Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e4280bda-354a-4a11-a9a4-aafd57618111.roa
File:                     e4280bda-354a-4a11-a9a4-aafd57618111.roa (raw, json)
Hash identifier:          DAAU2UIDqTQ0fsdOcUGnwrefyfvaS49xZF0Mv9OmfNc=
Subject key identifier:   6B:AC:D5:34:C3:7C:94:94:FC:3A:AE:9A:44:EF:04:D4:FC:72:C5:B6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6535E0263095ACFE7F58A339CA2FB6F708531BA8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e4280bda-354a-4a11-a9a4-aafd57618111.roa
Signing time:             Mon 15 Jul 2024 00:00:00 +0000
ROA not before:           Mon 15 Jul 2024 00:00:00 +0000
ROA not after:            Mon 19 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:35:e0:26:30:95:ac:fe:7f:58:a3:39:ca:2f:b6:f7:08:53:1b:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 15 00:00:00 2024 GMT
            Not After : Aug 19 23:59:59 2024 GMT
        Subject: serialNumber=7154788697ee05863c3d3152365f4cb36b9fee0372a0791a36a3019dc0fcf914, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:da:9b:db:fc:9c:87:50:63:78:17:00:2a:c1:
                    01:57:ce:84:8c:4b:55:e6:22:b6:25:3a:66:ba:82:
                    ca:0f:99:8a:f8:57:2f:4b:ca:67:c5:84:d9:3f:c9:
                    01:be:a2:fb:55:0d:d7:a7:f0:7a:39:5a:c8:96:9f:
                    bc:fe:e4:61:7d:e3:78:12:40:ae:34:cf:cd:de:eb:
                    59:96:6f:57:29:39:6e:26:1a:0f:de:9e:5f:0a:60:
                    39:67:2e:8b:1d:6e:ce:18:9d:cc:bb:f4:23:81:a5:
                    50:bd:ac:05:e3:5f:6d:b9:ba:08:ed:5b:ab:e4:c3:
                    30:6d:3e:34:97:84:64:06:79:42:fa:f6:0e:49:8a:
                    fa:ad:5b:1d:8e:51:e7:f9:97:81:89:05:cf:3b:54:
                    45:83:05:42:92:63:4a:aa:3d:7a:de:8d:ca:ba:75:
                    52:d3:1c:a3:dd:02:79:1d:c5:66:f2:54:db:ed:f0:
                    17:72:3c:9a:5a:b4:d4:04:c6:9f:bb:ff:c4:db:a3:
                    86:ad:be:dc:68:ad:8a:c6:15:5d:1e:7a:b8:66:18:
                    18:a3:11:e6:94:03:e8:c0:4f:88:1e:10:1d:59:9d:
                    02:43:3e:9f:7c:0b:7a:fe:8f:0f:10:03:39:ce:ee:
                    d8:40:10:b7:2f:e9:59:64:b3:48:19:16:a9:5d:58:
                    90:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:AC:D5:34:C3:7C:94:94:FC:3A:AE:9A:44:EF:04:D4:FC:72:C5:B6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e4280bda-354a-4a11-a9a4-aafd57618111.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:d0:d5:14:d7:ef:a0:da:9b:77:91:e6:50:6d:22:7c:d2:c0:
         42:4d:8f:bf:fd:2f:ba:98:91:1d:d2:53:3b:03:ca:1d:21:d3:
         8a:3c:44:99:bb:25:05:57:08:7f:38:aa:ea:ba:f2:e4:c9:11:
         ff:6b:3e:32:c1:4f:1b:3f:81:8f:6f:2f:9d:cc:fa:51:1a:7f:
         83:31:39:bf:88:25:75:cf:8b:fe:73:a0:4b:2d:30:33:33:fb:
         38:36:00:7a:a9:3b:6e:5e:06:a3:0d:2e:0e:51:4b:bb:3e:6b:
         85:89:76:d1:d2:61:ab:c5:a8:63:17:7b:65:d0:1d:60:b3:82:
         88:0e:9e:da:71:9f:f9:a9:05:f8:35:84:56:62:da:53:a9:0b:
         a6:0b:46:fb:97:cc:7f:32:1e:0b:74:d5:67:be:9b:65:d9:c4:
         c4:54:cd:bf:b4:d1:a4:32:c4:5a:6f:91:76:ae:53:73:21:58:
         5c:19:bf:e7:85:3f:00:8e:00:4b:59:4c:89:ae:f9:62:0d:ec:
         9d:4b:d1:81:1b:e2:82:5b:4f:d7:7b:67:bf:e1:3a:01:3b:87:
         2c:22:0a:ba:a2:02:9f:73:35:88:c7:38:b9:bb:c6:87:36:65:
         a1:f3:b8:3d:e5:d3:72:d5:ce:1b:98:d3:0f:4d:9a:b1:07:1d:
         6a:93:49:0f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZTXgJjCVrP5/WKM5yi+29whTG6gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzE1MDAwMDAwWhcNMjQwODE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MTU0Nzg4Njk3ZWUwNTg2M2MzZDMxNTIzNjVmNGNiMzZi
OWZlZTAzNzJhMDc5MWEzNmEzMDE5ZGMwZmNmOTE0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDf2pvb/JyHUGN4FwAqwQFXzoSMS1XmIrYlOma6gsoPmYr4
Vy9LymfFhNk/yQG+ovtVDden8Ho5WsiWn7z+5GF943gSQK40z83e61mWb1cpOW4m
Gg/enl8KYDlnLosdbs4Yncy79COBpVC9rAXjX225ugjtW6vkwzBtPjSXhGQGeUL6
9g5JivqtWx2OUef5l4GJBc87VEWDBUKSY0qqPXrejcq6dVLTHKPdAnkdxWbyVNvt
8BdyPJpatNQExp+7/8Tbo4atvtxorYrGFV0eerhmGBijEeaUA+jAT4geEB1ZnQJD
Pp98C3r+jw8QAznO7thAELcv6Vlks0gZFqldWJArAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUa6zVNMN8lJT8Oq6aRO8E1PxyxbYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U0MjgwYmRhLTM1NGEtNGExMS1hOWE0LWFhZmQ1NzYxODExMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHnQ1RTX76Dam3eR5lBtInzSwEJN
j7/9L7qYkR3SUzsDyh0h04o8RJm7JQVXCH84quq68uTJEf9rPjLBTxs/gY9vL53M
+lEaf4MxOb+IJXXPi/5zoEstMDMz+zg2AHqpO25eBqMNLg5RS7s+a4WJdtHSYavF
qGMXe2XQHWCzgogOntpxn/mpBfg1hFZi2lOpC6YLRvuXzH8yHgt01We+m2XZxMRU
zb+00aQyxFpvkXauU3MhWFwZv+eFPwCOAEtZTImu+WIN7J1L0YEb4oJbT9d7Z7/h
OgE7hywiCrqiAp9zNYjHOLm7xoc2ZaHzuD3l03LVzhuY0w9NmrEHHWqTSQ8=
-----END CERTIFICATE-----