Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f7304487-579c-4de5-b5f1-88802759e0dd.roa
File:                     f7304487-579c-4de5-b5f1-88802759e0dd.roa (raw, json)
Hash identifier:          mTbgXtMu7pR5r+uBN4Sr9p1ABWwNdm/N2Pp1TVZxvaE=
Subject key identifier:   BA:B7:03:44:B6:2B:BA:D2:C3:D7:76:72:CE:D9:0A:64:EC:E4:B9:77
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       240946EC593E38B9ED8EE08938CFF0D464ECC5C8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f7304487-579c-4de5-b5f1-88802759e0dd.roa
Signing time:             Fri 02 Aug 2024 00:00:00 +0000
ROA not before:           Fri 02 Aug 2024 00:00:00 +0000
ROA not after:            Fri 06 Sep 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:09:46:ec:59:3e:38:b9:ed:8e:e0:89:38:cf:f0:d4:64:ec:c5:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  2 00:00:00 2024 GMT
            Not After : Sep  6 23:59:59 2024 GMT
        Subject: serialNumber=305d34c469615b507e8ab7cf7369d6333cf02ea91ccf69667fcec4cbb357f398, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1a:91:77:13:00:5f:bb:00:3f:81:ad:dd:3e:
                    e6:b1:37:d1:e7:d2:fa:a1:6f:4e:d2:7d:80:fa:bb:
                    d2:75:c0:83:96:52:df:8e:33:ca:c0:f5:cc:52:8b:
                    47:3e:c3:bd:95:0a:44:11:06:f0:89:3e:64:c3:c0:
                    10:24:76:62:5b:e1:c7:83:86:d0:36:10:e1:5f:4b:
                    a5:c1:fe:21:51:72:45:38:e7:f2:7e:93:22:cc:a2:
                    c3:d4:b4:27:ed:54:6b:df:44:38:60:67:fd:cd:14:
                    8d:a3:ec:81:79:58:4a:e1:64:43:42:d8:87:d3:c6:
                    02:26:65:62:76:cb:3d:ee:4c:b3:91:11:27:92:54:
                    4a:6a:ab:69:bd:58:0e:fd:30:5b:7e:5f:4d:13:1f:
                    a9:70:d4:e3:90:79:d1:4b:c8:b6:c4:49:10:df:08:
                    b3:de:7d:5b:28:5b:01:80:e3:44:fc:52:d9:e0:0f:
                    3e:a6:4a:94:96:f8:2e:89:2f:86:78:ad:1d:15:ef:
                    04:9f:d2:7b:8e:47:70:b5:16:e3:fc:a3:7e:0e:cc:
                    aa:3b:d7:b3:6e:db:0e:54:b5:dd:27:14:e7:cc:97:
                    1d:59:ed:84:47:63:2b:aa:7c:32:b2:51:a5:72:4a:
                    2a:b6:b9:43:1b:75:91:e2:3c:ba:5e:a9:76:47:6d:
                    24:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:B7:03:44:B6:2B:BA:D2:C3:D7:76:72:CE:D9:0A:64:EC:E4:B9:77
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f7304487-579c-4de5-b5f1-88802759e0dd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:c5:c6:cf:36:b4:75:65:5f:90:8e:14:04:f3:4d:0c:78:4b:
         eb:70:83:c4:b5:b2:f4:64:5d:91:18:ac:0a:46:14:43:95:bf:
         7d:21:17:f7:72:d1:21:1f:0f:3c:fd:18:e7:7e:d8:2c:78:ab:
         71:62:78:d3:9a:c1:a4:90:97:b0:3a:b2:f4:4b:a5:a1:7b:67:
         ec:bb:47:b3:da:3d:e3:59:1f:99:93:13:80:2a:04:72:76:57:
         3e:50:18:69:29:f0:4d:a4:cc:78:70:91:1d:7d:cb:4c:d0:b1:
         11:d1:ef:f3:61:5f:5c:96:d2:c1:47:86:12:82:35:f7:db:37:
         31:2c:13:48:2c:b7:24:c1:31:2c:e1:31:ff:f7:ab:e6:08:58:
         4d:4f:6c:ce:9c:37:92:3a:e3:a7:8a:66:25:30:65:f1:53:01:
         27:54:f8:73:36:6b:53:92:22:ec:1d:52:34:d2:a9:de:03:d5:
         85:d8:58:18:dc:eb:33:51:db:72:83:5f:25:78:41:f7:ea:4b:
         0f:28:d9:2d:a1:4a:79:85:9e:6c:ad:eb:ab:bc:60:06:dd:ec:
         69:5f:64:84:9c:15:0d:e9:e5:ed:fc:27:a1:42:32:27:9c:ea:
         5a:bc:3f:ad:d8:9a:a5:74:c0:6d:1a:d0:cd:20:64:11:3c:57:
         06:81:bb:a6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJAlG7Fk+OLntjuCJOM/w1GTsxcgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODAyMDAwMDAwWhcNMjQwOTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMDVkMzRjNDY5NjE1YjUwN2U4YWI3Y2Y3MzY5ZDYzMzNj
ZjAyZWE5MWNjZjY5NjY3ZmNlYzRjYmIzNTdmMzk4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdGpF3EwBfuwA/ga3dPuaxN9Hn0vqhb07SfYD6u9J1wIOW
Ut+OM8rA9cxSi0c+w72VCkQRBvCJPmTDwBAkdmJb4ceDhtA2EOFfS6XB/iFRckU4
5/J+kyLMosPUtCftVGvfRDhgZ/3NFI2j7IF5WErhZENC2IfTxgImZWJ2yz3uTLOR
ESeSVEpqq2m9WA79MFt+X00TH6lw1OOQedFLyLbESRDfCLPefVsoWwGA40T8Utng
Dz6mSpSW+C6JL4Z4rR0V7wSf0nuOR3C1FuP8o34OzKo717Nu2w5Utd0nFOfMlx1Z
7YRHYyuqfDKyUaVySiq2uUMbdZHiPLpeqXZHbSQ/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUurcDRLYrutLD13ZyztkKZOzkuXcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y3MzA0NDg3LTU3OWMtNGRlNS1iNWYxLTg4ODAyNzU5ZTBkZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK/Fxs82tHVlX5COFATzTQx4S+tw
g8S1svRkXZEYrApGFEOVv30hF/dy0SEfDzz9GOd+2Cx4q3FieNOawaSQl7A6svRL
paF7Z+y7R7PaPeNZH5mTE4AqBHJ2Vz5QGGkp8E2kzHhwkR19y0zQsRHR7/NhX1yW
0sFHhhKCNffbNzEsE0gstyTBMSzhMf/3q+YIWE1PbM6cN5I646eKZiUwZfFTASdU
+HM2a1OSIuwdUjTSqd4D1YXYWBjc6zNR23KDXyV4QffqSw8o2S2hSnmFnmyt66u8
YAbd7GlfZIScFQ3p5e38J6FCMiec6lq8P63YmqV0wG0a0M0gZBE8VwaBu6Y=
-----END CERTIFICATE-----