Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1770cd45-caa8-4793-80c5-43a6dd67841f.roa
File:                     1770cd45-caa8-4793-80c5-43a6dd67841f.roa (raw, json)
Hash identifier:          ARFWVR4lC5Bn8784dU4Gbv2GcPzRcgeNE9e48TUaLhE=
Subject key identifier:   0D:17:43:EE:1A:8A:CB:D8:5E:37:1E:24:FB:DC:27:68:F3:F8:F8:17
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       23215472AF5D19AA20F2D851127E41EC6F8FA3DA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1770cd45-caa8-4793-80c5-43a6dd67841f.roa
Signing time:             Sun 18 Feb 2024 00:00:00 +0000
ROA not before:           Sun 18 Feb 2024 00:00:00 +0000
ROA not after:            Sun 24 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:21:54:72:af:5d:19:aa:20:f2:d8:51:12:7e:41:ec:6f:8f:a3:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 18 00:00:00 2024 GMT
            Not After : Mar 24 23:59:59 2024 GMT
        Subject: serialNumber=3f8b4306eff27abeecfcdc534d20c65220821b56a32b731234f331019ea74129, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:dc:c8:0b:f9:4f:9e:54:94:6d:a3:65:97:d2:
                    6e:f6:5f:d3:e5:2e:65:fc:a6:49:cf:30:d7:42:ee:
                    bc:dc:31:98:11:2b:6d:16:ac:03:70:74:f9:fb:3c:
                    e4:9c:c7:78:40:1e:5b:71:8e:51:77:75:3a:59:48:
                    6a:ff:be:ba:f0:a6:52:44:be:4b:a3:7a:40:61:60:
                    f7:39:48:3c:35:79:83:4d:c1:ac:03:26:98:2d:81:
                    d2:4e:c9:07:42:24:a9:32:f6:23:1c:22:3f:bb:1b:
                    c4:d9:8d:a7:91:dc:b7:d0:8e:14:4f:3b:2c:8e:35:
                    d8:3a:87:da:ce:d1:2e:bb:9f:d5:66:51:7c:00:eb:
                    a7:b3:3c:42:1f:7a:54:ef:2a:02:bc:8f:69:d9:7c:
                    9c:e4:57:03:5e:35:10:26:a7:9b:c2:e8:90:61:52:
                    ad:80:2f:1e:8e:1a:79:80:bf:59:95:87:b1:1e:a9:
                    51:e2:81:fe:69:ca:a1:c4:96:34:0b:a5:2d:f8:fa:
                    c0:f4:ed:c5:13:ac:54:cc:fa:66:cf:a5:68:b5:ce:
                    76:bb:f9:5f:5e:e0:45:c0:e6:e9:8d:bf:c0:66:b6:
                    6f:d3:6a:7a:e2:f7:0a:d3:75:ef:c5:3f:84:d4:b1:
                    95:72:2a:0a:2e:eb:8a:4b:86:96:db:1e:77:1e:09:
                    c6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:17:43:EE:1A:8A:CB:D8:5E:37:1E:24:FB:DC:27:68:F3:F8:F8:17
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1770cd45-caa8-4793-80c5-43a6dd67841f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:c5:48:b1:07:1e:e2:d3:46:0d:e5:d7:d1:2e:2a:e8:3d:6d:
         f3:a4:d0:02:3a:74:07:fe:7d:7f:f5:43:5f:99:71:4e:a7:44:
         60:e4:f8:98:58:71:9d:66:fe:0e:85:46:42:dd:fd:1c:39:af:
         c2:9b:be:d4:99:59:21:47:bc:ee:c1:51:f3:5a:44:ef:9d:25:
         80:92:0d:e0:c4:2f:7a:56:8f:59:de:2e:4e:66:b6:3f:32:ed:
         06:ac:d1:e7:73:ff:69:43:f8:29:a2:0c:2a:82:9e:de:42:5e:
         68:7f:28:c9:ab:ca:a0:c6:06:b0:99:a2:af:78:19:f1:f2:f7:
         47:22:a5:6f:d9:09:95:1a:73:79:c1:74:3b:e4:65:58:c9:ff:
         76:f0:26:ba:ed:26:01:cf:48:b1:c9:df:90:d4:a0:63:fd:bb:
         b7:5e:41:98:04:38:de:5f:c5:2d:c9:1f:27:40:da:aa:1e:95:
         40:cb:45:ed:14:fa:e7:03:bd:1f:64:b1:07:d9:96:27:09:a2:
         76:c4:54:74:13:4e:63:85:a0:b8:35:03:ef:d2:20:0f:ac:5c:
         66:f5:2c:ee:15:4b:5b:52:3f:57:5c:93:62:03:d2:f3:e1:f7:
         af:de:fc:56:7e:ae:63:46:9d:ad:ca:08:d7:ba:e3:90:28:f8:
         c3:5b:61:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIyFUcq9dGaog8thREn5B7G+Po9owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjE4MDAwMDAwWhcNMjQwMzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZjhiNDMwNmVmZjI3YWJlZWNmY2RjNTM0ZDIwYzY1MjIw
ODIxYjU2YTMyYjczMTIzNGYzMzEwMTllYTc0MTI5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDY3MgL+U+eVJRto2WX0m72X9PlLmX8pknPMNdC7rzcMZgR
K20WrANwdPn7POScx3hAHltxjlF3dTpZSGr/vrrwplJEvkujekBhYPc5SDw1eYNN
wawDJpgtgdJOyQdCJKky9iMcIj+7G8TZjaeR3LfQjhRPOyyONdg6h9rO0S67n9Vm
UXwA66ezPEIfelTvKgK8j2nZfJzkVwNeNRAmp5vC6JBhUq2ALx6OGnmAv1mVh7Ee
qVHigf5pyqHEljQLpS34+sD07cUTrFTM+mbPpWi1zna7+V9e4EXA5umNv8Bmtm/T
anri9wrTde/FP4TUsZVyKgou64pLhpbbHnceCcbhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDRdD7hqKy9heNx4k+9wnaPP4+BcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE3NzBjZDQ1LWNhYTgtNDc5My04MGM1LTQzYTZkZDY3ODQxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIzFSLEHHuLTRg3l19EuKug9bfOk
0AI6dAf+fX/1Q1+ZcU6nRGDk+JhYcZ1m/g6FRkLd/Rw5r8KbvtSZWSFHvO7BUfNa
RO+dJYCSDeDEL3pWj1neLk5mtj8y7Qas0edz/2lD+CmiDCqCnt5CXmh/KMmryqDG
BrCZoq94GfHy90cipW/ZCZUac3nBdDvkZVjJ/3bwJrrtJgHPSLHJ35DUoGP9u7de
QZgEON5fxS3JHydA2qoelUDLRe0U+ucDvR9ksQfZlicJonbEVHQTTmOFoLg1A+/S
IA+sXGb1LO4VS1tSP1dck2ID0vPh96/e/FZ+rmNGna3KCNe645Ao+MNbYU4=
-----END CERTIFICATE-----