Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22a503d3-c1cc-428c-bc07-3970c5038ac1.roa
File:                     22a503d3-c1cc-428c-bc07-3970c5038ac1.roa (raw, json)
Hash identifier:          2iVMXA9EHej6DnOOTiSzA0aVBeQd4U0BQup5Elh5dOo=
Subject key identifier:   8E:54:3D:F6:1A:86:4D:A8:C2:2D:EF:6F:62:EE:0B:3F:A3:2C:7B:53
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3EDA02EAC125A242A2877C776B7A78DC2803CAC7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22a503d3-c1cc-428c-bc07-3970c5038ac1.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:da:02:ea:c1:25:a2:42:a2:87:7c:77:6b:7a:78:dc:28:03:ca:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=3b10217cbafe252d3e9fd3164505be191e00a9de59c13599b79de75c6a9281dd, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b2:d0:0c:d8:55:4c:a5:af:25:32:a7:d2:9e:
                    06:0b:df:52:d0:87:74:0a:6a:fc:f5:d9:6f:e1:e6:
                    53:c3:04:f8:a9:b4:45:7a:96:c4:9f:61:2d:ed:cc:
                    89:cd:fc:96:31:19:cf:8d:63:58:9b:71:ea:93:26:
                    e5:7a:d5:7c:36:86:9b:a2:89:58:bf:04:72:5e:ed:
                    37:61:30:77:26:b8:08:87:88:4d:fd:af:f9:53:8e:
                    f4:c6:7d:a9:f8:aa:84:b5:4a:6c:25:86:8e:2f:aa:
                    34:2c:89:ae:55:0c:39:57:7e:c8:38:37:30:5d:72:
                    34:1d:e5:c7:7d:93:dd:39:26:82:95:bd:47:93:02:
                    f5:fe:de:ee:b0:81:4f:5a:61:2b:6f:86:f0:9a:2e:
                    ae:6c:6c:db:e9:ae:5e:f9:1d:91:eb:d0:c1:99:fb:
                    af:72:fa:a3:48:83:58:4a:a7:5a:91:c2:ae:59:2a:
                    69:01:9d:82:a6:87:a4:aa:c1:49:44:22:70:b4:d4:
                    69:9e:be:dc:b1:d1:08:db:1b:77:52:c5:ff:c4:0f:
                    91:10:ef:77:89:50:42:92:77:36:c2:2d:b3:ca:6a:
                    05:6f:c3:d1:83:2a:a9:ad:35:59:9a:26:1b:4a:a9:
                    ec:61:94:24:10:fb:1d:18:92:80:8d:d1:43:97:a4:
                    15:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:54:3D:F6:1A:86:4D:A8:C2:2D:EF:6F:62:EE:0B:3F:A3:2C:7B:53
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22a503d3-c1cc-428c-bc07-3970c5038ac1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:4d:5e:f8:9f:4c:a6:64:d2:95:ca:a3:fc:3f:c4:da:c7:d8:
         85:65:de:6e:6b:99:d5:70:ee:30:ae:ed:58:70:62:87:3a:9e:
         9a:61:ff:46:19:6f:50:92:e1:df:7d:20:ae:a3:cb:3e:c7:3c:
         9f:f0:3a:2a:ce:95:f0:63:19:44:ed:d3:4d:c2:6e:ec:9a:38:
         4b:6c:5f:d0:d2:d6:82:bb:2f:93:a7:b1:7a:1f:18:47:2a:06:
         ae:87:be:5e:45:54:46:5f:2c:d1:96:7a:5b:e5:36:4c:32:29:
         d8:96:04:7c:0b:9a:6b:45:f3:01:06:e3:b5:9d:1f:56:9f:8a:
         b8:2b:c5:8f:99:6f:c6:20:d9:cb:49:b0:2c:7c:ce:5a:76:db:
         22:a2:4f:57:a2:c9:3e:33:92:6f:b1:ff:76:74:c9:48:ff:ee:
         12:32:73:cf:ed:83:b8:6f:a9:89:fb:6a:7c:4f:88:7c:2e:e4:
         ea:9d:f6:1a:6d:75:1f:e7:26:45:80:12:5d:5d:ee:f9:fb:62:
         c8:cd:bb:2e:13:fe:5b:e7:17:27:49:74:21:16:c5:0b:86:13:
         d6:a7:5b:a1:69:25:9c:9b:43:76:ab:a3:38:c1:36:ac:fe:ff:
         1b:23:2c:c5:d3:c6:44:bc:96:f6:9a:ee:2e:1c:1a:67:82:4f:
         ef:30:20:a6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPtoC6sElokKih3x3a3p43CgDyscwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzA1MDAwMDAwWhcNMjQwNDA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYjEwMjE3Y2JhZmUyNTJkM2U5ZmQzMTY0NTA1YmUxOTFl
MDBhOWRlNTljMTM1OTliNzlkZTc1YzZhOTI4MWRkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxstAM2FVMpa8lMqfSngYL31LQh3QKavz12W/h5lPDBPip
tEV6lsSfYS3tzInN/JYxGc+NY1ibceqTJuV61Xw2hpuiiVi/BHJe7TdhMHcmuAiH
iE39r/lTjvTGfan4qoS1Smwlho4vqjQsia5VDDlXfsg4NzBdcjQd5cd9k905JoKV
vUeTAvX+3u6wgU9aYStvhvCaLq5sbNvprl75HZHr0MGZ+69y+qNIg1hKp1qRwq5Z
KmkBnYKmh6SqwUlEInC01Gmevtyx0QjbG3dSxf/ED5EQ73eJUEKSdzbCLbPKagVv
w9GDKqmtNVmaJhtKqexhlCQQ+x0YkoCN0UOXpBUHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjlQ99hqGTajCLe9vYu4LP6Mse1MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIyYTUwM2QzLWMxY2MtNDI4Yy1iYzA3LTM5NzBjNTAzOGFjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHlNXvifTKZk0pXKo/w/xNrH2IVl
3m5rmdVw7jCu7VhwYoc6npph/0YZb1CS4d99IK6jyz7HPJ/wOirOlfBjGUTt003C
buyaOEtsX9DS1oK7L5OnsXofGEcqBq6Hvl5FVEZfLNGWelvlNkwyKdiWBHwLmmtF
8wEG47WdH1afirgrxY+Zb8Yg2ctJsCx8zlp22yKiT1eiyT4zkm+x/3Z0yUj/7hIy
c8/tg7hvqYn7anxPiHwu5Oqd9hptdR/nJkWAEl1d7vn7YsjNuy4T/lvnFydJdCEW
xQuGE9anW6FpJZybQ3arozjBNqz+/xsjLMXTxkS8lvaa7i4cGmeCT+8wIKY=
-----END CERTIFICATE-----