Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb8ef332-4d69-4379-8a8f-1325186c3e26.roa
File:                     fb8ef332-4d69-4379-8a8f-1325186c3e26.roa (raw, json)
Hash identifier:          S6Qg7iXIXL7AU2yFlsVOUbv2A6VV9YZacTheCJ2jxWY=
Subject key identifier:   70:D7:D5:C5:F3:A4:7A:EE:04:86:F1:8B:75:79:5F:96:CE:F2:32:C4
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       563329681FB36414D5BF59C44D404D28E2B3EF9F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb8ef332-4d69-4379-8a8f-1325186c3e26.roa
Signing time:             Sun 01 Dec 2024 00:00:00 +0000
ROA not before:           Sun 01 Dec 2024 00:00:00 +0000
ROA not after:            Sun 05 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:33:29:68:1f:b3:64:14:d5:bf:59:c4:4d:40:4d:28:e2:b3:ef:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  1 00:00:00 2024 GMT
            Not After : Jan  5 23:59:59 2025 GMT
        Subject: serialNumber=475cff7b904de4c27f192f0f704f19d9e9fa721c39bdebfaf6b5451c211b82be, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a3:81:14:e6:56:0b:1d:8e:db:39:39:60:61:
                    24:a4:f4:2d:89:4b:ca:ce:d0:4c:1b:18:5b:77:d4:
                    76:e1:6b:5e:8b:34:94:32:c5:5c:ac:c0:da:24:b4:
                    54:ab:41:12:d9:ea:59:9c:38:80:67:90:eb:4a:7a:
                    ce:2d:ac:4d:7b:af:a7:0a:c0:0c:3f:ce:0d:be:77:
                    bc:93:97:5f:cc:8d:e6:e5:ac:ac:88:d8:9c:9a:62:
                    70:50:b7:4c:18:50:97:e3:77:bf:1d:c6:12:fd:22:
                    bf:08:66:d4:21:b6:51:0a:a4:e7:3e:0a:82:eb:b2:
                    fc:83:c7:7d:19:f3:4a:ab:9c:ca:e9:78:f0:b6:5e:
                    ec:25:c6:1e:dd:88:9b:55:cf:58:2a:b1:8f:6f:b7:
                    53:eb:50:fe:a9:ac:e9:f2:74:a7:b8:cc:d9:6f:27:
                    8a:31:a7:3e:07:9f:b7:c1:91:6d:da:58:a8:2d:71:
                    77:ec:22:59:a8:1b:65:51:92:3f:65:cd:65:4d:ce:
                    dc:c2:4a:dd:1b:a9:3a:f9:4d:13:ee:d3:8a:49:a3:
                    c9:bb:96:dd:a5:15:67:0a:8b:5a:bf:17:4c:35:ec:
                    1b:90:13:5f:72:05:53:a0:f5:26:ae:06:f5:78:55:
                    90:13:54:27:e7:7d:30:2c:6f:31:2d:9d:fb:4a:82:
                    57:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:D7:D5:C5:F3:A4:7A:EE:04:86:F1:8B:75:79:5F:96:CE:F2:32:C4
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb8ef332-4d69-4379-8a8f-1325186c3e26.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:b4:32:38:3b:4c:c4:1d:31:5c:43:15:74:ea:c7:44:31:67:
         c6:f4:57:67:8b:3b:4c:b9:4d:45:98:4c:b2:b7:41:8d:bd:f2:
         02:c8:85:86:34:8e:8e:16:84:81:b2:47:f6:d1:49:b1:41:eb:
         7e:36:8e:11:ad:ce:c1:16:98:1f:94:10:40:7f:1b:ce:d8:08:
         ce:6f:69:e1:7c:20:50:f3:34:2c:a3:c5:17:8e:2a:d8:2b:12:
         d8:b7:cd:e2:80:3c:b0:77:07:40:9f:97:57:d9:b8:6a:3a:87:
         25:d2:33:ba:c6:28:7a:59:f5:57:ae:41:b9:91:b8:2d:9f:d4:
         59:eb:59:9c:81:d8:1b:01:ab:06:c1:2a:a6:29:ef:ef:f6:27:
         74:57:89:9d:41:b8:62:2f:29:6d:ee:ce:03:fb:22:7f:0c:06:
         f1:a0:73:8d:91:46:a6:2a:82:96:04:7d:25:4e:57:cb:92:54:
         6f:36:58:4b:53:16:f2:e3:b8:9c:8a:f4:41:bb:48:75:a4:9a:
         f7:8b:3d:7d:89:0a:a1:18:2a:5f:6b:c9:14:c0:4c:7c:68:c8:
         62:30:e7:73:d6:66:f8:11:47:e0:6a:10:df:68:fe:45:f4:ba:
         de:a2:2e:3d:ef:21:af:ed:0d:a2:b1:a3:ca:93:4e:3e:5d:c2:
         a2:a4:dd:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVjMpaB+zZBTVv1nETUBNKOKz758wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjAxMDAwMDAwWhcNMjUwMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NzVjZmY3YjkwNGRlNGMyN2YxOTJmMGY3MDRmMTlkOWU5
ZmE3MjFjMzliZGViZmFmNmI1NDUxYzIxMWI4MmJlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmo4EU5lYLHY7bOTlgYSSk9C2JS8rO0EwbGFt31Hbha16L
NJQyxVyswNoktFSrQRLZ6lmcOIBnkOtKes4trE17r6cKwAw/zg2+d7yTl1/Mjebl
rKyI2JyaYnBQt0wYUJfjd78dxhL9Ir8IZtQhtlEKpOc+CoLrsvyDx30Z80qrnMrp
ePC2Xuwlxh7diJtVz1gqsY9vt1PrUP6prOnydKe4zNlvJ4oxpz4Hn7fBkW3aWKgt
cXfsIlmoG2VRkj9lzWVNztzCSt0bqTr5TRPu04pJo8m7lt2lFWcKi1q/F0w17BuQ
E19yBVOg9SauBvV4VZATVCfnfTAsbzEtnftKglfdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcNfVxfOkeu4EhvGLdXlfls7yMsQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZiOGVmMzMyLTRkNjktNDM3OS04YThmLTEzMjUxODZjM2UyNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK60Mjg7TMQdMVxDFXTqx0QxZ8b0
V2eLO0y5TUWYTLK3QY298gLIhYY0jo4WhIGyR/bRSbFB6342jhGtzsEWmB+UEEB/
G87YCM5vaeF8IFDzNCyjxReOKtgrEti3zeKAPLB3B0Cfl1fZuGo6hyXSM7rGKHpZ
9VeuQbmRuC2f1FnrWZyB2BsBqwbBKqYp7+/2J3RXiZ1BuGIvKW3uzgP7In8MBvGg
c42RRqYqgpYEfSVOV8uSVG82WEtTFvLjuJyK9EG7SHWkmveLPX2JCqEYKl9ryRTA
THxoyGIw53PWZvgRR+BqEN9o/kX0ut6iLj3vIa/tDaKxo8qTTj5dwqKk3R4=
-----END CERTIFICATE-----