Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e4812fa6-6004-4dbd-82c8-09b093fa57fc.roa
File:                     e4812fa6-6004-4dbd-82c8-09b093fa57fc.roa (raw, json)
Hash identifier:          RpgT0DeHzVmgBjHtJkEad5RLlsoY35gy39d0vwyc9iw=
Subject key identifier:   79:C9:B3:82:D2:DB:AA:05:E7:15:1C:B6:02:F4:B4:25:D6:11:94:81
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6724B224FB8018F59ED9CC307E4DBBFA752F9850
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e4812fa6-6004-4dbd-82c8-09b093fa57fc.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:24:b2:24:fb:80:18:f5:9e:d9:cc:30:7e:4d:bb:fa:75:2f:98:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=f390cbc58e3923ccc026b73e4ba0ccc2d12fb4076511828aafa974fcac60d226, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d4:b7:46:69:1c:7f:d6:3b:dc:01:0f:03:f1:
                    c5:f8:b7:8e:33:28:cc:25:6c:34:00:ea:a2:7d:06:
                    8a:b3:9b:b1:86:c6:55:91:10:ba:b0:1f:67:42:13:
                    8d:9e:ef:f2:7b:60:b8:a6:c7:f4:55:58:18:79:08:
                    67:c4:d0:00:15:2c:be:ae:17:03:4a:51:98:5a:58:
                    76:e8:e8:e9:6b:a1:04:50:fa:ea:8a:57:ad:77:9d:
                    73:6f:ac:60:b9:7e:44:31:b5:78:b8:25:07:38:ef:
                    1f:16:c1:9c:67:f3:5d:cc:f1:6d:58:2e:03:3b:39:
                    62:d9:e4:cf:a9:7e:0d:8f:db:23:a9:4e:b3:fe:c8:
                    c4:35:5d:61:14:04:2c:12:a5:e6:cf:58:66:c2:0c:
                    45:53:6a:f0:8d:7d:99:9b:0a:8e:5a:6a:f4:63:fd:
                    99:7c:b8:95:7f:dd:89:5d:a1:fe:e4:40:3f:36:c3:
                    7e:ec:df:7d:71:29:2f:91:90:1a:8a:36:8a:15:a5:
                    9c:f0:fa:d8:a4:6b:eb:d9:48:fc:3f:5c:73:64:6d:
                    06:80:92:7b:0d:45:15:66:9e:f4:99:36:28:80:27:
                    2d:90:61:7f:34:2e:a0:f4:d7:1a:2c:2d:5c:ab:27:
                    87:2f:4a:82:fb:6d:ed:0a:26:b5:5e:8a:09:e4:96:
                    23:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C9:B3:82:D2:DB:AA:05:E7:15:1C:B6:02:F4:B4:25:D6:11:94:81
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e4812fa6-6004-4dbd-82c8-09b093fa57fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:0c:8f:80:d8:87:34:ef:24:01:41:5e:25:72:7a:15:7f:58:
         09:26:ef:fe:28:96:f3:4b:34:91:f3:b5:1a:ff:75:2a:b8:f5:
         ea:d9:a8:8e:c3:e9:77:70:f4:97:8e:9a:95:bd:fd:40:e9:0a:
         99:04:87:70:0e:ee:c4:7c:4b:2d:f2:21:f6:59:36:d8:48:32:
         00:72:a1:1b:d3:5e:39:fe:35:a1:1e:7f:a2:7f:0b:a0:9d:72:
         86:71:d0:0d:ab:5a:b5:11:73:43:d8:71:64:a1:63:70:af:db:
         c2:ee:43:ee:6f:4b:b3:31:50:90:57:23:03:04:95:65:74:a0:
         0c:f4:bb:37:34:d8:3b:92:b7:94:2a:18:ac:b3:86:71:65:4f:
         6b:76:76:e5:38:53:4d:6f:d7:a2:bc:44:2a:db:99:b1:00:29:
         f1:7a:0b:4b:f0:0c:46:4c:65:d9:0d:15:80:c2:2b:65:91:cf:
         43:15:08:a2:92:b2:07:76:64:76:9c:0c:3c:58:d0:8f:49:84:
         f1:5b:b9:52:60:60:6f:d0:5b:89:d7:30:a2:e1:8b:c8:da:71:
         72:11:24:16:f9:67:2b:48:d7:9c:c2:c5:04:0d:35:12:94:50:
         46:45:be:2b:9c:8e:15:66:9b:ea:3e:ad:b3:64:d8:9b:e9:3a:
         4d:70:87:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZySyJPuAGPWe2cwwfk27+nUvmFAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMzkwY2JjNThlMzkyM2NjYzAyNmI3M2U0YmEwY2NjMmQx
MmZiNDA3NjUxMTgyOGFhZmE5NzRmY2FjNjBkMjI2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC51LdGaRx/1jvcAQ8D8cX4t44zKMwlbDQA6qJ9Boqzm7GG
xlWRELqwH2dCE42e7/J7YLimx/RVWBh5CGfE0AAVLL6uFwNKUZhaWHbo6OlroQRQ
+uqKV613nXNvrGC5fkQxtXi4JQc47x8WwZxn813M8W1YLgM7OWLZ5M+pfg2P2yOp
TrP+yMQ1XWEUBCwSpebPWGbCDEVTavCNfZmbCo5aavRj/Zl8uJV/3Yldof7kQD82
w37s331xKS+RkBqKNooVpZzw+tika+vZSPw/XHNkbQaAknsNRRVmnvSZNiiAJy2Q
YX80LqD01xosLVyrJ4cvSoL7be0KJrVeignkliMVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUecmzgtLbqgXnFRy2AvS0JdYRlIEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U0ODEyZmE2LTYwMDQtNGRiZC04MmM4LTA5YjA5M2ZhNTdmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKoMj4DYhzTvJAFBXiVyehV/WAkm
7/4olvNLNJHztRr/dSq49erZqI7D6Xdw9JeOmpW9/UDpCpkEh3AO7sR8Sy3yIfZZ
NthIMgByoRvTXjn+NaEef6J/C6CdcoZx0A2rWrURc0PYcWShY3Cv28LuQ+5vS7Mx
UJBXIwMElWV0oAz0uzc02DuSt5QqGKyzhnFlT2t2duU4U01v16K8RCrbmbEAKfF6
C0vwDEZMZdkNFYDCK2WRz0MVCKKSsgd2ZHacDDxY0I9JhPFbuVJgYG/QW4nXMKLh
i8jacXIRJBb5ZytI15zCxQQNNRKUUEZFviucjhVmm+o+rbNk2JvpOk1wh+A=
-----END CERTIFICATE-----