Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f6b903a2-91eb-4f58-94fd-627236795186.roa
File:                     f6b903a2-91eb-4f58-94fd-627236795186.roa (raw, json)
Hash identifier:          9Ctn6JgkDG5B1dPGD+y5OG7f5bqKn7nZSX4yZu7awGQ=
Subject key identifier:   4F:9E:56:A7:D6:97:3F:73:02:64:A2:A6:47:59:9F:C2:B2:7D:18:16
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1E40B64ED3211243C0772F573C35FA168D771FA0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f6b903a2-91eb-4f58-94fd-627236795186.roa
Signing time:             Wed 24 Jan 2024 00:00:00 +0000
ROA not before:           Wed 24 Jan 2024 00:00:00 +0000
ROA not after:            Wed 28 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:40:b6:4e:d3:21:12:43:c0:77:2f:57:3c:35:fa:16:8d:77:1f:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 24 00:00:00 2024 GMT
            Not After : Feb 28 23:59:59 2024 GMT
        Subject: serialNumber=7d62b5ed12e8c1ce633f1c8dfdaf434e2a8ca22197dad84badf71c945c86ae76, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:21:57:45:97:5b:4e:3b:a8:9b:c6:4f:f8:b0:
                    41:3d:87:75:eb:c9:93:a6:cb:00:ef:ba:6e:a5:44:
                    89:99:c1:05:e5:78:83:ca:86:ab:0f:09:54:24:58:
                    85:91:ed:4e:98:fb:f6:24:84:1f:ec:64:5f:3b:7f:
                    d1:4e:00:48:90:3c:db:9b:88:d0:86:d0:23:0b:12:
                    bc:f0:f5:91:ad:3e:0b:af:da:b3:08:e3:92:62:c4:
                    4d:38:74:c8:72:fd:5d:54:e5:b5:8d:83:df:7a:ea:
                    14:57:e3:c5:e6:05:2b:c1:aa:05:b7:e9:57:9e:a0:
                    8b:5c:64:c4:2d:e7:96:4c:8c:5b:51:ab:60:96:14:
                    5f:6a:be:1e:64:55:db:94:9e:0b:4e:d2:ae:fd:87:
                    45:50:0b:73:b5:c5:42:90:ef:12:90:03:57:c5:7b:
                    d6:5d:df:dd:b0:da:d9:b4:5e:00:d1:f9:62:ef:f7:
                    95:6b:b2:f6:a7:58:32:33:80:cf:67:0c:ab:28:28:
                    60:fd:fc:da:61:35:82:86:c3:18:c6:d1:b8:5b:15:
                    a6:d1:d2:4b:5a:da:6e:d9:a7:9d:d7:47:d7:3a:85:
                    29:58:f7:43:3b:f5:98:06:23:36:1d:1b:7d:32:67:
                    8f:1c:c1:da:d8:85:75:18:99:be:13:da:77:5e:4b:
                    16:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:9E:56:A7:D6:97:3F:73:02:64:A2:A6:47:59:9F:C2:B2:7D:18:16
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f6b903a2-91eb-4f58-94fd-627236795186.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c7:d7:fe:ad:97:9a:d9:84:93:51:c1:7b:1a:ce:82:dd:19:
         55:8d:43:06:6d:01:ad:6d:70:73:a3:80:f6:8b:15:10:a2:d3:
         e0:85:96:9e:7a:9f:67:3c:ad:1e:52:92:73:79:8d:2a:2f:a9:
         ad:5d:6a:47:f4:6f:9b:fb:9a:91:ce:a7:ec:63:38:c7:a7:7c:
         83:5b:32:48:bd:af:07:27:81:62:76:47:78:54:c4:19:da:8d:
         c5:09:bd:67:71:1f:68:cd:97:1c:7f:51:78:0f:02:cd:d9:95:
         e2:a0:88:6b:0b:13:f3:2b:d7:70:46:a4:05:db:68:48:6b:1a:
         3c:79:8d:1b:3c:53:d0:dd:b5:c4:57:ba:1c:f5:67:61:b0:25:
         2f:5c:dc:31:10:d4:d5:48:e5:d0:47:31:89:00:e5:69:ea:6d:
         61:13:62:8b:f1:3f:5e:64:08:a6:d3:22:df:dc:05:8a:2d:77:
         a8:a2:70:db:f1:64:8d:bd:fc:d7:72:32:2c:eb:8e:a8:b5:98:
         e8:a5:b8:b5:35:19:eb:66:d5:39:c8:19:26:d1:73:fe:75:1c:
         69:cb:7c:6a:b1:e7:b1:e2:bc:19:45:a0:02:e0:24:cd:e2:b5:
         b1:a5:b7:2c:f0:a4:c2:b0:49:40:cf:48:c0:e3:aa:f3:9a:4e:
         2b:6d:d6:b6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHkC2TtMhEkPAdy9XPDX6Fo13H6AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTI0MDAwMDAwWhcNMjQwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDYyYjVlZDEyZThjMWNlNjMzZjFjOGRmZGFmNDM0ZTJh
OGNhMjIxOTdkYWQ4NGJhZGY3MWM5NDVjODZhZTc2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqIVdFl1tOO6ibxk/4sEE9h3XryZOmywDvum6lRImZwQXl
eIPKhqsPCVQkWIWR7U6Y+/YkhB/sZF87f9FOAEiQPNubiNCG0CMLErzw9ZGtPguv
2rMI45JixE04dMhy/V1U5bWNg9966hRX48XmBSvBqgW36VeeoItcZMQt55ZMjFtR
q2CWFF9qvh5kVduUngtO0q79h0VQC3O1xUKQ7xKQA1fFe9Zd392w2tm0XgDR+WLv
95VrsvanWDIzgM9nDKsoKGD9/NphNYKGwxjG0bhbFabR0kta2m7Zp53XR9c6hSlY
90M79ZgGIzYdG30yZ48cwdrYhXUYmb4T2ndeSxa3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUT55Wp9aXP3MCZKKmR1mfwrJ9GBYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y2YjkwM2EyLTkxZWItNGY1OC05NGZkLTYyNzIzNjc5NTE4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB/H1/6tl5rZhJNRwXsazoLdGVWN
QwZtAa1tcHOjgPaLFRCi0+CFlp56n2c8rR5SknN5jSovqa1dakf0b5v7mpHOp+xj
OMenfINbMki9rwcngWJ2R3hUxBnajcUJvWdxH2jNlxx/UXgPAs3ZleKgiGsLE/Mr
13BGpAXbaEhrGjx5jRs8U9DdtcRXuhz1Z2GwJS9c3DEQ1NVI5dBHMYkA5WnqbWET
YovxP15kCKbTIt/cBYotd6iicNvxZI29/NdyMizrjqi1mOiluLU1Getm1TnIGSbR
c/51HGnLfGqx57HivBlFoALgJM3itbGltyzwpMKwSUDPSMDjqvOaTitt1rY=
-----END CERTIFICATE-----