Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e9cea2bb-a788-4056-9db9-3db52c4bcc8e.roa
File:                     e9cea2bb-a788-4056-9db9-3db52c4bcc8e.roa (raw, json)
Hash identifier:          AyFBueF4IoeFG5/83TdB5j+dF1ccGx72ANtbqYoVpLs=
Subject key identifier:   8C:2F:E5:10:75:95:67:37:FF:A8:51:46:FC:67:BC:CB:55:92:45:38
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2B33FCF953149163DD3A2880270E56B15D761CD7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e9cea2bb-a788-4056-9db9-3db52c4bcc8e.roa
Signing time:             Sat 20 Apr 2024 00:00:00 +0000
ROA not before:           Sat 20 Apr 2024 00:00:00 +0000
ROA not after:            Sat 25 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:33:fc:f9:53:14:91:63:dd:3a:28:80:27:0e:56:b1:5d:76:1c:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 20 00:00:00 2024 GMT
            Not After : May 25 23:59:59 2024 GMT
        Subject: serialNumber=e90f3a15c1d3f9965bb193b17fbca2172420dbaf50a99a3215bd9308662d140d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ec:53:2d:4d:a6:c9:cc:32:73:27:ef:47:64:
                    fe:52:26:5b:44:bd:4c:1b:39:4b:47:de:fa:5b:94:
                    a3:c1:2b:5c:c3:0d:a9:60:0a:8c:d1:81:3b:55:9f:
                    f2:ce:b2:7f:5e:44:04:e6:b5:9f:12:c2:c1:52:21:
                    3d:a9:3c:b9:1c:11:19:46:3a:0e:6e:44:69:b8:57:
                    f4:e9:76:b9:5e:19:53:08:09:38:13:3f:5f:06:2b:
                    b9:06:8b:7d:64:27:80:d0:26:67:39:51:55:f9:2e:
                    55:a7:ae:e5:b4:6d:a0:01:52:8e:ec:3d:04:7f:e5:
                    79:e6:1a:27:c1:d5:f5:b5:3a:67:62:50:30:7a:ec:
                    0a:d4:d7:3d:b0:8f:a2:f6:65:10:a0:5f:d7:bb:46:
                    f2:25:be:f2:95:24:24:9b:c2:96:59:8d:fd:77:a3:
                    76:d6:99:00:ac:dc:1f:58:7d:55:b4:50:20:b7:2b:
                    87:64:b4:86:d3:85:2a:a8:78:eb:e6:1e:75:47:86:
                    36:55:a2:de:59:5e:ad:73:0e:7f:0c:b8:7a:f8:0b:
                    59:04:fe:ff:83:17:46:1c:01:0b:6b:8e:c4:79:c3:
                    42:66:56:d9:28:ab:a8:f3:95:21:1b:ee:30:21:8c:
                    2c:10:fb:46:26:6f:f0:a0:0d:07:d4:df:20:ce:29:
                    f2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:2F:E5:10:75:95:67:37:FF:A8:51:46:FC:67:BC:CB:55:92:45:38
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e9cea2bb-a788-4056-9db9-3db52c4bcc8e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:e6:61:03:0d:7c:51:e2:f5:3c:47:00:c0:30:45:3f:50:6f:
         4f:67:61:e2:02:32:fa:48:c8:79:f0:5c:f2:ce:d5:e7:bf:84:
         a0:2e:1f:82:f2:f9:de:bc:77:80:9e:e0:26:7f:ac:3c:6d:cb:
         e8:22:a4:fb:17:66:49:eb:16:71:aa:8c:05:1a:b4:03:1c:c7:
         d0:97:64:42:72:5d:c9:0a:4b:70:03:61:54:cc:fe:3c:24:0f:
         20:4c:28:fe:df:ac:7c:3e:3f:d8:b2:46:67:f0:1e:22:69:e5:
         9b:7e:31:ef:2d:15:f3:42:be:42:d6:d8:31:51:61:12:7b:39:
         0c:7c:da:2c:ea:3a:f8:23:ff:1c:47:7d:79:1c:4b:e7:4d:9a:
         a5:bf:dd:d6:7f:88:62:e5:8a:66:ed:14:c1:31:39:8b:36:d6:
         7b:d5:9f:da:8c:db:59:a4:da:ae:a5:83:f8:15:5c:6a:3d:12:
         e7:c7:fd:4c:f9:81:3c:2a:aa:89:a0:46:33:61:65:02:d4:48:
         86:67:80:4a:e5:a8:d7:f8:5b:26:2f:9d:4d:a4:b1:1b:47:5d:
         c8:cd:1e:96:68:cf:3a:28:6f:fb:dd:4d:44:d6:4a:7e:cc:26:
         ca:26:ff:fe:76:23:d8:b7:4c:02:47:f0:e0:13:25:e4:e1:22:
         5c:19:3c:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKzP8+VMUkWPdOiiAJw5WsV12HNcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDIwMDAwMDAwWhcNMjQwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTBmM2ExNWMxZDNmOTk2NWJiMTkzYjE3ZmJjYTIxNzI0
MjBkYmFmNTBhOTlhMzIxNWJkOTMwODY2MmQxNDBkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDB7FMtTabJzDJzJ+9HZP5SJltEvUwbOUtH3vpblKPBK1zD
DalgCozRgTtVn/LOsn9eRATmtZ8SwsFSIT2pPLkcERlGOg5uRGm4V/TpdrleGVMI
CTgTP18GK7kGi31kJ4DQJmc5UVX5LlWnruW0baABUo7sPQR/5XnmGifB1fW1Omdi
UDB67ArU1z2wj6L2ZRCgX9e7RvIlvvKVJCSbwpZZjf13o3bWmQCs3B9YfVW0UCC3
K4dktIbThSqoeOvmHnVHhjZVot5ZXq1zDn8MuHr4C1kE/v+DF0YcAQtrjsR5w0Jm
Vtkoq6jzlSEb7jAhjCwQ+0Ymb/CgDQfU3yDOKfLjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjC/lEHWVZzf/qFFG/Ge8y1WSRTgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U5Y2VhMmJiLWE3ODgtNDA1Ni05ZGI5LTNkYjUyYzRiY2M4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGnmYQMNfFHi9TxHAMAwRT9Qb09n
YeICMvpIyHnwXPLO1ee/hKAuH4Ly+d68d4Ce4CZ/rDxty+gipPsXZknrFnGqjAUa
tAMcx9CXZEJyXckKS3ADYVTM/jwkDyBMKP7frHw+P9iyRmfwHiJp5Zt+Me8tFfNC
vkLW2DFRYRJ7OQx82izqOvgj/xxHfXkcS+dNmqW/3dZ/iGLlimbtFMExOYs21nvV
n9qM21mk2q6lg/gVXGo9EufH/Uz5gTwqqomgRjNhZQLUSIZngErlqNf4WyYvnU2k
sRtHXcjNHpZozzoob/vdTUTWSn7MJsom//52I9i3TAJH8OATJeThIlwZPE8=
-----END CERTIFICATE-----