Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2382a291-eeed-4bb5-be5f-a4623e7ecbd6.roa
File:                     2382a291-eeed-4bb5-be5f-a4623e7ecbd6.roa (raw, json)
Hash identifier:          pm7828B1b6hX/JuOCww6sMGuo09mhGQzifSExwmXoC4=
Subject key identifier:   0C:23:00:C9:7B:5F:3A:92:8D:2D:F9:78:45:ED:3C:AD:A0:5D:1F:86
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3D4AAEE87765DDC1AC16429F99A9215486C1BD53
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2382a291-eeed-4bb5-be5f-a4623e7ecbd6.roa
Signing time:             Fri 25 Oct 2024 00:00:00 +0000
ROA not before:           Fri 25 Oct 2024 00:00:00 +0000
ROA not after:            Fri 29 Nov 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:4a:ae:e8:77:65:dd:c1:ac:16:42:9f:99:a9:21:54:86:c1:bd:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 25 00:00:00 2024 GMT
            Not After : Nov 29 23:59:59 2024 GMT
        Subject: serialNumber=4870e0d60139734da1cc5dc931a21908f6df241a64e9e8149f9cab9e9a7c3c5f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e0:c3:87:c5:ac:62:dd:06:2d:aa:f5:78:b1:
                    c5:75:c2:e6:a1:f8:21:55:3e:48:25:f2:75:28:10:
                    e6:0a:95:93:2d:df:29:4a:3c:82:7a:41:81:bf:d0:
                    0d:d0:b9:8f:2c:95:a1:0a:cc:8d:62:cd:44:b1:80:
                    2f:11:d4:9a:07:f4:98:b6:a1:aa:59:13:70:db:85:
                    e0:8d:c9:3b:6c:ff:9e:72:52:8b:22:7c:1a:ea:a9:
                    dd:d0:35:d9:0a:b2:7d:44:fe:5f:81:6b:91:81:8a:
                    eb:66:a7:c1:9a:10:b3:7e:d1:7d:df:cc:cf:9d:b8:
                    6d:8c:75:30:b8:f3:4b:e9:2f:dd:d8:14:bb:e7:6f:
                    6c:19:ce:bc:2b:f4:1f:a3:40:ef:22:f5:53:41:bf:
                    3e:49:df:49:b1:68:b4:30:1e:99:f0:36:71:b1:7e:
                    ef:5d:54:37:c0:5a:49:97:36:52:94:05:25:b2:07:
                    72:f9:06:fc:e0:fc:52:0b:43:70:3b:47:26:07:ba:
                    ee:2a:83:d4:b8:35:12:11:95:6f:c0:0a:af:05:0a:
                    65:d9:0d:59:00:19:8a:f4:7a:7f:f3:e6:7f:11:fa:
                    fd:c9:81:e1:d0:d1:b0:0d:e7:60:2a:7e:0f:8f:de:
                    41:d9:52:b9:61:c1:6a:4d:d0:16:cd:ef:51:99:f3:
                    78:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:23:00:C9:7B:5F:3A:92:8D:2D:F9:78:45:ED:3C:AD:A0:5D:1F:86
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2382a291-eeed-4bb5-be5f-a4623e7ecbd6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:35:5c:46:15:cd:ee:ce:42:99:69:ec:89:43:be:4f:ce:e7:
         3a:66:21:3e:8e:fb:08:fc:e2:16:6d:a0:c5:35:63:d3:8a:2a:
         11:27:29:1c:39:2a:53:5c:6c:c7:d2:56:c6:e3:0b:c4:ca:5e:
         51:ac:21:76:26:c1:88:45:d0:88:34:65:5a:19:da:6a:b1:f7:
         82:cd:89:62:99:40:50:a7:4b:d1:75:43:71:d2:93:a8:f1:c5:
         fd:b5:87:7e:d8:b9:e4:86:cc:bd:bd:58:9a:3b:ab:40:3e:3c:
         0c:9d:0c:d8:34:3f:5f:3e:69:e9:41:b4:d4:37:f3:60:65:04:
         9e:cf:00:99:b2:fd:b1:c2:9f:78:63:fe:9f:a1:b0:c5:96:ca:
         43:76:ea:14:44:fa:57:45:70:23:00:88:3e:6f:9d:62:da:10:
         41:2a:01:d7:cd:50:b7:1f:cf:2e:67:ae:d8:22:75:f0:b3:c7:
         46:c1:dd:3f:3f:a3:fa:43:db:30:24:fc:51:2d:57:e5:af:6f:
         48:2d:ae:60:5c:43:e0:60:37:15:f4:0e:1c:a9:1a:d5:db:e0:
         0b:39:e2:cf:cb:d3:02:83:4e:0a:e8:2c:de:cc:de:04:5b:eb:
         2f:8e:36:5d:06:83:41:7c:f1:25:93:65:3b:2a:f9:44:3b:88:
         ff:87:99:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPUqu6Hdl3cGsFkKfmakhVIbBvVMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDI1MDAwMDAwWhcNMjQxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODcwZTBkNjAxMzk3MzRkYTFjYzVkYzkzMWEyMTkwOGY2
ZGYyNDFhNjRlOWU4MTQ5ZjljYWI5ZTlhN2MzYzVmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQ4MOHxaxi3QYtqvV4scV1wuah+CFVPkgl8nUoEOYKlZMt
3ylKPIJ6QYG/0A3QuY8slaEKzI1izUSxgC8R1JoH9Ji2oapZE3DbheCNyTts/55y
UosifBrqqd3QNdkKsn1E/l+Ba5GBiutmp8GaELN+0X3fzM+duG2MdTC480vpL93Y
FLvnb2wZzrwr9B+jQO8i9VNBvz5J30mxaLQwHpnwNnGxfu9dVDfAWkmXNlKUBSWy
B3L5Bvzg/FILQ3A7RyYHuu4qg9S4NRIRlW/ACq8FCmXZDVkAGYr0en/z5n8R+v3J
geHQ0bAN52Aqfg+P3kHZUrlhwWpN0BbN71GZ83i/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDCMAyXtfOpKNLfl4Re08raBdH4YwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIzODJhMjkxLWVlZWQtNGJiNS1iZTVmLWE0NjIzZTdlY2JkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC41XEYVze7OQplp7IlDvk/O5zpm
IT6O+wj84hZtoMU1Y9OKKhEnKRw5KlNcbMfSVsbjC8TKXlGsIXYmwYhF0Ig0ZVoZ
2mqx94LNiWKZQFCnS9F1Q3HSk6jxxf21h37YueSGzL29WJo7q0A+PAydDNg0P18+
aelBtNQ382BlBJ7PAJmy/bHCn3hj/p+hsMWWykN26hRE+ldFcCMAiD5vnWLaEEEq
AdfNULcfzy5nrtgidfCzx0bB3T8/o/pD2zAk/FEtV+Wvb0gtrmBcQ+BgNxX0Dhyp
GtXb4As54s/L0wKDTgroLN7M3gRb6y+ONl0Gg0F88SWTZTsq+UQ7iP+Hmbk=
-----END CERTIFICATE-----