Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd312376-a4b8-439d-8311-7800a19a0955.roa
File:                     fd312376-a4b8-439d-8311-7800a19a0955.roa (raw, json)
Hash identifier:          +y78ZR+EtSejmygj+MbK9EAR/gs50P7iaW0uN+MC/Ng=
Subject key identifier:   3E:2F:54:34:49:7D:A4:15:54:26:B1:C7:E2:E3:C0:2C:E1:24:89:F2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       32BBC2D61AA803333C1D0C4B3331C472BFEB556F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd312376-a4b8-439d-8311-7800a19a0955.roa
Signing time:             Sun 14 Jan 2024 00:00:00 +0000
ROA not before:           Sun 14 Jan 2024 00:00:00 +0000
ROA not after:            Sun 18 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:bb:c2:d6:1a:a8:03:33:3c:1d:0c:4b:33:31:c4:72:bf:eb:55:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 14 00:00:00 2024 GMT
            Not After : Feb 18 23:59:59 2024 GMT
        Subject: serialNumber=8a1fb40f6ecfc851f38c63b9a85f64eee7bce9e5ce9fcc80344be61bc0432406, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:55:0c:bc:dc:76:5d:71:65:f8:f6:75:89:ca:
                    66:1f:61:e0:24:86:aa:71:2d:9d:06:de:25:7a:be:
                    35:50:cf:d8:ba:af:8b:58:bd:55:92:f8:dc:c7:60:
                    00:4a:99:91:7c:4b:21:7c:c4:da:21:8b:3a:31:fd:
                    4b:0e:06:43:b6:a7:71:10:1e:2d:bd:b0:46:03:8c:
                    38:1d:b2:6f:bf:b3:f2:32:79:52:85:48:9a:e3:b8:
                    aa:47:0c:88:38:2b:78:2d:2f:3a:bf:1f:7d:51:c0:
                    94:0f:af:3d:cf:19:cc:c6:37:61:1f:8b:a2:9b:46:
                    03:ff:2e:51:61:d6:cb:81:3b:32:51:e9:d5:28:4f:
                    a4:1b:0c:5f:68:b1:79:bd:98:48:c6:12:25:53:62:
                    7e:2b:07:52:af:2f:d6:9d:cc:d8:c8:1c:05:cf:8b:
                    29:4f:d9:f6:68:2b:64:94:64:08:4a:bb:c1:a9:93:
                    ce:33:c1:f9:15:81:d8:a8:e3:e7:8b:15:09:61:65:
                    57:38:ee:81:ef:fa:5d:0f:e8:20:49:2f:f1:54:5f:
                    86:17:83:b5:2d:c0:96:99:77:c7:cb:04:8d:55:67:
                    8f:68:40:8f:e7:d7:29:e8:1f:1d:76:aa:e9:44:90:
                    55:3a:d3:ae:53:1e:69:3d:1b:5f:95:c5:f0:17:8f:
                    d8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:2F:54:34:49:7D:A4:15:54:26:B1:C7:E2:E3:C0:2C:E1:24:89:F2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd312376-a4b8-439d-8311-7800a19a0955.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:73:e9:01:a0:54:3b:ed:5e:8c:84:45:f6:da:bd:02:e8:fc:
         97:c9:13:43:69:ca:2b:05:81:09:30:bb:10:27:15:15:d1:5c:
         aa:ed:fa:c1:df:fd:79:7e:5c:5d:9b:d9:98:c1:37:54:55:2f:
         9b:38:f8:f4:0c:cf:4c:5a:26:68:bc:02:d4:e7:b8:15:1f:9b:
         4c:f8:e0:93:e4:0a:56:64:2d:64:b7:a7:54:b7:b7:ee:cd:1b:
         e3:8b:4b:fc:b0:f6:a7:ff:4f:72:19:c2:57:cb:f9:39:d2:26:
         16:bc:c9:d9:39:5b:3f:91:92:6b:36:57:0d:73:e9:00:88:97:
         26:21:fd:df:6f:58:40:df:99:21:40:35:59:ae:38:0d:30:bf:
         5d:8a:d8:cd:1a:77:58:65:53:09:b8:d4:56:ce:bb:bb:cd:09:
         7a:a0:2c:bb:7a:7d:9b:09:92:1f:7a:f9:83:df:ec:e7:3a:83:
         a1:0b:d3:dc:ec:f1:e5:ed:78:53:8f:f5:30:fb:88:04:cd:97:
         b7:cc:e7:0a:e5:91:e3:92:c2:8c:35:a3:24:42:20:7a:c0:d7:
         2f:38:c5:0d:56:29:64:40:14:32:4e:cf:0c:00:cb:b3:6e:45:
         a9:5f:8c:a8:17:75:00:95:8a:d7:1d:68:cd:95:6a:5e:d7:1c:
         5d:55:62:4a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMrvC1hqoAzM8HQxLMzHEcr/rVW8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTE0MDAwMDAwWhcNMjQwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YTFmYjQwZjZlY2ZjODUxZjM4YzYzYjlhODVmNjRlZWU3
YmNlOWU1Y2U5ZmNjODAzNDRiZTYxYmMwNDMyNDA2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjVQy83HZdcWX49nWJymYfYeAkhqpxLZ0G3iV6vjVQz9i6
r4tYvVWS+NzHYABKmZF8SyF8xNohizox/UsOBkO2p3EQHi29sEYDjDgdsm+/s/Iy
eVKFSJrjuKpHDIg4K3gtLzq/H31RwJQPrz3PGczGN2Efi6KbRgP/LlFh1suBOzJR
6dUoT6QbDF9osXm9mEjGEiVTYn4rB1KvL9adzNjIHAXPiylP2fZoK2SUZAhKu8Gp
k84zwfkVgdio4+eLFQlhZVc47oHv+l0P6CBJL/FUX4YXg7UtwJaZd8fLBI1VZ49o
QI/n1ynoHx12qulEkFU6065THmk9G1+VxfAXj9gzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPi9UNEl9pBVUJrHH4uPALOEkifIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZkMzEyMzc2LWE0YjgtNDM5ZC04MzExLTc4MDBhMTlhMDk1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALZz6QGgVDvtXoyERfbavQLo/JfJ
E0NpyisFgQkwuxAnFRXRXKrt+sHf/Xl+XF2b2ZjBN1RVL5s4+PQMz0xaJmi8AtTn
uBUfm0z44JPkClZkLWS3p1S3t+7NG+OLS/yw9qf/T3IZwlfL+TnSJha8ydk5Wz+R
kms2Vw1z6QCIlyYh/d9vWEDfmSFANVmuOA0wv12K2M0ad1hlUwm41FbOu7vNCXqg
LLt6fZsJkh96+YPf7Oc6g6EL09zs8eXteFOP9TD7iATNl7fM5wrlkeOSwow1oyRC
IHrA1y84xQ1WKWRAFDJOzwwAy7NuRalfjKgXdQCVitcdaM2Val7XHF1VYko=
-----END CERTIFICATE-----