Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82fa0828-14a7-4eb9-b030-9c9bfdc869ca.roa
File:                     82fa0828-14a7-4eb9-b030-9c9bfdc869ca.roa (raw, json)
Hash identifier:          736kjXWRPs/piutQk/wUbhLn1cEz+fENZDEkHBX0HnY=
Subject key identifier:   5D:7B:47:8A:E6:E3:3F:E4:41:AD:F4:4F:40:4C:18:55:82:81:B2:6E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2E6ED132C45D1AC541170D187FF6B1C0AAB3D5FF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82fa0828-14a7-4eb9-b030-9c9bfdc869ca.roa
Signing time:             Thu 31 Aug 2023 00:00:00 +0000
ROA not before:           Thu 31 Aug 2023 00:00:00 +0000
ROA not after:            Thu 05 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:6e:d1:32:c4:5d:1a:c5:41:17:0d:18:7f:f6:b1:c0:aa:b3:d5:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 31 00:00:00 2023 GMT
            Not After : Oct  5 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:88:3e:ca:b6:bc:46:1a:59:33:de:88:79:8d:
                    04:6e:76:43:1e:1d:af:91:29:86:4b:50:36:ca:08:
                    25:9b:bc:b4:95:b7:dc:67:58:f1:5c:88:54:fa:30:
                    15:31:98:88:8d:ac:d1:04:8f:03:43:d6:e8:a6:57:
                    2b:1e:95:42:e7:36:cd:aa:76:bd:c7:04:64:87:3d:
                    a1:10:e2:54:9b:39:42:47:f1:56:8f:56:23:40:90:
                    aa:bb:26:2b:98:b2:20:12:ab:25:a6:c3:2a:fb:6a:
                    2e:fa:fb:60:9a:34:c2:9b:fa:59:e5:b8:f0:ce:ac:
                    9f:13:73:32:b3:1d:37:35:0e:1e:f8:fa:bb:a5:1a:
                    c3:0c:a1:28:3f:d0:57:16:ae:58:fd:ac:21:a4:9b:
                    38:6c:e4:ec:ee:d6:a0:94:b4:8a:6d:8c:a1:ce:c4:
                    b6:18:c1:27:7e:24:3c:98:ea:2d:ed:88:72:07:85:
                    af:1f:ba:26:c4:29:0f:c5:fd:f6:a2:c7:21:c9:a6:
                    b9:8d:a2:24:75:bc:2d:14:2e:a7:f0:6b:9e:7b:10:
                    ae:9a:70:d9:92:b1:77:4b:a3:0c:d2:9e:7a:67:77:
                    be:a3:3c:c1:91:8f:e6:41:1c:f2:88:0d:ca:23:8d:
                    60:3f:1a:d2:51:d0:9a:e0:05:65:d5:76:55:1b:3c:
                    85:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:7B:47:8A:E6:E3:3F:E4:41:AD:F4:4F:40:4C:18:55:82:81:B2:6E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82fa0828-14a7-4eb9-b030-9c9bfdc869ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:2c:b5:de:4e:0d:04:57:ee:ea:b9:d2:6a:b7:a1:e8:53:ab:
         18:e4:e3:c0:be:3b:18:bb:9f:7c:0d:7d:33:cc:c0:14:56:fd:
         42:15:91:10:48:e7:3c:ec:69:80:29:14:08:07:4a:16:c9:bd:
         21:d1:3f:50:34:03:f0:c2:db:6c:78:e2:c9:73:48:87:de:6d:
         1c:a7:40:77:84:10:c9:dc:d5:0e:bd:3e:13:6a:ea:0a:e3:59:
         80:c1:20:94:d0:34:ec:7c:23:41:e9:83:48:9f:5f:e2:23:59:
         83:18:65:06:85:03:06:2d:df:e1:6f:df:bc:56:96:d3:ba:11:
         24:e8:f7:e6:4a:a1:29:60:6c:e3:a1:48:9f:45:92:f2:03:c1:
         39:f9:4f:b5:0d:4d:d9:d4:fa:4f:4c:28:4f:c4:f0:b9:ce:18:
         2e:93:33:37:7c:15:53:d1:d7:db:b1:d1:38:15:88:bd:d1:60:
         05:d2:87:1e:28:86:ef:cd:b5:e8:95:e9:ca:2c:14:fa:eb:d3:
         0b:c6:e8:f3:ed:b2:aa:b4:d3:9d:5e:f7:7e:6b:ff:7e:8f:77:
         51:2a:b6:8d:34:15:10:ca:39:ae:b5:cd:ff:8a:fd:1d:5f:15:
         69:8c:3b:57:65:fa:83:46:29:f2:9c:7b:58:24:4e:60:95:61:
         6f:67:ea:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULm7RMsRdGsVBFw0Yf/axwKqz1f8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODMxMDAwMDAwWhcNMjMxMDA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzM2MzdhYmU1Zjg2ODNiNzVmOTA1NzI3OGM5MGY4NTE0
OWVmOTZiYzE1OWRjMTVmM2M4ODIxYjFkMmM1NTQzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWiD7KtrxGGlkz3oh5jQRudkMeHa+RKYZLUDbKCCWbvLSV
t9xnWPFciFT6MBUxmIiNrNEEjwND1uimVyselULnNs2qdr3HBGSHPaEQ4lSbOUJH
8VaPViNAkKq7JiuYsiASqyWmwyr7ai76+2CaNMKb+lnluPDOrJ8TczKzHTc1Dh74
+rulGsMMoSg/0FcWrlj9rCGkmzhs5Ozu1qCUtIptjKHOxLYYwSd+JDyY6i3tiHIH
ha8fuibEKQ/F/faixyHJprmNoiR1vC0ULqfwa557EK6acNmSsXdLowzSnnpnd76j
PMGRj+ZBHPKIDcojjWA/GtJR0JrgBWXVdlUbPIUxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXXtHiubjP+RBrfRPQEwYVYKBsm4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyZmEwODI4LTE0YTctNGViOS1iMDMwLTljOWJmZGM4NjljYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACIstd5ODQRX7uq50mq3oehTqxjk
48C+Oxi7n3wNfTPMwBRW/UIVkRBI5zzsaYApFAgHShbJvSHRP1A0A/DC22x44slz
SIfebRynQHeEEMnc1Q69PhNq6grjWYDBIJTQNOx8I0Hpg0ifX+IjWYMYZQaFAwYt
3+Fv37xWltO6ESTo9+ZKoSlgbOOhSJ9FkvIDwTn5T7UNTdnU+k9MKE/E8LnOGC6T
Mzd8FVPR19ux0TgViL3RYAXShx4ohu/NteiV6cosFPrr0wvG6PPtsqq0051e935r
/36Pd1Eqto00FRDKOa61zf+K/R1fFWmMO1dl+oNGKfKce1gkTmCVYW9n6rQ=
-----END CERTIFICATE-----
Generated at Tue Feb 18 06:59:49 2025 by rpki-client