Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb490435-f2e6-4887-b602-376772dba935.roa
File:                     bb490435-f2e6-4887-b602-376772dba935.roa (raw, json)
Hash identifier:          AF6vtxuJ+vhoxIHfXresbkntGZKO1Fh+NqF0P76ztRQ=
Subject key identifier:   E3:2A:2D:71:8D:8C:B6:02:B4:B1:03:F8:97:C6:F5:F7:50:8C:8B:81
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       532DE42BC92426D7DDB7BC83C4B549E55A019AFF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb490435-f2e6-4887-b602-376772dba935.roa
Signing time:             Tue 14 May 2024 00:00:00 +0000
ROA not before:           Tue 14 May 2024 00:00:00 +0000
ROA not after:            Tue 18 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:2d:e4:2b:c9:24:26:d7:dd:b7:bc:83:c4:b5:49:e5:5a:01:9a:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 14 00:00:00 2024 GMT
            Not After : Jun 18 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e2:83:a7:00:91:33:b3:80:af:dd:8e:67:72:
                    d9:30:a7:92:e2:65:94:15:c2:eb:57:83:9e:76:a7:
                    c7:17:32:6e:6a:fa:6e:81:e7:8e:88:c8:8f:5e:a5:
                    d8:d6:18:e1:08:97:77:2a:e2:78:f7:be:4a:2c:f1:
                    2f:8b:a3:a4:90:9f:66:6d:dd:b1:2c:3e:69:2e:4f:
                    72:3f:29:f2:49:1f:25:94:7a:5d:f8:dc:e8:35:e1:
                    52:fa:da:93:76:9b:53:92:71:61:a8:d9:99:a3:0d:
                    43:15:3f:2a:4b:93:41:53:52:c9:3e:c3:75:0e:72:
                    3d:36:48:fc:2f:e1:cf:00:08:21:f5:e4:44:3c:34:
                    4b:c2:60:f6:fa:c9:fb:43:79:99:11:00:71:1e:d3:
                    db:13:b9:f6:e5:c1:03:47:da:26:b6:a8:0c:a7:70:
                    14:b7:37:99:9d:50:6e:d9:ce:f8:5f:58:3f:13:23:
                    60:53:71:7f:41:fe:91:46:50:27:5b:3d:03:17:30:
                    82:60:cc:95:f4:e4:43:e7:0c:a0:99:1f:5e:44:78:
                    05:9b:03:1b:71:c3:3c:5c:85:72:64:23:9c:58:ca:
                    b2:a8:9a:bb:1f:ed:96:bd:35:ea:bf:89:55:c1:50:
                    fd:9c:d4:76:c2:0b:1f:0b:fa:47:3a:0e:7f:28:b9:
                    1a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:2A:2D:71:8D:8C:B6:02:B4:B1:03:F8:97:C6:F5:F7:50:8C:8B:81
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb490435-f2e6-4887-b602-376772dba935.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:1b:dc:7f:c9:76:ae:e0:cd:a9:83:22:95:61:9a:26:d6:e3:
         2e:fe:3f:7c:ea:52:93:07:d4:e6:ac:62:10:01:bb:cb:15:a3:
         97:1c:40:f3:9e:c6:79:3c:12:93:c7:91:9e:81:67:cb:52:bf:
         0c:c4:c6:2c:9a:43:32:86:b0:c8:c9:20:0d:c1:52:15:57:b0:
         5d:16:1b:c2:cb:d5:8b:5c:bb:7e:e5:c0:5a:c1:16:44:81:65:
         fb:d8:bd:23:b3:6e:d7:1b:62:a7:45:8d:5a:55:53:e2:da:3c:
         b2:76:1e:e7:a4:5d:37:fd:ee:a9:38:5b:cc:29:73:81:d4:60:
         9b:7f:06:9f:01:d9:02:be:a9:f2:1a:53:88:c0:6e:0a:86:7c:
         82:b2:06:f0:9a:e9:cc:ae:13:4b:ff:8e:86:6b:dc:3a:d5:a6:
         84:f1:a9:14:64:b7:7a:ed:34:b9:71:f2:10:38:6c:d0:57:0b:
         29:68:92:04:a5:95:0b:9b:a4:d3:01:33:68:51:bc:36:bd:c3:
         3b:86:55:69:dd:87:98:6d:0d:37:e2:b2:73:9f:ac:7f:ad:0c:
         cd:76:b8:b5:29:53:01:9f:21:e1:61:02:2e:f5:80:a4:9b:b5:
         f8:3f:49:56:19:cc:70:8b:f2:9f:2d:55:71:74:0b:c0:4f:be:
         81:ae:83:dc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUy3kK8kkJtfdt7yDxLVJ5VoBmv8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTE0MDAwMDAwWhcNMjQwNjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDRiY2E5YzRjODZjMGI0YzE2NDcwYWYzYmIyZWVmMzRj
ZWNkYWI1Yjc3YzU2ZGUzODhiZGY5Yjc2YzAxNzhjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCK4oOnAJEzs4Cv3Y5nctkwp5LiZZQVwutXg552p8cXMm5q
+m6B546IyI9epdjWGOEIl3cq4nj3vkos8S+Lo6SQn2Zt3bEsPmkuT3I/KfJJHyWU
el343Og14VL62pN2m1OScWGo2ZmjDUMVPypLk0FTUsk+w3UOcj02SPwv4c8ACCH1
5EQ8NEvCYPb6yftDeZkRAHEe09sTufblwQNH2ia2qAyncBS3N5mdUG7ZzvhfWD8T
I2BTcX9B/pFGUCdbPQMXMIJgzJX05EPnDKCZH15EeAWbAxtxwzxchXJkI5xYyrKo
mrsf7Za9Neq/iVXBUP2c1HbCCx8L+kc6Dn8ouRoZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4yotcY2MtgK0sQP4l8b191CMi4EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JiNDkwNDM1LWYyZTYtNDg4Ny1iNjAyLTM3Njc3MmRiYTkzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA0b3H/Jdq7gzamDIpVhmibW4y7+
P3zqUpMH1OasYhABu8sVo5ccQPOexnk8EpPHkZ6BZ8tSvwzExiyaQzKGsMjJIA3B
UhVXsF0WG8LL1Ytcu37lwFrBFkSBZfvYvSOzbtcbYqdFjVpVU+LaPLJ2HuekXTf9
7qk4W8wpc4HUYJt/Bp8B2QK+qfIaU4jAbgqGfIKyBvCa6cyuE0v/joZr3DrVpoTx
qRRkt3rtNLlx8hA4bNBXCylokgSllQubpNMBM2hRvDa9wzuGVWndh5htDTfisnOf
rH+tDM12uLUpUwGfIeFhAi71gKSbtfg/SVYZzHCL8p8tVXF0C8BPvoGug9w=
-----END CERTIFICATE-----