Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fc742796-2d67-457b-8fbd-e0ed17a2ba4c.roa
File:                     fc742796-2d67-457b-8fbd-e0ed17a2ba4c.roa (raw, json)
Hash identifier:          VN8EQ9MgQbmJuXzAyZK8YpsMkKiPPAMu2QTh29S5H2o=
Subject key identifier:   01:EC:12:62:75:CE:79:31:A6:4F:9C:4D:B2:B4:1C:E4:3D:95:F9:61
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       04CF65A2350BFDCC385B9AFC4A3C410CAC4BC9B1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fc742796-2d67-457b-8fbd-e0ed17a2ba4c.roa
Signing time:             Sat 23 Nov 2024 00:00:00 +0000
ROA not before:           Sat 23 Nov 2024 00:00:00 +0000
ROA not after:            Sat 28 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:cf:65:a2:35:0b:fd:cc:38:5b:9a:fc:4a:3c:41:0c:ac:4b:c9:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 23 00:00:00 2024 GMT
            Not After : Dec 28 23:59:59 2024 GMT
        Subject: serialNumber=07076667e12c275fa3a97815b3644c68dbea7e6e0927a6f508a41e4370cd3485, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8b:0c:38:3c:27:84:0a:c3:a0:03:2e:d1:87:
                    f2:d5:ac:6c:cf:b5:c3:06:b6:97:9e:e9:fb:57:2e:
                    0f:8b:92:b0:cb:69:92:d1:a0:4a:3b:22:0d:30:79:
                    e5:19:8d:84:53:f5:fa:4d:81:c3:6e:b1:dd:35:fc:
                    85:87:36:d2:cb:37:be:08:96:ce:f9:82:a7:d8:5a:
                    32:be:af:34:dd:cf:a0:07:6d:3a:4e:87:76:ee:c4:
                    1f:a1:24:29:b4:af:80:d3:30:14:6c:b6:1f:2e:f4:
                    34:6e:d4:11:4b:7c:2d:81:44:92:eb:55:d0:b0:f3:
                    5c:c7:20:23:af:12:20:29:af:cd:57:24:85:8a:a5:
                    85:35:f1:be:2c:08:88:82:3c:43:cf:ba:f8:3f:f0:
                    5c:91:c7:dc:7a:67:69:72:0e:c0:88:da:c2:ab:90:
                    46:2c:c4:08:ff:42:4a:c5:4c:e9:74:e7:03:34:e6:
                    4e:77:95:6c:85:68:ac:93:d0:45:07:75:64:c1:64:
                    ac:98:a4:0d:08:2f:df:b3:b8:82:0e:fc:f1:d4:9d:
                    09:51:d8:4a:23:b4:7c:08:d4:06:5d:81:8d:62:3d:
                    2e:86:10:e6:15:0a:fe:38:c2:35:87:af:9f:d9:d8:
                    e8:9c:02:bc:3b:72:aa:aa:10:43:f7:af:1e:f1:ef:
                    49:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:EC:12:62:75:CE:79:31:A6:4F:9C:4D:B2:B4:1C:E4:3D:95:F9:61
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fc742796-2d67-457b-8fbd-e0ed17a2ba4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:3b:78:17:c8:c0:9d:61:19:be:b6:80:35:1d:f1:9e:aa:89:
         55:07:a7:f9:2b:05:8b:37:5c:71:cd:e0:62:68:15:6a:79:62:
         23:3a:38:ba:b2:cf:57:f5:c9:b2:d3:7a:56:05:d9:80:96:86:
         78:b2:bc:8b:7c:80:c1:e2:89:70:41:74:56:62:ff:bc:35:bd:
         12:43:54:68:1b:e7:c2:39:15:1d:7d:d7:39:56:9a:4c:bf:a0:
         6a:6c:4e:67:6e:9f:ff:96:b1:4a:67:98:8f:86:3c:ee:7d:f0:
         cf:7e:3e:d5:27:9d:d4:1e:06:ff:f8:1d:31:23:1a:ca:b2:35:
         0b:6c:11:2f:c8:24:d3:5d:9b:f7:2d:91:08:f0:90:94:b0:50:
         7d:63:ee:c1:97:e9:9a:29:88:aa:d9:75:df:83:4f:73:77:0b:
         05:2d:f9:8b:a6:a2:9a:c3:6f:61:a1:f8:c8:93:f5:d8:82:c2:
         c8:88:d1:b8:e2:04:f4:8e:c3:f0:1d:0e:bd:98:b2:4b:93:0f:
         d5:92:94:bf:72:39:dd:79:8d:36:ff:8c:56:24:ed:d5:1b:4b:
         ea:91:ce:0c:8a:ab:30:b5:92:2d:7a:1c:d0:54:13:c5:e7:e0:
         35:a0:47:ab:8e:f6:03:cc:a2:fd:4b:39:05:54:d8:66:26:a6:
         4d:32:20:39
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBM9lojUL/cw4W5r8SjxBDKxLybEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTIzMDAwMDAwWhcNMjQxMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzA3NjY2N2UxMmMyNzVmYTNhOTc4MTViMzY0NGM2OGRi
ZWE3ZTZlMDkyN2E2ZjUwOGE0MWU0MzcwY2QzNDg1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqiww4PCeECsOgAy7Rh/LVrGzPtcMGtpee6ftXLg+LkrDL
aZLRoEo7Ig0weeUZjYRT9fpNgcNusd01/IWHNtLLN74Ils75gqfYWjK+rzTdz6AH
bTpOh3buxB+hJCm0r4DTMBRsth8u9DRu1BFLfC2BRJLrVdCw81zHICOvEiApr81X
JIWKpYU18b4sCIiCPEPPuvg/8FyRx9x6Z2lyDsCI2sKrkEYsxAj/QkrFTOl05wM0
5k53lWyFaKyT0EUHdWTBZKyYpA0IL9+zuIIO/PHUnQlR2EojtHwI1AZdgY1iPS6G
EOYVCv44wjWHr5/Z2OicArw7cqqqEEP3rx7x70m7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAewSYnXOeTGmT5xNsrQc5D2V+WEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZjNzQyNzk2LTJkNjctNDU3Yi04ZmJkLWUwZWQxN2EyYmE0Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJw7eBfIwJ1hGb62gDUd8Z6qiVUH
p/krBYs3XHHN4GJoFWp5YiM6OLqyz1f1ybLTelYF2YCWhniyvIt8gMHiiXBBdFZi
/7w1vRJDVGgb58I5FR191zlWmky/oGpsTmdun/+WsUpnmI+GPO598M9+PtUnndQe
Bv/4HTEjGsqyNQtsES/IJNNdm/ctkQjwkJSwUH1j7sGX6ZopiKrZdd+DT3N3CwUt
+YumoprDb2Gh+MiT9diCwsiI0bjiBPSOw/AdDr2YskuTD9WSlL9yOd15jTb/jFYk
7dUbS+qRzgyKqzC1ki16HNBUE8Xn4DWgR6uO9gPMov1LOQVU2GYmpk0yIDk=
-----END CERTIFICATE-----