Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e9e2c212-9eeb-4334-8b7e-fb88dc00b996.roa
File:                     e9e2c212-9eeb-4334-8b7e-fb88dc00b996.roa (raw, json)
Hash identifier:          xcGG3pkptzoq41nFuajunfRlEUYPT+F+zuYZhrhPbd4=
Subject key identifier:   5E:BB:E6:E9:3C:86:FE:78:D0:EF:5D:F8:81:CC:4F:12:0C:00:46:C0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3E223FA81BEC5CB58FF8D4138E9496CDD1883836
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e9e2c212-9eeb-4334-8b7e-fb88dc00b996.roa
Signing time:             Tue 12 Nov 2024 00:00:00 +0000
ROA not before:           Tue 12 Nov 2024 00:00:00 +0000
ROA not after:            Tue 17 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:22:3f:a8:1b:ec:5c:b5:8f:f8:d4:13:8e:94:96:cd:d1:88:38:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 12 00:00:00 2024 GMT
            Not After : Dec 17 23:59:59 2024 GMT
        Subject: serialNumber=be3d8a7d85d1392b4858a03426337e293c156bc74a45b929ee8608f03d3f93e1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d5:b8:05:16:24:7b:fb:80:9a:01:73:07:f1:
                    f6:87:27:13:0d:00:08:3d:84:dd:a1:26:12:62:1e:
                    c7:37:76:e5:70:34:1d:62:f7:6f:f4:a3:a5:78:82:
                    c8:9e:ff:f5:1d:02:a0:ad:9a:72:ab:4e:e8:1a:e6:
                    eb:d7:43:1a:d6:44:75:96:3d:d4:2d:77:2d:6e:8d:
                    91:d5:b6:3a:16:55:3f:09:ef:1e:f0:40:38:3a:8a:
                    70:2d:6c:c1:43:c0:45:eb:4c:cc:1d:4f:0e:56:fc:
                    cc:98:4a:7b:90:b1:12:c9:c6:aa:7d:83:e5:66:66:
                    ab:4d:a9:4d:28:7a:c7:0d:1d:14:00:84:8f:bb:97:
                    87:29:dc:16:32:47:e4:52:6a:96:cd:73:47:22:4e:
                    c4:ef:55:b8:c2:57:c1:a8:93:1a:07:7d:c0:9d:ed:
                    53:36:f9:a0:26:b5:a3:99:fd:3b:40:cb:a5:c6:d4:
                    1f:a1:e2:dc:d4:6e:6b:8e:0e:66:eb:87:33:65:e6:
                    ea:10:2a:32:08:80:39:0e:2f:b3:c8:dd:19:2f:61:
                    98:73:d6:a9:df:8b:11:c3:64:7b:5c:25:a8:38:d8:
                    b2:68:48:43:ce:53:e8:eb:b1:11:59:df:da:44:9c:
                    5b:5f:46:74:b4:7f:f5:0c:55:fd:18:3e:94:65:5f:
                    55:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:BB:E6:E9:3C:86:FE:78:D0:EF:5D:F8:81:CC:4F:12:0C:00:46:C0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e9e2c212-9eeb-4334-8b7e-fb88dc00b996.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:63:d6:85:28:37:9e:f9:cd:60:f5:1e:cf:21:c3:c3:d3:7e:
         ed:54:4f:db:6f:ff:b1:4c:57:9c:59:b2:53:34:67:81:f6:5d:
         f1:6a:5c:30:b2:83:71:95:f4:d6:61:0f:c4:ce:fc:64:39:cb:
         d4:63:2c:69:1b:f6:ec:8d:6c:89:8d:ec:8a:e1:64:a5:b2:10:
         ed:65:c1:a7:a9:2b:90:d5:c8:7a:d3:d5:1f:a0:3f:82:51:44:
         4b:be:a8:b1:28:f9:84:8b:3f:43:71:03:0c:9a:b2:c9:ce:63:
         fe:d8:ac:fa:ec:a9:95:a9:3d:05:ab:4e:f4:c4:97:40:d6:b6:
         bc:03:dd:d2:71:00:a4:1b:53:5f:56:5d:70:32:23:aa:f7:5d:
         8f:31:c8:26:b4:37:8e:ce:f1:ea:5f:0b:f8:53:e1:3f:b6:86:
         78:6e:49:0a:2c:d9:fb:60:58:0a:ff:a8:7e:e1:fd:8a:ed:18:
         f7:1c:78:83:d8:38:84:5c:82:32:c0:10:f9:60:8a:5c:4a:3d:
         ad:30:33:e5:18:af:14:12:b8:c2:db:a0:52:2c:24:f8:78:13:
         5f:ea:35:ac:d5:4b:b3:23:a3:9d:07:21:d6:e0:c2:14:c7:0c:
         58:67:67:58:ff:5d:e6:ad:ff:63:cb:f7:b6:b3:27:27:25:28:
         9c:17:63:20
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPiI/qBvsXLWP+NQTjpSWzdGIODYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTEyMDAwMDAwWhcNMjQxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZTNkOGE3ZDg1ZDEzOTJiNDg1OGEwMzQyNjMzN2UyOTNj
MTU2YmM3NGE0NWI5MjllZTg2MDhmMDNkM2Y5M2UxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI1bgFFiR7+4CaAXMH8faHJxMNAAg9hN2hJhJiHsc3duVw
NB1i92/0o6V4gsie//UdAqCtmnKrTuga5uvXQxrWRHWWPdQtdy1ujZHVtjoWVT8J
7x7wQDg6inAtbMFDwEXrTMwdTw5W/MyYSnuQsRLJxqp9g+VmZqtNqU0oescNHRQA
hI+7l4cp3BYyR+RSapbNc0ciTsTvVbjCV8GokxoHfcCd7VM2+aAmtaOZ/TtAy6XG
1B+h4tzUbmuODmbrhzNl5uoQKjIIgDkOL7PI3RkvYZhz1qnfixHDZHtcJag42LJo
SEPOU+jrsRFZ39pEnFtfRnS0f/UMVf0YPpRlX1XLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXrvm6TyG/njQ7134gcxPEgwARsAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U5ZTJjMjEyLTllZWItNDMzNC04YjdlLWZiODhkYzAwYjk5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFZj1oUoN575zWD1Hs8hw8PTfu1U
T9tv/7FMV5xZslM0Z4H2XfFqXDCyg3GV9NZhD8TO/GQ5y9RjLGkb9uyNbImN7Irh
ZKWyEO1lwaepK5DVyHrT1R+gP4JRREu+qLEo+YSLP0NxAwyassnOY/7YrPrsqZWp
PQWrTvTEl0DWtrwD3dJxAKQbU19WXXAyI6r3XY8xyCa0N47O8epfC/hT4T+2hnhu
SQos2ftgWAr/qH7h/YrtGPcceIPYOIRcgjLAEPlgilxKPa0wM+UYrxQSuMLboFIs
JPh4E1/qNazVS7Mjo50HIdbgwhTHDFhnZ1j/Xeat/2PL97azJyclKJwXYyA=
-----END CERTIFICATE-----