Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f3d35801-dcda-4d1c-bc0a-725916758448.roa
File:                     f3d35801-dcda-4d1c-bc0a-725916758448.roa (raw, json)
Hash identifier:          92Mf6LDi6CNAnkXZSnU7pIlVBK3/4ql+2i3jC0d4Ymg=
Subject key identifier:   87:A3:E7:23:80:AF:CD:1D:E9:30:92:2F:F3:02:AB:71:F5:2E:28:BC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       661919D2188CA5308B7D0B0172550EEDEDF87746
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f3d35801-dcda-4d1c-bc0a-725916758448.roa
Signing time:             Thu 11 Jul 2024 00:00:00 +0000
ROA not before:           Thu 11 Jul 2024 00:00:00 +0000
ROA not after:            Thu 15 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:19:19:d2:18:8c:a5:30:8b:7d:0b:01:72:55:0e:ed:ed:f8:77:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 11 00:00:00 2024 GMT
            Not After : Aug 15 23:59:59 2024 GMT
        Subject: serialNumber=4fbed42942358bf383a9d9bd35f11d552caf67a49cc32013679f12adc6d09b4b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4a:bf:50:6f:5b:de:23:b3:e4:8d:0d:43:35:
                    e3:7f:dd:00:52:3b:39:23:9d:16:35:5b:30:a4:b7:
                    7a:92:4c:75:1a:c7:a3:79:ad:d8:5f:56:cb:64:2f:
                    cd:62:13:09:5e:24:bc:b3:c4:4e:1b:a6:c4:03:11:
                    53:74:02:b9:7c:be:35:47:19:4f:fd:9c:ae:4b:9d:
                    96:44:e8:ad:7a:5c:00:ce:f6:77:9a:a3:d3:93:2b:
                    03:a0:6f:03:e8:03:d7:91:4f:b9:c7:d1:eb:8d:ae:
                    8d:de:f9:4f:97:11:1c:99:d5:5f:4c:5d:d3:9e:92:
                    97:91:bd:01:56:d3:f9:7b:92:b5:c8:95:82:b4:40:
                    9d:fa:08:1e:26:8f:b0:bc:b5:e0:4f:7e:f4:29:07:
                    fb:e7:14:09:e5:29:d3:f6:79:12:16:ef:68:38:32:
                    28:c1:6a:a3:f8:df:97:f4:96:42:b3:a5:30:9a:e6:
                    63:a9:96:25:18:53:a2:4a:c8:a5:fe:9e:1e:33:e6:
                    4d:68:02:44:cf:14:5b:96:6c:35:57:b5:00:68:d2:
                    9f:41:17:5a:07:7c:af:57:98:a6:e9:ba:b0:ed:64:
                    9c:65:88:74:76:bc:68:bc:83:ec:f1:0c:32:fd:77:
                    9e:c9:3d:c1:e2:2c:17:85:14:03:3c:17:31:d2:11:
                    88:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:A3:E7:23:80:AF:CD:1D:E9:30:92:2F:F3:02:AB:71:F5:2E:28:BC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f3d35801-dcda-4d1c-bc0a-725916758448.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:c2:56:5e:a1:38:77:2e:e0:1c:15:29:2f:38:45:2b:2b:67:
         0f:67:30:cd:cb:32:10:8c:59:c5:04:2a:63:de:21:df:05:ae:
         d0:b3:57:06:8c:76:09:ca:c4:81:13:20:ee:da:41:ac:71:2e:
         3e:18:17:2a:6e:02:4f:13:62:6e:9d:af:fb:f5:80:ef:2a:84:
         fc:ab:eb:62:c8:60:bf:99:e1:64:97:f5:07:70:83:05:cf:53:
         ae:4b:ad:cf:15:da:4f:69:0f:fc:04:1a:0e:ec:ae:a1:02:b6:
         43:78:97:0d:f6:cc:a6:fd:cb:21:ea:dd:ec:d5:d6:a8:c3:8d:
         f5:f7:c6:70:d1:67:f4:ea:cf:22:7e:6c:56:4d:47:d5:0a:c6:
         b0:41:94:d0:f0:79:ae:ec:a9:1d:37:66:15:db:62:35:04:a7:
         04:3b:e4:f5:26:2c:13:f9:7a:fe:37:82:56:30:39:07:05:c8:
         96:14:42:7d:37:54:9f:71:e9:4c:fb:dc:79:4c:2d:af:ed:d7:
         17:19:7e:96:15:54:aa:4b:0e:c7:08:cd:cb:81:c8:5b:b9:80:
         8c:b7:56:1d:b9:ae:01:bf:d7:b5:7d:bd:14:3a:18:86:a2:cd:
         81:eb:30:ec:f8:74:5f:ef:e3:08:b8:b4:30:3c:d3:3c:33:a5:
         4d:74:06:58
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZhkZ0hiMpTCLfQsBclUO7e34d0YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzExMDAwMDAwWhcNMjQwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZmJlZDQyOTQyMzU4YmYzODNhOWQ5YmQzNWYxMWQ1NTJj
YWY2N2E0OWNjMzIwMTM2NzlmMTJhZGM2ZDA5YjRiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5Sr9Qb1veI7PkjQ1DNeN/3QBSOzkjnRY1WzCkt3qSTHUa
x6N5rdhfVstkL81iEwleJLyzxE4bpsQDEVN0Arl8vjVHGU/9nK5LnZZE6K16XADO
9neao9OTKwOgbwPoA9eRT7nH0euNro3e+U+XERyZ1V9MXdOekpeRvQFW0/l7krXI
lYK0QJ36CB4mj7C8teBPfvQpB/vnFAnlKdP2eRIW72g4MijBaqP435f0lkKzpTCa
5mOpliUYU6JKyKX+nh4z5k1oAkTPFFuWbDVXtQBo0p9BF1oHfK9XmKbpurDtZJxl
iHR2vGi8g+zxDDL9d57JPcHiLBeFFAM8FzHSEYgbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUh6PnI4CvzR3pMJIv8wKrcfUuKLwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2YzZDM1ODAxLWRjZGEtNGQxYy1iYzBhLTcyNTkxNjc1ODQ0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFnCVl6hOHcu4BwVKS84RSsrZw9n
MM3LMhCMWcUEKmPeId8FrtCzVwaMdgnKxIETIO7aQaxxLj4YFypuAk8TYm6dr/v1
gO8qhPyr62LIYL+Z4WSX9QdwgwXPU65Lrc8V2k9pD/wEGg7srqECtkN4lw32zKb9
yyHq3ezV1qjDjfX3xnDRZ/TqzyJ+bFZNR9UKxrBBlNDwea7sqR03ZhXbYjUEpwQ7
5PUmLBP5ev43glYwOQcFyJYUQn03VJ9x6Uz73HlMLa/t1xcZfpYVVKpLDscIzcuB
yFu5gIy3Vh25rgG/17V9vRQ6GIaizYHrMOz4dF/v4wi4tDA80zwzpU10Blg=
-----END CERTIFICATE-----