Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8bccf286-c39d-4eca-a44f-d7814f5446fa.roa
File:                     8bccf286-c39d-4eca-a44f-d7814f5446fa.roa (raw, json)
Hash identifier:          MNalwJIySB0/A7L/gluUaJt2T0BlqVTgF8ZRuOIVbj0=
Subject key identifier:   1C:38:ED:9C:6D:B6:74:B0:87:CA:64:35:60:03:6A:59:77:EE:A2:89
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       32314A3F2BB72D218C37678CC450E38DD8C2D469
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8bccf286-c39d-4eca-a44f-d7814f5446fa.roa
Signing time:             Sat 21 Dec 2024 00:00:00 +0000
ROA not before:           Sat 21 Dec 2024 00:00:00 +0000
ROA not after:            Sat 25 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:31:4a:3f:2b:b7:2d:21:8c:37:67:8c:c4:50:e3:8d:d8:c2:d4:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 21 00:00:00 2024 GMT
            Not After : Jan 25 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2b:f9:f3:f6:1d:38:d4:94:65:dc:39:5b:d4:
                    bf:d9:54:3c:6d:41:e3:fb:b2:54:c7:f0:8b:67:33:
                    53:20:b4:4e:f2:90:b2:2d:3c:eb:b1:db:b2:f3:dd:
                    0d:37:e2:72:01:4a:0f:88:a3:0b:80:43:17:21:5c:
                    98:f8:ca:c6:68:8b:1d:61:13:d1:40:50:70:38:1e:
                    bc:55:1b:85:05:23:17:33:ab:f0:8b:4a:9e:17:b3:
                    70:07:1e:57:55:12:08:bc:47:6c:f4:c6:12:a1:ad:
                    cd:af:5a:20:09:00:c3:1d:69:41:cd:d2:52:f5:b1:
                    ad:27:11:ba:17:a7:44:f1:0e:66:50:07:88:40:e2:
                    fd:18:b7:53:57:2d:26:cb:c4:b3:97:f8:02:df:11:
                    70:0f:c6:51:50:21:1a:48:b9:db:91:e1:1b:b0:20:
                    bf:90:0f:15:c4:c5:23:27:cd:68:ec:c0:3e:b8:20:
                    5f:d4:2e:9e:8c:8e:0e:aa:ae:d1:63:93:83:60:cb:
                    98:05:d1:a2:03:75:4d:51:bd:b6:2a:99:1e:38:79:
                    8f:b2:bd:18:e4:32:d2:7e:9e:8f:4d:a4:da:4c:df:
                    46:24:4c:82:44:84:e4:91:90:24:7b:8a:80:4f:b9:
                    bc:a7:78:84:70:98:5d:cb:2d:57:88:01:53:d5:85:
                    8f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:38:ED:9C:6D:B6:74:B0:87:CA:64:35:60:03:6A:59:77:EE:A2:89
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8bccf286-c39d-4eca-a44f-d7814f5446fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:8d:c3:ac:13:9f:eb:f3:f6:49:ad:5e:53:6b:d1:a2:76:2c:
         a0:35:fa:ec:2d:30:ba:12:79:89:2b:83:6e:cb:9e:7c:3a:62:
         c4:0c:c1:32:b9:43:4d:2a:2c:d0:a6:64:44:a9:8e:2e:ca:97:
         fa:0c:45:07:56:c6:3a:27:e1:22:fd:12:09:28:ab:c2:31:64:
         ba:bd:b8:ce:e5:c4:9b:c9:d8:1f:fd:0b:b9:d6:5f:12:7a:73:
         a8:a5:8f:55:33:fb:a0:04:0c:02:46:be:55:af:91:c2:aa:b1:
         c2:c2:41:1d:c7:b8:06:fb:20:5b:17:55:d5:65:af:70:c5:e0:
         5a:47:4b:bb:01:67:cb:80:19:94:f9:50:50:dd:6e:56:c4:72:
         36:3a:34:90:7e:05:a4:97:4a:44:db:a3:58:2e:69:a5:db:4a:
         24:5a:b7:92:29:64:b7:bc:73:e3:1f:4f:c4:d3:40:67:e8:61:
         8c:74:e0:dd:36:24:1b:03:2e:28:7f:d8:b2:cb:5e:f1:14:a0:
         21:01:17:36:69:78:e0:c9:1f:50:b7:6d:d8:2c:d1:ef:15:b9:
         55:7d:b9:2a:18:0a:9c:85:e8:d7:5a:d4:2c:48:d3:44:0f:06:
         66:88:78:2b:ac:4a:59:d9:56:b8:c9:a9:72:38:30:cc:65:0c:
         d7:e6:29:0f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMjFKPyu3LSGMN2eMxFDjjdjC1GkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjIxMDAwMDAwWhcNMjUwMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZmE5MTdiZDVlYzhiM2E0MTNiNWI2ZmQ5MTMyOTljYTRh
ZjUzMzg2YWY2YWYwYWM0ZWM4NDBiMjIzZGU1N2YxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoK/nz9h041JRl3Dlb1L/ZVDxtQeP7slTH8ItnM1MgtE7y
kLItPOux27Lz3Q034nIBSg+IowuAQxchXJj4ysZoix1hE9FAUHA4HrxVG4UFIxcz
q/CLSp4Xs3AHHldVEgi8R2z0xhKhrc2vWiAJAMMdaUHN0lL1sa0nEboXp0TxDmZQ
B4hA4v0Yt1NXLSbLxLOX+ALfEXAPxlFQIRpIuduR4RuwIL+QDxXExSMnzWjswD64
IF/ULp6Mjg6qrtFjk4Ngy5gF0aIDdU1RvbYqmR44eY+yvRjkMtJ+no9NpNpM30Yk
TIJEhOSRkCR7ioBPubyneIRwmF3LLVeIAVPVhY/XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHDjtnG22dLCHymQ1YANqWXfuookwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhiY2NmMjg2LWMzOWQtNGVjYS1hNDRmLWQ3ODE0ZjU0NDZmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAByNw6wTn+vz9kmtXlNr0aJ2LKA1
+uwtMLoSeYkrg27Lnnw6YsQMwTK5Q00qLNCmZESpji7Kl/oMRQdWxjon4SL9Egko
q8IxZLq9uM7lxJvJ2B/9C7nWXxJ6c6ilj1Uz+6AEDAJGvlWvkcKqscLCQR3HuAb7
IFsXVdVlr3DF4FpHS7sBZ8uAGZT5UFDdblbEcjY6NJB+BaSXSkTbo1guaaXbSiRa
t5IpZLe8c+MfT8TTQGfoYYx04N02JBsDLih/2LLLXvEUoCEBFzZpeODJH1C3bdgs
0e8VuVV9uSoYCpyF6Nda1CxI00QPBmaIeCusSlnZVrjJqXI4MMxlDNfmKQ8=
-----END CERTIFICATE-----