Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d153738-384a-4085-8122-c10fc6f17fd7.roa
File:                     0d153738-384a-4085-8122-c10fc6f17fd7.roa (raw, json)
Hash identifier:          CZIZ3IbWOFEUVzJKguENeXScYqdm56twZyZIFDXSr5Q=
Subject key identifier:   3E:8B:75:4E:5D:C2:74:96:B9:6D:0E:93:CF:24:FE:6D:23:93:DE:3E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1B8D918381E845C7E14109F4AC7645B9AA72F415
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d153738-384a-4085-8122-c10fc6f17fd7.roa
Signing time:             Wed 03 Jul 2024 00:00:00 +0000
ROA not before:           Wed 03 Jul 2024 00:00:00 +0000
ROA not after:            Wed 07 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:8d:91:83:81:e8:45:c7:e1:41:09:f4:ac:76:45:b9:aa:72:f4:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  3 00:00:00 2024 GMT
            Not After : Aug  7 23:59:59 2024 GMT
        Subject: serialNumber=5699d23154b72d640e98342f315b924955d8218e649d4d4660a3d89f33a63f32, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:54:80:d3:b6:87:66:a7:f5:65:4e:a8:ec:9d:
                    40:5d:9d:24:89:52:61:9f:f3:78:21:51:92:17:f3:
                    87:5f:1a:b4:0a:ef:ac:cd:a3:d5:06:5b:ed:9f:49:
                    56:09:98:df:73:53:f5:51:0d:7a:4e:da:34:17:da:
                    dc:47:90:51:a8:95:11:d6:9d:4e:90:97:fa:ab:59:
                    ed:43:a1:01:b1:1d:7d:39:63:b9:c0:d7:6a:a5:95:
                    c2:c2:c2:22:64:6f:a1:d8:ff:23:88:1c:7c:ed:a0:
                    22:a9:04:ae:e6:38:ad:a3:13:e7:91:59:c2:13:4d:
                    51:8c:73:1d:10:ab:f8:80:97:c0:a6:f4:03:f2:95:
                    22:c4:7b:d6:c5:3a:e2:04:c0:70:ce:30:3d:45:a6:
                    87:58:99:88:09:ba:25:f0:91:11:61:5c:2c:bb:53:
                    e0:94:df:a0:ce:89:ce:a6:4f:6a:fa:d0:c6:bf:ca:
                    06:47:a9:07:cb:dc:32:42:2b:4e:16:51:a9:a1:31:
                    a7:7f:fa:ef:89:d2:16:6c:9c:d1:d5:9c:dc:df:cb:
                    f4:60:8e:d1:c6:21:2e:2d:0b:e8:ff:11:46:bf:6f:
                    dd:b7:01:7e:e0:56:c0:32:cd:cc:57:80:33:95:83:
                    f3:c7:fa:be:e1:cd:bc:ec:d2:8d:bb:07:47:bd:06:
                    cb:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:8B:75:4E:5D:C2:74:96:B9:6D:0E:93:CF:24:FE:6D:23:93:DE:3E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d153738-384a-4085-8122-c10fc6f17fd7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:4b:cb:56:ad:96:a0:92:76:67:dc:49:83:dc:a1:8a:b4:7d:
         55:8d:57:d4:a2:03:7a:a7:0f:3c:dd:bf:a2:4f:f1:40:13:73:
         9e:57:8b:ed:05:26:e9:e7:41:3d:69:d6:46:7a:8c:14:3e:0e:
         53:6d:65:d6:d9:e0:92:e4:31:a5:e1:6f:da:63:96:07:03:2a:
         3f:13:b0:d0:6f:68:97:72:61:05:52:62:42:9d:e5:df:dc:e4:
         3a:26:9f:bc:cf:7b:cc:d4:4a:0b:cb:81:a0:17:4b:1e:d4:ba:
         82:36:22:75:da:b0:0d:e1:6b:9a:c1:f8:e3:ce:4d:cd:5c:35:
         90:4e:48:45:8a:38:f2:a7:dc:5c:95:55:7f:f9:e6:95:0e:92:
         7b:f5:99:e1:e5:71:58:66:2a:ce:22:c9:76:5a:75:fe:b0:57:
         33:83:7d:56:49:c7:65:83:a0:0a:b7:00:fb:b3:82:4f:64:3c:
         ac:f7:ec:40:86:31:30:00:f5:9a:4a:c0:23:bb:dc:ab:c2:a8:
         9a:87:f0:79:8b:f4:89:c8:9f:8c:8f:bc:f2:ce:70:cf:89:2e:
         f9:6a:39:d9:b8:3f:0a:d5:18:c4:56:5a:7c:48:d6:fa:89:69:
         e7:68:d6:f4:fa:0c:46:0d:50:92:aa:1d:32:7c:cf:39:2b:7e:
         4f:be:f0:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG42Rg4HoRcfhQQn0rHZFuapy9BUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzAzMDAwMDAwWhcNMjQwODA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Njk5ZDIzMTU0YjcyZDY0MGU5ODM0MmYzMTViOTI0OTU1
ZDgyMThlNjQ5ZDRkNDY2MGEzZDg5ZjMzYTYzZjMyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMVIDTtodmp/VlTqjsnUBdnSSJUmGf83ghUZIX84dfGrQK
76zNo9UGW+2fSVYJmN9zU/VRDXpO2jQX2txHkFGolRHWnU6Ql/qrWe1DoQGxHX05
Y7nA12qllcLCwiJkb6HY/yOIHHztoCKpBK7mOK2jE+eRWcITTVGMcx0Qq/iAl8Cm
9APylSLEe9bFOuIEwHDOMD1FpodYmYgJuiXwkRFhXCy7U+CU36DOic6mT2r60Ma/
ygZHqQfL3DJCK04WUamhMad/+u+J0hZsnNHVnNzfy/RgjtHGIS4tC+j/EUa/b923
AX7gVsAyzcxXgDOVg/PH+r7hzbzs0o27B0e9BsvNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPot1Tl3CdJa5bQ6TzyT+bSOT3j4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBkMTUzNzM4LTM4NGEtNDA4NS04MTIyLWMxMGZjNmYxN2ZkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGZLy1atlqCSdmfcSYPcoYq0fVWN
V9SiA3qnDzzdv6JP8UATc55Xi+0FJunnQT1p1kZ6jBQ+DlNtZdbZ4JLkMaXhb9pj
lgcDKj8TsNBvaJdyYQVSYkKd5d/c5Domn7zPe8zUSgvLgaAXSx7UuoI2InXasA3h
a5rB+OPOTc1cNZBOSEWKOPKn3FyVVX/55pUOknv1meHlcVhmKs4iyXZadf6wVzOD
fVZJx2WDoAq3APuzgk9kPKz37ECGMTAA9ZpKwCO73KvCqJqH8HmL9InIn4yPvPLO
cM+JLvlqOdm4PwrVGMRWWnxI1vqJaedo1vT6DEYNUJKqHTJ8zzkrfk++8C4=
-----END CERTIFICATE-----