Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd08574b-2562-4847-82b0-b956deaaadbb.roa
File:                     fd08574b-2562-4847-82b0-b956deaaadbb.roa (raw, json)
Hash identifier:          hnb3BIaryhrsFpv6PMCy+fkgGR5+SMR/q+dh8ks/0sk=
Subject key identifier:   88:CC:E4:39:32:FA:D0:03:C9:B6:74:7D:81:21:79:79:D0:07:30:37
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2B1AD0A3B66F102A531C65A36373E59845EB900C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd08574b-2562-4847-82b0-b956deaaadbb.roa
Signing time:             Tue 30 Jan 2024 00:00:00 +0000
ROA not before:           Tue 30 Jan 2024 00:00:00 +0000
ROA not after:            Tue 05 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:1a:d0:a3:b6:6f:10:2a:53:1c:65:a3:63:73:e5:98:45:eb:90:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 30 00:00:00 2024 GMT
            Not After : Mar  5 23:59:59 2024 GMT
        Subject: serialNumber=3b837946891eba6d44cff34cb2423eb9f217e52bf35369dc247a3c7b7469ee45, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:12:6a:70:6b:03:91:dd:cb:92:c9:2d:13:a1:
                    af:75:73:15:80:c7:40:4b:e6:23:e1:2d:ed:f2:ea:
                    e2:43:61:04:32:0e:62:2c:09:d7:0b:3d:07:f4:79:
                    51:c9:3d:f3:0a:01:ff:15:46:6e:8a:6c:60:8e:01:
                    5b:bd:06:4e:6e:fd:96:62:08:3b:07:c6:5b:14:fa:
                    1d:04:86:51:3a:24:e7:13:8f:12:21:74:a3:b3:61:
                    94:f5:d2:ef:1e:32:7f:fe:0e:04:76:a9:b9:db:90:
                    2a:ca:59:f8:e5:c8:9e:5f:44:1b:7d:7f:f0:72:65:
                    ae:c6:c1:ef:65:8f:a6:3c:56:d3:c0:88:e5:f6:42:
                    f8:1c:35:cf:8e:57:e3:2c:38:ec:be:81:50:ed:24:
                    e5:17:89:f7:58:c1:24:99:64:88:4a:74:d8:55:17:
                    59:60:da:93:db:62:e4:ab:a8:28:7c:b1:7d:e3:65:
                    d3:29:77:15:43:76:f6:2d:32:c4:63:eb:ca:f3:ba:
                    22:2f:9b:35:75:42:18:09:f7:ec:b3:76:0e:0b:60:
                    b7:19:d9:72:47:00:a6:4c:06:aa:4a:0f:c6:28:d5:
                    5e:c9:90:11:04:43:60:55:bc:23:56:1a:c1:40:c9:
                    77:7e:f6:b6:b1:ad:e4:3f:2b:79:ed:2f:7b:e3:2c:
                    98:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:CC:E4:39:32:FA:D0:03:C9:B6:74:7D:81:21:79:79:D0:07:30:37
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd08574b-2562-4847-82b0-b956deaaadbb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:fa:87:3c:7c:7c:62:32:c0:f0:4f:7e:b2:7a:b0:c8:d5:04:
         25:dc:44:09:67:fe:ee:18:89:b5:11:93:91:0f:32:d8:6a:b5:
         c5:7c:f8:a5:23:e9:eb:23:b9:f7:43:2d:7d:18:88:f4:42:35:
         cc:75:e6:1d:3c:0e:fe:fe:eb:d8:bf:a4:7b:15:4c:18:bc:4a:
         72:3d:9e:39:cf:21:a9:5f:d4:c9:a9:78:7e:93:58:44:59:55:
         2b:f6:40:b5:39:94:0b:9d:7d:0a:c6:b0:ed:bc:54:24:c2:3a:
         00:71:39:c2:2c:bd:41:c2:84:bc:03:70:c1:0b:2f:58:8e:d2:
         42:40:18:8f:6c:70:50:a5:58:c8:48:ef:7c:62:2d:61:61:29:
         c0:b5:72:b7:dc:c7:9c:d0:53:aa:fb:59:8f:d6:23:d7:77:9c:
         63:05:f9:e8:00:c0:86:d6:96:2a:48:2a:09:06:e8:46:77:60:
         cd:37:54:a2:9b:99:6e:0b:31:72:f6:af:6e:cb:bc:a2:28:ad:
         70:7d:26:0b:af:0f:e7:fd:1b:c4:ad:51:c2:4a:5e:74:a8:b0:
         9d:0a:63:29:49:f7:ec:bf:70:55:f7:bf:de:cc:a4:f9:01:9c:
         94:6f:55:fd:61:33:ec:05:a7:a9:d8:6e:6c:58:12:ad:71:5a:
         42:63:38:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKxrQo7ZvECpTHGWjY3PlmEXrkAwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTMwMDAwMDAwWhcNMjQwMzA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYjgzNzk0Njg5MWViYTZkNDRjZmYzNGNiMjQyM2ViOWYy
MTdlNTJiZjM1MzY5ZGMyNDdhM2M3Yjc0NjllZTQ1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpEmpwawOR3cuSyS0Toa91cxWAx0BL5iPhLe3y6uJDYQQy
DmIsCdcLPQf0eVHJPfMKAf8VRm6KbGCOAVu9Bk5u/ZZiCDsHxlsU+h0EhlE6JOcT
jxIhdKOzYZT10u8eMn/+DgR2qbnbkCrKWfjlyJ5fRBt9f/ByZa7Gwe9lj6Y8VtPA
iOX2QvgcNc+OV+MsOOy+gVDtJOUXifdYwSSZZIhKdNhVF1lg2pPbYuSrqCh8sX3j
ZdMpdxVDdvYtMsRj68rzuiIvmzV1QhgJ9+yzdg4LYLcZ2XJHAKZMBqpKD8Yo1V7J
kBEEQ2BVvCNWGsFAyXd+9raxreQ/K3ntL3vjLJjzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiMzkOTL60APJtnR9gSF5edAHMDcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZkMDg1NzRiLTI1NjItNDg0Ny04MmIwLWI5NTZkZWFhYWRiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABT6hzx8fGIywPBPfrJ6sMjVBCXc
RAln/u4YibURk5EPMthqtcV8+KUj6esjufdDLX0YiPRCNcx15h08Dv7+69i/pHsV
TBi8SnI9njnPIalf1MmpeH6TWERZVSv2QLU5lAudfQrGsO28VCTCOgBxOcIsvUHC
hLwDcMELL1iO0kJAGI9scFClWMhI73xiLWFhKcC1crfcx5zQU6r7WY/WI9d3nGMF
+egAwIbWlipIKgkG6EZ3YM03VKKbmW4LMXL2r27LvKIorXB9JguvD+f9G8StUcJK
XnSosJ0KYylJ9+y/cFX3v97MpPkBnJRvVf1hM+wFp6nYbmxYEq1xWkJjOB8=
-----END CERTIFICATE-----