Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/45bd89f8-051b-489b-b5cc-2114685fa7df.roa
File:                     45bd89f8-051b-489b-b5cc-2114685fa7df.roa (raw, json)
Hash identifier:          bAllLwXdpTxwF9axQKWiIiwOW0U3mOg9QeLKNWtADIw=
Subject key identifier:   51:3A:AD:5E:88:27:47:D4:91:4D:31:A9:6A:7D:7C:06:D1:56:A5:44
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       45FDF210AD01ACDE3981B071FEB992BB37801836
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/45bd89f8-051b-489b-b5cc-2114685fa7df.roa
Signing time:             Tue 26 Dec 2023 00:00:00 +0000
ROA not before:           Tue 26 Dec 2023 00:00:00 +0000
ROA not after:            Tue 30 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:fd:f2:10:ad:01:ac:de:39:81:b0:71:fe:b9:92:bb:37:80:18:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 26 00:00:00 2023 GMT
            Not After : Jan 30 23:59:59 2024 GMT
        Subject: serialNumber=78edd1111f86102ac325818f7e28189026d1a9251c3e90f6a9f9603d2a7197ad, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:57:82:4c:c6:fc:08:f1:bc:c0:e6:ec:8b:ab:
                    a2:89:0f:df:1e:32:eb:35:dc:7f:e3:43:8f:fb:69:
                    09:cb:78:c3:d1:65:b2:22:92:7b:e9:88:9b:f1:6e:
                    fd:11:66:a6:70:21:64:bc:7f:18:20:34:aa:bb:18:
                    4b:6e:d0:c0:11:c5:88:83:83:b6:e2:bb:90:4f:5b:
                    18:2c:32:f9:86:69:4e:ed:ef:b1:b1:90:12:f7:90:
                    5f:6c:1d:46:06:fe:fd:5c:35:8d:93:ba:8d:6d:e3:
                    7b:56:09:15:58:7a:7e:fc:1b:96:08:ab:f4:6f:8a:
                    15:82:a6:23:d9:99:53:da:01:89:a4:9f:77:39:fa:
                    84:63:37:da:44:6f:69:de:e7:06:49:5a:62:24:0c:
                    2d:e3:14:07:b5:34:f8:7e:06:88:3c:02:0a:2a:f0:
                    7e:64:5a:7a:3a:93:77:a3:22:17:39:09:03:53:37:
                    08:ef:2d:d3:83:ee:80:54:b7:f8:ae:dc:46:15:4f:
                    d6:63:12:2f:85:77:c1:0f:17:db:e9:20:15:ed:05:
                    a8:99:09:f0:f2:6a:ba:5c:66:8a:58:ad:ba:fb:41:
                    61:9d:52:10:17:78:d4:17:fa:50:a9:85:8a:fa:91:
                    8d:fe:d2:bc:62:13:5e:3a:85:3a:68:13:5f:52:7a:
                    63:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:3A:AD:5E:88:27:47:D4:91:4D:31:A9:6A:7D:7C:06:D1:56:A5:44
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/45bd89f8-051b-489b-b5cc-2114685fa7df.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:2c:2c:69:8e:67:c4:b9:c7:87:dd:8a:e4:9e:26:49:3f:e2:
         db:80:fa:38:e8:b6:d5:3d:83:b1:8e:38:a7:1d:1d:e8:ac:6a:
         85:71:f6:c8:21:58:bf:c1:23:ab:9a:5b:f3:03:ef:50:31:36:
         aa:ec:9e:2b:54:43:c6:65:08:f5:4d:6b:d1:ae:2d:02:a9:d5:
         d5:12:44:e6:6d:de:88:cf:9e:d5:39:bf:b2:0a:f5:42:c0:f0:
         47:c6:ec:77:49:4f:c0:52:37:28:12:d8:f2:0a:e8:4a:a4:84:
         b3:a6:42:c6:8c:ce:a7:e3:7d:f5:0f:9c:d5:11:7b:c2:5b:20:
         29:52:bf:00:ed:ff:e4:82:51:b4:e1:66:5e:41:32:88:11:1c:
         37:78:cf:2d:2d:58:37:37:18:23:05:f2:ec:ea:d3:11:70:5f:
         ac:57:dc:74:c8:f5:b8:97:75:b0:07:a1:f5:c1:e5:c3:40:d8:
         55:62:59:4d:5e:2e:0a:bf:86:ce:43:9b:bd:87:1f:af:44:f6:
         37:82:cd:a9:51:9e:cd:1b:1b:e8:3f:f6:6c:13:88:28:a9:d1:
         89:9a:f5:ef:47:f3:e9:38:4a:a7:6b:9b:ee:fa:52:81:f8:ee:
         f4:9e:e5:48:3e:d0:15:2a:25:d7:dc:73:0d:d0:ea:07:e7:32:
         8e:e6:0f:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURf3yEK0BrN45gbBx/rmSuzeAGDYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjI2MDAwMDAwWhcNMjQwMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3OGVkZDExMTFmODYxMDJhYzMyNTgxOGY3ZTI4MTg5MDI2
ZDFhOTI1MWMzZTkwZjZhOWY5NjAzZDJhNzE5N2FkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWV4JMxvwI8bzA5uyLq6KJD98eMus13H/jQ4/7aQnLeMPR
ZbIiknvpiJvxbv0RZqZwIWS8fxggNKq7GEtu0MARxYiDg7biu5BPWxgsMvmGaU7t
77GxkBL3kF9sHUYG/v1cNY2Tuo1t43tWCRVYen78G5YIq/RvihWCpiPZmVPaAYmk
n3c5+oRjN9pEb2ne5wZJWmIkDC3jFAe1NPh+Bog8Agoq8H5kWno6k3ejIhc5CQNT
NwjvLdOD7oBUt/iu3EYVT9ZjEi+Fd8EPF9vpIBXtBaiZCfDyarpcZopYrbr7QWGd
UhAXeNQX+lCphYr6kY3+0rxiE146hTpoE19SemPLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUTqtXognR9SRTTGpan18BtFWpUQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ1YmQ4OWY4LTA1MWItNDg5Yi1iNWNjLTIxMTQ2ODVmYTdkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEMsLGmOZ8S5x4fdiuSeJkk/4tuA
+jjottU9g7GOOKcdHeisaoVx9sghWL/BI6uaW/MD71AxNqrsnitUQ8ZlCPVNa9Gu
LQKp1dUSROZt3ojPntU5v7IK9ULA8EfG7HdJT8BSNygS2PIK6EqkhLOmQsaMzqfj
ffUPnNURe8JbIClSvwDt/+SCUbThZl5BMogRHDd4zy0tWDc3GCMF8uzq0xFwX6xX
3HTI9biXdbAHofXB5cNA2FViWU1eLgq/hs5Dm72HH69E9jeCzalRns0bG+g/9mwT
iCip0Yma9e9H8+k4Sqdrm+76UoH47vSe5Ug+0BUqJdfccw3Q6gfnMo7mD1k=
-----END CERTIFICATE-----