Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4a3ce6a3-95d7-4428-a065-f42b7d3f6d60.roa
File:                     4a3ce6a3-95d7-4428-a065-f42b7d3f6d60.roa (raw, json)
Hash identifier:          ajJzGo+HWE9ig+Get6XGc360KZFtOqy8wtzcV5iIOCY=
Subject key identifier:   07:8B:14:C2:F8:7A:57:28:15:A1:28:22:B0:EB:79:69:AC:BC:4C:AB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       427E3E26DA4416971F8077D6070A44E1CE2CABD3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4a3ce6a3-95d7-4428-a065-f42b7d3f6d60.roa
Signing time:             Fri 06 Dec 2024 00:00:00 +0000
ROA not before:           Fri 06 Dec 2024 00:00:00 +0000
ROA not after:            Fri 10 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:7e:3e:26:da:44:16:97:1f:80:77:d6:07:0a:44:e1:ce:2c:ab:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  6 00:00:00 2024 GMT
            Not After : Jan 10 23:59:59 2025 GMT
        Subject: serialNumber=ca7ad164c3ed423bdf25f9358b0f6da23fe35eb1ba114504418089df01083c1c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a8:16:ff:bb:5a:1d:4f:79:33:45:b7:ed:0a:
                    80:c5:0e:d0:f7:3b:4c:94:73:03:40:d7:57:ae:21:
                    30:0b:e0:cd:35:4a:0d:68:cc:99:1a:76:4e:8c:7f:
                    2e:33:63:38:41:0b:14:4c:3b:ea:bc:86:4f:e8:4e:
                    51:dd:46:18:23:7e:6b:9a:80:9e:df:ca:2d:9f:8f:
                    22:6c:d7:46:6a:fd:50:71:52:1d:76:fa:88:8d:d4:
                    2a:d0:2d:fb:ff:56:1a:b2:76:60:76:8d:91:23:ee:
                    96:3d:bd:a0:04:7f:98:1d:7d:b2:a2:a6:0f:0d:7e:
                    c9:26:89:ed:a5:38:36:46:bc:34:0c:f1:13:90:96:
                    9a:f8:96:a0:78:78:9e:14:f9:ce:45:cc:d1:3c:e5:
                    50:60:c3:09:fd:16:19:72:00:49:80:c8:a5:09:fb:
                    a3:21:05:3e:83:0b:a2:81:99:0d:a1:30:1d:62:e7:
                    42:06:99:bf:24:e9:5f:16:92:94:e4:70:e6:4c:47:
                    3a:cb:a8:59:ac:85:c8:a4:1d:a3:5c:60:3b:37:28:
                    49:73:68:5a:62:c9:ed:9f:98:cd:8e:bc:31:2d:63:
                    54:29:05:14:52:b6:a1:78:f8:9c:cf:77:36:8b:c8:
                    ff:d8:b8:63:3d:f4:79:d4:9c:e2:61:85:1e:ea:dd:
                    ff:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:8B:14:C2:F8:7A:57:28:15:A1:28:22:B0:EB:79:69:AC:BC:4C:AB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4a3ce6a3-95d7-4428-a065-f42b7d3f6d60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:c8:b3:3f:d0:86:ef:b0:c2:c0:12:07:51:3a:bd:6c:90:97:
         61:98:8a:95:66:37:ef:d4:40:74:a8:85:e1:49:7c:58:72:63:
         be:ec:88:db:7d:4e:59:f3:9d:55:2e:b4:9f:98:94:c2:91:1f:
         af:e7:28:48:5d:87:e4:56:3f:f2:71:c7:75:83:3f:9c:b4:75:
         e0:be:e8:f7:fe:0e:05:a2:6b:a8:c2:b2:1d:4b:39:06:ce:f6:
         40:6f:14:dd:d3:46:7f:c8:1d:77:f2:57:59:28:b9:bc:ff:61:
         b5:d0:4f:17:8a:63:4e:42:5e:fc:71:6e:25:b9:89:20:6c:ac:
         ea:63:ee:75:43:f3:da:04:81:a6:0a:1d:1d:cb:fa:c1:ea:7a:
         2a:50:17:f6:c9:37:38:54:ff:58:9e:20:3a:f9:db:81:56:1c:
         f7:bf:62:aa:08:79:cb:50:a3:8a:65:bf:59:73:40:11:c2:40:
         d8:da:62:2a:12:45:b5:44:06:48:8e:0b:5a:35:7c:95:c3:12:
         7d:13:67:81:ae:60:47:8b:2a:84:c4:7d:2e:d6:f8:bd:73:95:
         99:ca:e9:a2:76:78:ec:24:1c:3c:59:cc:31:de:84:a5:8e:91:
         d6:09:c9:50:58:a8:db:7e:bd:eb:20:1c:13:a0:fe:fc:17:ce:
         2f:9a:56:95
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQn4+JtpEFpcfgHfWBwpE4c4sq9MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjA2MDAwMDAwWhcNMjUwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYTdhZDE2NGMzZWQ0MjNiZGYyNWY5MzU4YjBmNmRhMjNm
ZTM1ZWIxYmExMTQ1MDQ0MTgwODlkZjAxMDgzYzFjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFqBb/u1odT3kzRbftCoDFDtD3O0yUcwNA11euITAL4M01
Sg1ozJkadk6Mfy4zYzhBCxRMO+q8hk/oTlHdRhgjfmuagJ7fyi2fjyJs10Zq/VBx
Uh12+oiN1CrQLfv/VhqydmB2jZEj7pY9vaAEf5gdfbKipg8Nfskmie2lODZGvDQM
8ROQlpr4lqB4eJ4U+c5FzNE85VBgwwn9FhlyAEmAyKUJ+6MhBT6DC6KBmQ2hMB1i
50IGmb8k6V8WkpTkcOZMRzrLqFmshcikHaNcYDs3KElzaFpiye2fmM2OvDEtY1Qp
BRRStqF4+JzPdzaLyP/YuGM99HnUnOJhhR7q3f8lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUB4sUwvh6VygVoSgisOt5aay8TKswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRhM2NlNmEzLTk1ZDctNDQyOC1hMDY1LWY0MmI3ZDNmNmQ2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC3Isz/Qhu+wwsASB1E6vWyQl2GY
ipVmN+/UQHSoheFJfFhyY77siNt9TlnznVUutJ+YlMKRH6/nKEhdh+RWP/Jxx3WD
P5y0deC+6Pf+DgWia6jCsh1LOQbO9kBvFN3TRn/IHXfyV1koubz/YbXQTxeKY05C
XvxxbiW5iSBsrOpj7nVD89oEgaYKHR3L+sHqeipQF/bJNzhU/1ieIDr524FWHPe/
YqoIectQo4plv1lzQBHCQNjaYioSRbVEBkiOC1o1fJXDEn0TZ4GuYEeLKoTEfS7W
+L1zlZnK6aJ2eOwkHDxZzDHehKWOkdYJyVBYqNt+vesgHBOg/vwXzi+aVpU=
-----END CERTIFICATE-----