Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/35f8ae1e-d957-46bf-a0c5-7071c14902ae.roa
File:                     35f8ae1e-d957-46bf-a0c5-7071c14902ae.roa (raw, json)
Hash identifier:          J86RlXgMDXLWlN5jqh88WARPDQ/MlemyRyHFqASiEPQ=
Subject key identifier:   FC:A9:85:24:9B:1C:15:39:CB:72:80:E8:84:3B:90:EE:01:A4:5C:13
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       76797035BFC76B8909FBF365559DA40B3ACED9DA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/35f8ae1e-d957-46bf-a0c5-7071c14902ae.roa
Signing time:             Wed 10 Apr 2024 00:00:00 +0000
ROA not before:           Wed 10 Apr 2024 00:00:00 +0000
ROA not after:            Wed 15 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:79:70:35:bf:c7:6b:89:09:fb:f3:65:55:9d:a4:0b:3a:ce:d9:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 10 00:00:00 2024 GMT
            Not After : May 15 23:59:59 2024 GMT
        Subject: serialNumber=4007ff7729d8717e08786559217ab1d8a9868f97ace51ac0c91ee42bcd4515c0, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b6:17:97:38:5a:31:59:e3:b2:45:82:a8:fc:
                    38:ef:b7:ab:a9:2d:c1:51:0b:ef:e7:f7:5f:24:01:
                    b8:ac:f6:c8:d4:b2:aa:3f:e0:d0:e9:10:3b:22:14:
                    1f:65:bf:3d:c0:5a:d7:50:94:94:11:f5:48:93:db:
                    3a:61:5f:0e:e6:fe:c7:be:e6:dd:95:94:2b:c4:10:
                    13:f6:d5:3b:ac:68:ed:e8:a5:0f:69:64:6d:66:55:
                    b4:f1:20:6f:05:5b:ca:3a:c4:7e:e7:97:53:5c:05:
                    b7:b2:72:df:b1:73:f4:2c:6c:57:3c:25:3f:26:d8:
                    61:4a:f7:80:c4:33:fa:37:db:76:5f:a3:21:17:c1:
                    fb:9c:e2:1f:5f:d1:de:5d:6c:30:9c:23:6e:38:db:
                    70:ba:31:da:71:39:16:af:59:a6:49:a7:00:76:73:
                    ce:23:97:be:ac:69:b2:fa:84:76:a6:4a:23:06:8f:
                    ff:0f:b4:dc:5a:b0:c1:78:dd:b5:2f:86:dc:81:3d:
                    ce:bb:a6:83:df:de:bc:49:34:5a:c1:52:9b:2b:3b:
                    a7:a9:76:be:ab:07:c6:86:27:8a:dc:5c:e2:59:55:
                    6e:4c:06:82:d7:1e:39:b4:22:72:0b:99:68:ab:87:
                    33:38:7e:3f:8a:8b:1d:75:89:a8:a2:9f:68:e1:4b:
                    26:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A9:85:24:9B:1C:15:39:CB:72:80:E8:84:3B:90:EE:01:A4:5C:13
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/35f8ae1e-d957-46bf-a0c5-7071c14902ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:5d:d8:39:09:de:36:db:c9:07:f5:bc:e7:9b:7d:23:52:fd:
         02:fa:77:1d:3a:dd:7f:ee:d1:27:f8:8f:0f:6e:df:d2:93:fc:
         3c:1f:8b:4a:e1:3b:77:b8:fb:d3:8f:9f:20:ab:23:00:ac:e4:
         d1:50:e7:62:8a:07:2f:ea:fe:e8:75:3e:7d:42:22:85:9b:e5:
         a1:05:03:7d:da:06:4b:67:81:7f:a4:ee:ca:36:7c:0a:24:d8:
         15:69:ce:1e:7e:04:1b:47:5d:2d:7e:bb:60:d5:87:71:d8:d2:
         96:d9:5f:ea:0a:9f:32:06:f6:c4:ef:38:c7:e6:d2:61:85:c2:
         d9:66:3b:33:c4:91:38:15:47:25:e0:59:1e:0e:8a:9d:96:79:
         4b:36:5c:af:91:0a:cc:d6:1c:cd:e1:10:ed:11:92:a7:37:1b:
         86:4a:12:68:b1:7b:6a:bc:5b:04:0d:36:46:03:40:57:d8:85:
         74:2a:af:96:4a:d5:0d:2f:36:a3:05:6f:4f:d8:69:c0:74:c2:
         29:32:4d:6c:e3:a8:61:56:e1:1a:af:fb:db:0c:e6:a9:53:35:
         53:ec:b2:50:f9:3e:92:33:51:e8:b6:ce:54:87:e5:9d:bd:28:
         b1:19:72:df:50:85:68:b4:62:ec:b8:60:1c:d6:b3:f4:8d:d4:
         c1:2e:c3:38
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdnlwNb/Ha4kJ+/NlVZ2kCzrO2dowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDEwMDAwMDAwWhcNMjQwNTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MDA3ZmY3NzI5ZDg3MTdlMDg3ODY1NTkyMTdhYjFkOGE5
ODY4Zjk3YWNlNTFhYzBjOTFlZTQyYmNkNDUxNWMwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDftheXOFoxWeOyRYKo/Djvt6upLcFRC+/n918kAbis9sjU
sqo/4NDpEDsiFB9lvz3AWtdQlJQR9UiT2zphXw7m/se+5t2VlCvEEBP21TusaO3o
pQ9pZG1mVbTxIG8FW8o6xH7nl1NcBbeyct+xc/QsbFc8JT8m2GFK94DEM/o323Zf
oyEXwfuc4h9f0d5dbDCcI24423C6MdpxORavWaZJpwB2c84jl76sabL6hHamSiMG
j/8PtNxasMF43bUvhtyBPc67poPf3rxJNFrBUpsrO6epdr6rB8aGJ4rcXOJZVW5M
BoLXHjm0InILmWirhzM4fj+Kix11iaiin2jhSya9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/KmFJJscFTnLcoDohDuQ7gGkXBMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM1ZjhhZTFlLWQ5NTctNDZiZi1hMGM1LTcwNzFjMTQ5MDJhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEBd2DkJ3jbbyQf1vOebfSNS/QL6
dx063X/u0Sf4jw9u39KT/Dwfi0rhO3e4+9OPnyCrIwCs5NFQ52KKBy/q/uh1Pn1C
IoWb5aEFA33aBktngX+k7so2fAok2BVpzh5+BBtHXS1+u2DVh3HY0pbZX+oKnzIG
9sTvOMfm0mGFwtlmOzPEkTgVRyXgWR4Oip2WeUs2XK+RCszWHM3hEO0Rkqc3G4ZK
Emixe2q8WwQNNkYDQFfYhXQqr5ZK1Q0vNqMFb0/YacB0wikyTWzjqGFW4Rqv+9sM
5qlTNVPsslD5PpIzUei2zlSH5Z29KLEZct9QhWi0Yuy4YBzWs/SN1MEuwzg=
-----END CERTIFICATE-----