Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fbdbbd07-7316-47dd-980d-683ea201c5eb.roa
File:                     fbdbbd07-7316-47dd-980d-683ea201c5eb.roa (raw, json)
Hash identifier:          W8OeKR0gup2KaphVVgJIRW2afRsgbW0H6Vg/xW3qiuY=
Subject key identifier:   EE:89:5E:B3:E4:2D:32:2F:3A:FE:E7:CD:F6:4C:1D:6F:1B:BD:1F:A5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       637BCE461D0969D1F82EE460F7EDD53C79A5FF6D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fbdbbd07-7316-47dd-980d-683ea201c5eb.roa
Signing time:             Fri 19 Jul 2024 00:00:00 +0000
ROA not before:           Fri 19 Jul 2024 00:00:00 +0000
ROA not after:            Fri 23 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:7b:ce:46:1d:09:69:d1:f8:2e:e4:60:f7:ed:d5:3c:79:a5:ff:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 19 00:00:00 2024 GMT
            Not After : Aug 23 23:59:59 2024 GMT
        Subject: serialNumber=d6d7d1f0cf9e746b1b47d17a84e3eafa4b3385729ade8179b4b38a860f0f2d5e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:24:81:2f:24:5a:8d:e5:6f:2d:7c:77:53:38:
                    88:71:c8:37:73:ed:41:6b:13:75:c4:b4:d2:13:34:
                    d1:83:48:f1:60:90:f1:57:90:87:ff:05:9a:4d:3a:
                    a5:61:f0:98:c0:5a:8d:12:7b:97:22:cd:d6:eb:41:
                    59:52:41:91:69:90:01:90:e1:14:a3:0f:85:24:83:
                    51:9c:09:8b:24:41:28:38:9b:d0:7c:13:40:79:33:
                    9e:73:14:33:3c:dd:88:fa:65:87:b4:e5:64:e8:1c:
                    37:d0:af:7f:db:64:48:bc:d2:58:f5:c1:5a:79:fa:
                    3e:5e:41:da:42:fa:43:99:e0:58:cb:fe:81:e4:10:
                    74:69:42:29:ef:a1:83:51:0f:30:0b:3c:ed:bc:3d:
                    6f:a0:cd:ed:3a:5c:39:09:11:74:aa:a2:85:70:68:
                    bb:9d:06:dc:0e:fa:3b:60:32:ae:c4:f2:2f:ae:91:
                    e8:8a:dc:ee:05:86:46:ea:41:ef:3a:44:53:a9:d9:
                    e1:d8:d2:3c:73:e6:43:50:53:ea:d4:00:42:e0:de:
                    d6:45:57:29:c1:41:4c:39:e2:05:ae:b0:db:68:c5:
                    71:fe:db:59:30:50:75:15:6d:f8:51:dc:94:09:1f:
                    dc:5b:14:38:e5:90:12:f2:48:1e:2c:4a:57:ba:50:
                    17:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:89:5E:B3:E4:2D:32:2F:3A:FE:E7:CD:F6:4C:1D:6F:1B:BD:1F:A5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fbdbbd07-7316-47dd-980d-683ea201c5eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:69:94:f4:42:ae:bf:3b:4e:9a:74:58:f4:6e:ff:e7:fd:e9:
         48:74:91:99:17:81:3b:28:82:32:f0:e1:6a:f5:61:f2:80:cc:
         f6:20:b3:bd:36:8c:ec:f7:e1:f0:13:fd:e0:18:52:12:e3:ee:
         97:25:fd:4e:0e:0e:c6:b3:46:7b:94:88:1d:13:8d:d2:03:5a:
         ab:5e:ab:f0:ca:42:8b:22:ad:e5:98:95:fe:bc:4b:52:c9:8c:
         4a:4d:47:91:cd:f1:e1:18:33:cd:b1:75:82:be:ff:ba:23:e0:
         0b:cf:ed:f5:1b:05:e3:21:28:9e:2a:bc:67:0a:2b:af:c3:18:
         3f:bc:a6:76:0a:f1:18:7f:ab:4a:c7:03:f1:04:53:ae:67:6f:
         87:66:04:a7:1b:ba:4b:41:99:f5:b0:d3:df:cb:b6:97:ed:f9:
         f1:4e:97:a9:45:fa:aa:ac:6a:a6:bf:53:44:ec:c1:b3:e8:c6:
         bd:96:66:74:df:b7:2d:dd:8f:a1:03:23:b1:12:fd:5a:6c:15:
         58:33:a7:4d:26:a4:6f:81:7f:34:b4:f6:6c:33:1c:05:af:3c:
         b9:7d:d9:25:ab:55:05:ff:19:0d:03:1e:2d:49:86:d7:29:f3:
         9e:95:83:69:cd:16:ff:96:e5:de:fb:d2:97:e0:e0:d8:da:6b:
         73:23:19:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY3vORh0JadH4LuRg9+3VPHml/20wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzE5MDAwMDAwWhcNMjQwODIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNmQ3ZDFmMGNmOWU3NDZiMWI0N2QxN2E4NGUzZWFmYTRi
MzM4NTcyOWFkZTgxNzliNGIzOGE4NjBmMGYyZDVlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvJIEvJFqN5W8tfHdTOIhxyDdz7UFrE3XEtNITNNGDSPFg
kPFXkIf/BZpNOqVh8JjAWo0Se5cizdbrQVlSQZFpkAGQ4RSjD4Ukg1GcCYskQSg4
m9B8E0B5M55zFDM83Yj6ZYe05WToHDfQr3/bZEi80lj1wVp5+j5eQdpC+kOZ4FjL
/oHkEHRpQinvoYNRDzALPO28PW+gze06XDkJEXSqooVwaLudBtwO+jtgMq7E8i+u
keiK3O4FhkbqQe86RFOp2eHY0jxz5kNQU+rUAELg3tZFVynBQUw54gWusNtoxXH+
21kwUHUVbfhR3JQJH9xbFDjlkBLySB4sSle6UBcFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7oles+QtMi86/ufN9kwdbxu9H6UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZiZGJiZDA3LTczMTYtNDdkZC05ODBkLTY4M2VhMjAxYzVlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABpplPRCrr87Tpp0WPRu/+f96Uh0
kZkXgTsogjLw4Wr1YfKAzPYgs702jOz34fAT/eAYUhLj7pcl/U4ODsazRnuUiB0T
jdIDWqteq/DKQosireWYlf68S1LJjEpNR5HN8eEYM82xdYK+/7oj4AvP7fUbBeMh
KJ4qvGcKK6/DGD+8pnYK8Rh/q0rHA/EEU65nb4dmBKcbuktBmfWw09/Ltpft+fFO
l6lF+qqsaqa/U0TswbPoxr2WZnTfty3dj6EDI7ES/VpsFVgzp00mpG+BfzS09mwz
HAWvPLl92SWrVQX/GQ0DHi1Jhtcp856Vg2nNFv+W5d770pfg4Njaa3MjGUY=
-----END CERTIFICATE-----