Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/55687ec6-f1c2-4a89-a46c-f69b3d569a7a.roa
File:                     55687ec6-f1c2-4a89-a46c-f69b3d569a7a.roa (raw, json)
Hash identifier:          sPdt+s7EJ/gQa0f7nyuoNu8kmMRXILeSqZDXswfCqDo=
Subject key identifier:   F9:EB:EB:CE:A2:BD:C4:18:9D:92:2D:A4:29:F3:71:7D:8A:67:A3:FE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       299BEC2C766AAB354F091516B176EF6A8662C813
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/55687ec6-f1c2-4a89-a46c-f69b3d569a7a.roa
Signing time:             Fri 20 Sep 2024 00:00:00 +0000
ROA not before:           Fri 20 Sep 2024 00:00:00 +0000
ROA not after:            Fri 25 Oct 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:9b:ec:2c:76:6a:ab:35:4f:09:15:16:b1:76:ef:6a:86:62:c8:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 20 00:00:00 2024 GMT
            Not After : Oct 25 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b7:5f:34:18:68:c6:78:09:44:42:e1:39:17:
                    ce:a4:41:47:c9:89:1f:4e:78:fa:e2:7e:df:b2:ed:
                    3c:51:9b:5b:9a:09:28:3c:54:c8:05:72:7e:0f:7d:
                    08:e4:c7:ff:16:03:d0:de:fa:20:2e:a6:c1:b8:d4:
                    81:be:ae:d0:a3:51:92:61:ee:64:13:d2:d3:d5:08:
                    e8:8a:b5:7f:30:d3:90:36:69:a0:82:b0:17:6e:d6:
                    3b:49:c2:19:6b:e8:1e:3f:8e:18:e6:71:ad:c4:32:
                    b8:dc:9f:b5:6b:3c:19:95:fc:90:fe:a0:2e:69:56:
                    1d:f4:c4:1c:b0:83:08:73:9d:24:d7:1e:b6:e3:4f:
                    60:94:ff:df:f6:33:cd:ae:28:1e:9b:77:69:ba:5e:
                    16:e5:6d:c9:b9:fb:31:30:e4:d7:dc:d6:b0:e7:6a:
                    4d:5b:99:12:c5:f0:aa:a5:1a:8b:0f:37:a9:b7:af:
                    40:e6:57:48:c1:1a:98:f3:e4:3c:42:a7:96:5b:5c:
                    e8:9b:b7:08:e6:9b:5d:ba:cd:a6:ec:4d:bf:99:7b:
                    4b:f1:6f:e7:88:8d:b1:e1:e4:dd:ae:a0:29:c9:68:
                    12:9d:df:8d:61:e8:12:77:46:dc:8d:35:d9:fa:a7:
                    28:14:f9:37:10:ea:ef:da:d2:47:9e:78:ea:e6:e7:
                    4c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:EB:EB:CE:A2:BD:C4:18:9D:92:2D:A4:29:F3:71:7D:8A:67:A3:FE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/55687ec6-f1c2-4a89-a46c-f69b3d569a7a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:01:ab:81:ec:9e:5b:28:f4:04:ed:e0:79:6d:da:1b:5f:b0:
         34:b2:dc:9e:9d:d7:51:65:dd:ea:2f:57:24:42:ae:31:ff:6e:
         8b:b3:9e:ff:3a:a6:75:34:bd:9a:20:5f:05:1e:05:4a:f2:57:
         5c:3f:fd:d4:db:de:b7:98:f6:18:6e:80:d1:12:97:97:71:22:
         0b:cd:cd:e2:78:99:46:91:35:03:8f:e4:95:7a:82:6b:9a:1d:
         e8:43:87:5c:7c:d3:c6:f3:64:15:53:c9:36:1f:76:ab:13:ad:
         59:b9:36:33:8e:86:88:47:99:0b:3d:8d:ae:da:fd:97:c6:ad:
         83:31:97:dd:41:f0:39:31:45:54:64:ac:95:cd:bd:ef:1b:8b:
         a4:17:5e:b3:52:55:bc:36:73:54:43:d9:f9:da:32:46:7e:e3:
         09:15:58:7d:cf:a9:5c:14:87:b7:ba:62:f5:89:e6:a0:1a:f1:
         e6:96:aa:f0:9c:47:f6:28:b3:c0:96:cb:8c:62:e1:c1:a0:3b:
         a3:47:a8:84:64:56:f2:b8:f1:ac:80:79:9e:62:40:05:b1:c8:
         df:da:0c:c0:48:d4:27:7f:0a:ac:e0:9e:9a:77:b2:d6:9d:c2:
         fa:be:f4:14:4b:eb:50:03:82:ea:dd:88:2a:58:dd:a5:d3:11:
         01:c9:c4:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKZvsLHZqqzVPCRUWsXbvaoZiyBMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwOTIwMDAwMDAwWhcNMjQxMDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTY0MGQ2YzA5ZjYzNWQ4NDJmMjg5NTA5MjAyNWI5ZTAz
NTZmYmMzNzc5OTVkN2I2NjAwODg0ODk2ZmU3Y2QzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXt180GGjGeAlEQuE5F86kQUfJiR9OePrift+y7TxRm1ua
CSg8VMgFcn4PfQjkx/8WA9De+iAupsG41IG+rtCjUZJh7mQT0tPVCOiKtX8w05A2
aaCCsBdu1jtJwhlr6B4/jhjmca3EMrjcn7VrPBmV/JD+oC5pVh30xBywgwhznSTX
HrbjT2CU/9/2M82uKB6bd2m6Xhblbcm5+zEw5Nfc1rDnak1bmRLF8KqlGosPN6m3
r0DmV0jBGpjz5DxCp5ZbXOibtwjmm126zabsTb+Ze0vxb+eIjbHh5N2uoCnJaBKd
341h6BJ3RtyNNdn6pygU+TcQ6u/a0keeeOrm50zfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+evrzqK9xBidki2kKfNxfYpno/4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU1Njg3ZWM2LWYxYzItNGE4OS1hNDZjLWY2OWIzZDU2OWE3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHsBq4Hsnlso9ATt4Hlt2htfsDSy
3J6d11Fl3eovVyRCrjH/bouznv86pnU0vZogXwUeBUryV1w//dTb3reY9hhugNES
l5dxIgvNzeJ4mUaRNQOP5JV6gmuaHehDh1x808bzZBVTyTYfdqsTrVm5NjOOhohH
mQs9ja7a/ZfGrYMxl91B8DkxRVRkrJXNve8bi6QXXrNSVbw2c1RD2fnaMkZ+4wkV
WH3PqVwUh7e6YvWJ5qAa8eaWqvCcR/Yos8CWy4xi4cGgO6NHqIRkVvK48ayAeZ5i
QAWxyN/aDMBI1Cd/Cqzgnpp3stadwvq+9BRL61ADgurdiCpY3aXTEQHJxN8=
-----END CERTIFICATE-----