Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f6755dc0-fe4b-40ea-b69e-4254634fc7b9.roa
File:                     f6755dc0-fe4b-40ea-b69e-4254634fc7b9.roa (raw, json)
Hash identifier:          lDZwkwyt+c1brxWX+XqLs7KW5n/+NRnlgWJkCD6GJXE=
Subject key identifier:   F4:D5:F2:1D:56:C6:99:EC:B1:AA:AE:4E:51:30:6D:C2:7E:C4:CF:D5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2B3BE4CF49E8980224E7B31213433AA4964EA3FD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f6755dc0-fe4b-40ea-b69e-4254634fc7b9.roa
Signing time:             Fri 17 May 2024 00:00:00 +0000
ROA not before:           Fri 17 May 2024 00:00:00 +0000
ROA not after:            Fri 21 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:3b:e4:cf:49:e8:98:02:24:e7:b3:12:13:43:3a:a4:96:4e:a3:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 17 00:00:00 2024 GMT
            Not After : Jun 21 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:75:6a:eb:5e:c7:71:97:4c:72:b7:31:c0:50:
                    41:78:9e:b7:31:76:96:a7:7c:be:93:0b:2d:d0:3a:
                    df:4b:c9:e1:27:4b:cc:29:44:ee:f4:8d:36:2b:39:
                    44:c0:ad:65:9a:e8:54:79:0d:6a:8b:39:58:6f:41:
                    c2:4f:c7:19:f2:33:a9:37:66:2f:77:bf:01:6f:49:
                    e9:92:79:59:89:3e:ca:46:09:3e:27:27:8f:84:8b:
                    a4:57:f9:e0:03:f8:f6:ca:07:64:9e:db:4e:a5:25:
                    46:76:7b:0a:42:cc:80:32:8f:8a:e2:d3:15:2d:ed:
                    a9:39:f3:43:f9:81:ab:bc:fe:ee:42:24:b2:5d:6e:
                    e3:d3:ea:af:fa:dc:c4:c9:ac:2a:9e:be:04:0c:36:
                    e0:e5:e6:78:3b:ad:07:86:fa:c8:af:7d:f1:e0:e0:
                    c4:08:5a:35:81:c1:ed:76:a0:71:61:ac:6c:ad:91:
                    8f:71:ff:f5:8f:d2:43:67:02:6c:21:0f:c5:d8:a5:
                    5b:4b:29:0b:74:2a:ea:fa:8a:ee:14:09:79:b9:c7:
                    9d:0a:46:77:2c:98:08:fa:e8:38:34:2a:d2:ee:05:
                    42:3b:7d:c5:50:44:4a:d9:bf:44:a4:d1:be:ec:56:
                    fe:15:fa:59:dd:9f:c1:f2:96:43:c8:72:65:97:f1:
                    91:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D5:F2:1D:56:C6:99:EC:B1:AA:AE:4E:51:30:6D:C2:7E:C4:CF:D5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f6755dc0-fe4b-40ea-b69e-4254634fc7b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:c0:b0:11:61:63:0d:6d:37:2b:7e:cd:74:0e:30:98:0a:79:
         e1:1c:9c:54:56:df:4c:eb:61:60:92:6e:24:e6:ea:bf:7e:5c:
         30:dd:68:0c:7f:96:18:94:3e:93:fa:dd:8a:ef:33:c8:c9:61:
         58:1e:08:34:26:e3:ce:f9:48:3d:f0:8c:16:30:96:56:e9:61:
         4d:42:a5:17:7d:b1:81:77:3a:71:14:3b:0b:39:d5:8c:a7:b3:
         34:85:bb:0c:a9:74:91:9f:17:b0:9d:8b:51:6a:79:a5:f4:cb:
         de:a9:ed:f3:86:51:5b:45:9a:ad:ff:aa:0e:d8:0a:09:af:5f:
         ca:01:cd:ce:e6:b7:04:7d:53:65:6f:97:85:11:7a:de:ea:de:
         e6:eb:2f:7b:88:28:03:13:55:22:70:11:63:0c:8b:41:84:43:
         23:bd:06:53:96:1c:24:c6:79:b8:47:07:0e:36:51:08:7b:2d:
         df:ce:ee:d8:00:e0:ee:6a:4e:b5:34:b3:2d:68:a0:5b:1c:07:
         3c:79:da:82:c9:20:50:fa:18:fb:f9:d5:26:c6:a8:5a:b5:7f:
         3a:40:98:3f:dd:e7:23:06:f3:66:d3:21:d8:61:88:97:f7:f7:
         8a:6f:7f:53:51:79:90:cf:c9:28:f5:f1:d2:7b:e8:65:9e:70:
         de:6c:b2:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKzvkz0nomAIk57MSE0M6pJZOo/0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTE3MDAwMDAwWhcNMjQwNjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MWM1Yjg4N2JhYmIyODM4NWYxYjkwMGFjODZjYmI5ZTdi
NzgxNDU0MjU2MzgwNjhjMWE5ODZhMzFlMjVkYTljMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDadWrrXsdxl0xytzHAUEF4nrcxdpanfL6TCy3QOt9LyeEn
S8wpRO70jTYrOUTArWWa6FR5DWqLOVhvQcJPxxnyM6k3Zi93vwFvSemSeVmJPspG
CT4nJ4+Ei6RX+eAD+PbKB2Se206lJUZ2ewpCzIAyj4ri0xUt7ak580P5gau8/u5C
JLJdbuPT6q/63MTJrCqevgQMNuDl5ng7rQeG+sivffHg4MQIWjWBwe12oHFhrGyt
kY9x//WP0kNnAmwhD8XYpVtLKQt0Kur6iu4UCXm5x50KRncsmAj66Dg0KtLuBUI7
fcVQRErZv0Sk0b7sVv4V+lndn8HylkPIcmWX8ZGnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9NXyHVbGmeyxqq5OUTBtwn7Ez9UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y2NzU1ZGMwLWZlNGItNDBlYS1iNjllLTQyNTQ2MzRmYzdiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACPAsBFhYw1tNyt+zXQOMJgKeeEc
nFRW30zrYWCSbiTm6r9+XDDdaAx/lhiUPpP63YrvM8jJYVgeCDQm4875SD3wjBYw
llbpYU1CpRd9sYF3OnEUOws51YynszSFuwypdJGfF7Cdi1FqeaX0y96p7fOGUVtF
mq3/qg7YCgmvX8oBzc7mtwR9U2Vvl4URet7q3ubrL3uIKAMTVSJwEWMMi0GEQyO9
BlOWHCTGebhHBw42UQh7Ld/O7tgA4O5qTrU0sy1ooFscBzx52oLJIFD6GPv51SbG
qFq1fzpAmD/d5yMG82bTIdhhiJf394pvf1NReZDPySj18dJ76GWecN5sslk=
-----END CERTIFICATE-----