Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e5e4cfa9-7e7f-43f2-b4da-0228c5f5591d.roa
File:                     e5e4cfa9-7e7f-43f2-b4da-0228c5f5591d.roa (raw, json)
Hash identifier:          Vz1kldWCF8YRdrr9KiGBQaGfA5SxK5rokWh0sDzfa5s=
Subject key identifier:   CF:66:3E:1C:7D:71:BE:46:39:5C:0F:0C:02:3A:AA:D9:14:2F:5C:E6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       326E44424D4DB0415222B8BE9739512ACFCEAD99
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e5e4cfa9-7e7f-43f2-b4da-0228c5f5591d.roa
Signing time:             Thu 18 Jul 2024 00:00:00 +0000
ROA not before:           Thu 18 Jul 2024 00:00:00 +0000
ROA not after:            Thu 22 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:6e:44:42:4d:4d:b0:41:52:22:b8:be:97:39:51:2a:cf:ce:ad:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 18 00:00:00 2024 GMT
            Not After : Aug 22 23:59:59 2024 GMT
        Subject: serialNumber=791b4bb97f9e5e85cf08c981e5a39570b10d8562c6ed3987374822d58a1b13e4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:be:7c:fc:f4:1e:95:24:c7:c6:d3:7d:58:3c:
                    c7:ed:29:9b:6a:b3:ce:02:08:b3:21:84:25:26:89:
                    92:f7:ca:f8:53:64:d3:c7:f8:ea:d3:d0:c0:b9:3f:
                    c4:64:60:94:43:3b:3e:cb:54:6c:3c:96:96:d9:4f:
                    26:c8:40:11:fd:44:6a:74:4d:34:ed:17:09:dc:f9:
                    2e:dc:5f:4b:c2:28:5d:a1:61:01:22:57:83:36:ce:
                    fc:83:5d:98:cc:de:9b:52:2d:37:1a:ae:60:02:72:
                    f9:b6:bc:a6:26:7e:3b:5d:57:5c:82:6f:a6:4a:1a:
                    68:3a:7f:b2:ad:d6:2b:10:6d:9f:dc:66:76:76:ab:
                    bf:04:e6:46:31:b1:2a:5b:0e:af:99:f8:f6:65:d8:
                    9d:b0:b1:ee:23:09:05:3a:ad:b5:b8:1c:9d:a2:b6:
                    0c:6d:7e:cb:f3:b6:9c:fc:28:7d:c4:26:f2:4a:15:
                    40:17:83:cf:fd:59:f5:80:82:d9:f9:ea:c4:07:e2:
                    89:57:e1:7a:cb:69:92:d9:d1:eb:a1:93:9f:e9:3d:
                    e0:a7:05:e5:d4:dc:37:02:0b:4f:bb:6a:e3:6d:a5:
                    0a:64:54:21:a3:d7:0b:0a:a6:08:88:cb:7b:74:d2:
                    2e:94:b9:67:bb:23:e8:48:89:fc:04:15:9d:d3:99:
                    ab:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:66:3E:1C:7D:71:BE:46:39:5C:0F:0C:02:3A:AA:D9:14:2F:5C:E6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e5e4cfa9-7e7f-43f2-b4da-0228c5f5591d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:32:16:8a:03:f1:d8:0e:18:72:65:48:4b:28:57:6d:9c:79:
         ff:0f:4a:f7:92:7d:ca:d2:d9:ca:5c:10:9b:da:d7:cf:20:73:
         12:18:3c:8b:f1:a4:9a:ec:b8:ca:43:ae:4f:6c:a4:41:a4:32:
         84:09:d5:a3:32:60:d8:a8:aa:4c:a9:3d:49:13:d4:07:b0:39:
         60:cb:33:10:20:1d:0e:5c:d8:86:04:4b:23:c8:2e:d0:90:b2:
         a3:19:7d:76:41:a1:7f:6b:35:af:a3:3b:70:3d:bc:21:94:1b:
         48:01:89:99:a3:f6:aa:97:1b:96:88:cb:1a:1b:3b:de:7e:24:
         d5:78:03:53:05:7a:e5:9b:15:3d:12:35:96:6b:72:26:81:4f:
         98:db:be:e3:c7:76:98:5f:e8:1c:5e:38:45:2f:b0:b0:ca:9c:
         88:2c:04:68:91:bc:d6:f7:1f:66:36:c1:e3:c5:4f:3b:df:51:
         fa:27:24:03:45:3b:a7:5e:e8:65:18:99:62:c1:99:8d:25:6a:
         01:81:19:3d:8e:0e:44:1f:ea:7f:d7:fd:4e:e3:78:10:e2:d2:
         89:89:dd:7d:d6:98:90:30:b3:64:d8:fd:6e:5a:db:0d:45:17:
         1a:3b:ed:db:85:5b:27:1c:89:b4:a4:67:71:c6:da:4a:4d:52:
         48:64:e9:58
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMm5EQk1NsEFSIri+lzlRKs/OrZkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzE4MDAwMDAwWhcNMjQwODIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3OTFiNGJiOTdmOWU1ZTg1Y2YwOGM5ODFlNWEzOTU3MGIx
MGQ4NTYyYzZlZDM5ODczNzQ4MjJkNThhMWIxM2U0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwvnz89B6VJMfG031YPMftKZtqs84CCLMhhCUmiZL3yvhT
ZNPH+OrT0MC5P8RkYJRDOz7LVGw8lpbZTybIQBH9RGp0TTTtFwnc+S7cX0vCKF2h
YQEiV4M2zvyDXZjM3ptSLTcarmACcvm2vKYmfjtdV1yCb6ZKGmg6f7Kt1isQbZ/c
ZnZ2q78E5kYxsSpbDq+Z+PZl2J2wse4jCQU6rbW4HJ2itgxtfsvztpz8KH3EJvJK
FUAXg8/9WfWAgtn56sQH4olX4XrLaZLZ0euhk5/pPeCnBeXU3DcCC0+7auNtpQpk
VCGj1wsKpgiIy3t00i6UuWe7I+hIifwEFZ3TmavpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUz2Y+HH1xvkY5XA8MAjqq2RQvXOYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U1ZTRjZmE5LTdlN2YtNDNmMi1iNGRhLTAyMjhjNWY1NTkxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA4yFooD8dgOGHJlSEsoV22cef8P
SveSfcrS2cpcEJva188gcxIYPIvxpJrsuMpDrk9spEGkMoQJ1aMyYNioqkypPUkT
1AewOWDLMxAgHQ5c2IYESyPILtCQsqMZfXZBoX9rNa+jO3A9vCGUG0gBiZmj9qqX
G5aIyxobO95+JNV4A1MFeuWbFT0SNZZrciaBT5jbvuPHdphf6BxeOEUvsLDKnIgs
BGiRvNb3H2Y2wePFTzvfUfonJANFO6de6GUYmWLBmY0lagGBGT2ODkQf6n/X/U7j
eBDi0omJ3X3WmJAws2TY/W5a2w1FFxo77duFWyccibSkZ3HG2kpNUkhk6Vg=
-----END CERTIFICATE-----