    8b:46:f9:c6:d2:6c:55:00:d7:89:52:c0:94:b6:05:
                    38:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:0C:0E:F4:AE:D3:17:B4:81:2B:AE:C0:DE:C3:E1:F2:A1:DA:19:B3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e1db80cb-b85b-4876-a160-00c3f53033a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:a3:24:49:f5:b8:e9:62:9e:fa:65:6f:ab:ea:29:fe:28:86:
         4b:4e:6b:34:40:34:0c:56:c6:3a:9c:47:f2:a8:ed:51:71:f3:
         65:8d:81:8a:49:8d:09:9c:6e:fa:ef:18:6e:86:9a:4d:7b:fd:
         3a:1f:8b:30:36:03:28:58:af:84:a4:46:ae:e5:43:60:6b:63:
         f2:e8:ed:e8:1a:7e:7c:1c:3e:7b:03:bc:9b:b3:a3:b4:93:5f:
         0a:68:31:fa:1c:bb:65:1b:52:52:4a:80:8a:39:43:31:61:be:
         d5:07:11:ba:83:76:80:d7:a7:d6:65:b8:d3:2f:3c:61:03:bc:
         89:7e:09:48:02:0f:92:a7:b0:d6:22:a8:64:72:12:6e:46:4b:
         96:44:ea:c5:3f:e8:af:52:c3:0e:32:1b:a6:19:ea:8d:03:80:
         82:6d:32:d4:45:ca:35:fb:8a:c6:f1:2e:fc:c5:a7:00:92:97:
         73:a2:a3:82:02:fd:71:8f:c1:36:51:c3:c1:fa:80:bd:05:1d:
         fe:af:a3:19:74:c3:32:fb:20:c8:de:5c:1d:04:b4:de:cd:6d:
         fd:f2:00:1b:c1:2d:8a:ea:b8:0c:19:0b:d3:26:8a:29:eb:a7:
         7c:e2:e0:71:0b:80:e6:2c:e5:6a:48:9a:d8:d5:b9:15:eb:1b:
         30:8e:31:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO1Yh0M6uUsfbjdleDmFImSWgs0EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTA3MDAwMDAwWhcNMjQwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMTAwZjZjNGIwYmUwYWM0ZWUxZDE2ODJmNGY0NmRiODZm
OWM2NjYwMzAxMjM5ZTA4MTYyNDRjYTQ2ODIxODA0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoLiPcPJ4l2fokk49fjIRJPFl9KWzsiPLp+p1cjGG8X3ly
dFcPVMygnCryjghUXAHCtyDvDixLq5RWcKvmkTTV+WORZAGb3UMmY6JvFZPoW0oU
xudeKtlkH2Yj6s7mvG5baotV1AmTxmATxVOg/W2xhbUUuujkXgekbaIho/0V2ceq
mtEtjtpuGZMZ8QZLyNRjk33UylzlTSIDdqBJ7DqoNiQ2+JWDsj1WmDsUC1gTPZLt
sEWlVzZUeC3Xdfm36gIqvdTyzb6cNe1sUe7/j6inG2LSDEffBkWm3orqdnoVBwNY
p632vhcxV+1iWwRIsItG+cbSbFUA14lSwJS2BThjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEwwO9K7TF7SBK67A3sPh8qHaGbMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2UxZGI4MGNiLWI4NWItNDg3Ni1hMTYwLTAwYzNmNTMwMzNhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGKjJEn1uOlinvplb6vqKf4ohktO
azRANAxWxjqcR/Ko7VFx82WNgYpJjQmcbvrvGG6Gmk17/TofizA2AyhYr4SkRq7l
Q2BrY/Lo7egafnwcPnsDvJuzo7STXwpoMfocu2UbUlJKgIo5QzFhvtUHEbqDdoDX
p9ZluNMvPGEDvIl+CUgCD5KnsNYiqGRyEm5GS5ZE6sU/6K9Sww4yG6YZ6o0DgIJt
MtRFyjX7isbxLvzFpwCSl3Oio4IC/XGPwTZRw8H6gL0FHf6voxl0wzL7IMjeXB0E
tN7Nbf3yABvBLYrquAwZC9Mmiinrp3zi4HELgOYs5WpImtjVuRXrGzCOMTI=
-----END CERTIFICATE-----