Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e770b539-b75f-44c0-ba30-dd364e68f38b.roa
File:                     e770b539-b75f-44c0-ba30-dd364e68f38b.roa (raw, json)
Hash identifier:          lk+CXFr1yzHLoFDxPpDgjK5F17zQLBkwl6OeAbVumYc=
Subject key identifier:   B1:2F:F3:0E:E4:CF:B1:81:CD:D2:FB:31:28:31:2C:8C:FF:17:EE:25
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2E10990BF232A55803A72BE80231FFF2138CBAD3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e770b539-b75f-44c0-ba30-dd364e68f38b.roa
Signing time:             Sat 02 Mar 2024 00:00:00 +0000
ROA not before:           Sat 02 Mar 2024 00:00:00 +0000
ROA not after:            Sat 06 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:10:99:0b:f2:32:a5:58:03:a7:2b:e8:02:31:ff:f2:13:8c:ba:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  2 00:00:00 2024 GMT
            Not After : Apr  6 23:59:59 2024 GMT
        Subject: serialNumber=f435946b257fa936ad7d190473af8f38bf398dc23659b53acd14b0ec46de378b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b0:ff:4d:17:67:3f:91:66:1a:bf:4b:1f:cd:
                    8d:73:82:25:cc:48:f7:5a:e7:24:48:4b:32:f2:52:
                    a1:d6:32:2f:e0:92:6c:4f:5c:9d:82:23:2e:1f:09:
                    83:55:fd:a5:55:05:db:6a:42:49:29:6c:b4:93:56:
                    84:48:59:72:27:c9:33:55:75:5a:8c:40:3b:97:1c:
                    f3:9e:ef:32:c6:38:72:af:5b:9e:41:57:e5:24:87:
                    0b:01:cf:a0:76:b6:4c:dd:0b:b8:35:b4:86:e8:e3:
                    25:5b:de:81:63:48:c3:79:ce:01:74:a4:e1:2c:de:
                    79:87:e9:04:f7:2c:c7:94:2e:9f:0e:6e:11:12:ad:
                    91:57:65:87:d5:8c:fe:0a:9b:be:40:76:94:78:8a:
                    24:e7:98:b4:c1:9e:57:92:d6:ba:41:cf:f6:c8:ec:
                    ce:15:ee:bd:95:b8:c5:d7:07:23:ac:00:0d:1d:12:
                    33:eb:fe:c7:a8:f9:ad:b7:6f:c9:c7:f7:04:01:eb:
                    80:55:5f:94:46:89:06:db:16:20:58:91:44:3d:8e:
                    05:db:79:c8:cb:f7:7e:ba:2a:81:1f:b0:99:6f:0d:
                    5d:d7:cf:8d:e2:32:f9:f9:f8:ca:3d:38:40:73:a3:
                    69:49:e3:1c:a0:5a:b1:df:ec:78:f3:08:45:b9:8e:
                    27:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:2F:F3:0E:E4:CF:B1:81:CD:D2:FB:31:28:31:2C:8C:FF:17:EE:25
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e770b539-b75f-44c0-ba30-dd364e68f38b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:ca:4d:8e:e8:e0:d1:53:89:6e:6f:f5:32:d3:18:60:76:1c:
         eb:28:95:9c:d9:66:38:5b:6c:66:d1:56:f7:a6:0f:5e:72:ef:
         37:43:39:57:88:50:df:68:c6:ad:da:9b:07:dd:cd:88:db:15:
         71:22:dc:28:d2:09:e8:94:ec:ac:eb:f9:41:dc:5e:19:9e:14:
         46:72:d2:86:8d:c8:8d:12:c0:38:8f:6b:31:e5:65:23:fc:19:
         46:73:1a:d9:d3:e4:34:86:ef:44:e1:59:7b:f6:ae:5e:b6:ec:
         ef:7d:27:46:c9:01:97:a5:3c:92:45:40:93:9b:b8:f1:ff:51:
         fe:c1:85:8d:7b:1d:28:af:50:28:61:6f:d7:d5:bb:ca:65:f1:
         30:49:57:db:8a:49:eb:62:00:87:1d:e8:33:5d:df:3a:4c:72:
         c6:f9:c4:d2:de:6e:e2:e0:03:a3:66:d6:e9:c8:49:5e:f4:43:
         44:0a:44:0f:e4:ab:3c:38:cc:b1:33:e3:f5:89:1d:2c:96:06:
         f9:c7:ec:68:4a:81:73:89:e8:f6:fd:f5:8f:d2:ff:24:d9:cd:
         df:32:d4:48:21:45:46:e5:27:1c:07:72:6e:bf:0d:75:29:05:
         1e:e9:92:23:9c:3f:53:ac:e3:45:bc:23:9d:b9:b7:9d:79:3a:
         56:03:e5:23
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULhCZC/IypVgDpyvoAjH/8hOMutMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzAyMDAwMDAwWhcNMjQwNDA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDM1OTQ2YjI1N2ZhOTM2YWQ3ZDE5MDQ3M2FmOGYzOGJm
Mzk4ZGMyMzY1OWI1M2FjZDE0YjBlYzQ2ZGUzNzhiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSsP9NF2c/kWYav0sfzY1zgiXMSPda5yRISzLyUqHWMi/g
kmxPXJ2CIy4fCYNV/aVVBdtqQkkpbLSTVoRIWXInyTNVdVqMQDuXHPOe7zLGOHKv
W55BV+UkhwsBz6B2tkzdC7g1tIbo4yVb3oFjSMN5zgF0pOEs3nmH6QT3LMeULp8O
bhESrZFXZYfVjP4Km75AdpR4iiTnmLTBnleS1rpBz/bI7M4V7r2VuMXXByOsAA0d
EjPr/seo+a23b8nH9wQB64BVX5RGiQbbFiBYkUQ9jgXbecjL9366KoEfsJlvDV3X
z43iMvn5+Mo9OEBzo2lJ4xygWrHf7HjzCEW5jiePAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsS/zDuTPsYHN0vsxKDEsjP8X7iUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U3NzBiNTM5LWI3NWYtNDRjMC1iYTMwLWRkMzY0ZTY4ZjM4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHjKTY7o4NFTiW5v9TLTGGB2HOso
lZzZZjhbbGbRVvemD15y7zdDOVeIUN9oxq3amwfdzYjbFXEi3CjSCeiU7Kzr+UHc
XhmeFEZy0oaNyI0SwDiPazHlZSP8GUZzGtnT5DSG70ThWXv2rl627O99J0bJAZel
PJJFQJObuPH/Uf7BhY17HSivUChhb9fVu8pl8TBJV9uKSetiAIcd6DNd3zpMcsb5
xNLebuLgA6Nm1unISV70Q0QKRA/kqzw4zLEz4/WJHSyWBvnH7GhKgXOJ6Pb99Y/S
/yTZzd8y1EghRUblJxwHcm6/DXUpBR7pkiOcP1Os40W8I525t515OlYD5SM=
-----END CERTIFICATE-----