Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/59596a4d-a066-4b6c-a857-530e17536898.roa
File:                     59596a4d-a066-4b6c-a857-530e17536898.roa (raw, json)
Hash identifier:          Nl83pGR12JvEP8bQP8DqGS3FTBcXGiBLka7p36DeOqU=
Subject key identifier:   97:14:41:FC:F4:94:97:BB:8D:23:AA:CD:20:67:F0:5C:59:02:37:55
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       17680BC2CDF03E24F80E4335026338BBE44B8294
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/59596a4d-a066-4b6c-a857-530e17536898.roa
Signing time:             Sat 24 Feb 2024 00:00:00 +0000
ROA not before:           Sat 24 Feb 2024 00:00:00 +0000
ROA not after:            Sat 30 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:68:0b:c2:cd:f0:3e:24:f8:0e:43:35:02:63:38:bb:e4:4b:82:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 24 00:00:00 2024 GMT
            Not After : Mar 30 23:59:59 2024 GMT
        Subject: serialNumber=3ad37d18dda327e2406198eaacc19028a181374267a724b3aa072d2b5830f7f7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b6:c7:97:a8:87:19:67:eb:65:44:96:2b:e7:
                    3f:0f:41:6a:de:1a:1f:6f:35:f8:29:11:16:94:06:
                    bf:ec:8d:ef:55:28:55:ec:cc:a3:57:dc:de:d2:01:
                    d6:68:10:ef:5a:f9:04:14:67:39:f2:cd:28:65:be:
                    e5:fc:49:34:2a:d1:94:8a:d6:52:2a:45:2a:59:5a:
                    f9:a7:fd:8c:bb:72:d8:8c:79:4c:22:41:35:72:a8:
                    89:b3:87:ce:a5:3c:30:05:91:bc:f9:8c:cb:45:c8:
                    1d:49:81:b0:76:d9:09:ca:e5:80:4d:e8:2f:6f:3f:
                    85:eb:c3:c3:c9:16:15:25:6e:01:7e:a7:50:20:a0:
                    27:35:2b:59:e9:e7:db:ba:e0:47:ef:25:90:65:0c:
                    c2:d0:31:4e:53:46:3a:2d:b8:94:39:81:d2:30:ec:
                    d7:d7:31:12:be:24:ac:62:91:82:aa:47:d4:17:df:
                    df:49:e7:e4:45:73:97:63:76:6f:c7:d5:c9:82:a1:
                    1a:93:7e:38:f7:c7:b2:a2:9a:85:c1:79:4e:db:fd:
                    56:fe:66:e8:3b:25:80:f1:ab:7f:dd:85:f1:94:0c:
                    e6:42:7b:44:f9:21:01:da:0d:12:b4:c9:8e:72:69:
                    f9:2c:44:64:96:0c:b9:00:39:73:18:0c:a1:f6:4c:
                    be:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:14:41:FC:F4:94:97:BB:8D:23:AA:CD:20:67:F0:5C:59:02:37:55
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/59596a4d-a066-4b6c-a857-530e17536898.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ec:d4:0d:96:63:64:a9:16:16:fa:13:1f:ad:d8:66:4b:48:
         19:54:6e:d6:fa:51:72:e3:c7:00:22:04:bb:60:da:6d:b8:71:
         99:c2:32:9f:f0:c5:4f:d3:00:30:b0:be:de:b0:03:99:89:33:
         50:c0:ad:02:4e:a4:b9:36:ce:32:7c:a9:f3:24:e2:fb:55:49:
         a7:5d:09:b8:27:67:cc:0f:d2:a8:f3:e9:79:40:20:76:a7:97:
         af:ca:f9:77:b7:83:20:a5:6a:20:56:42:67:58:fc:d4:7f:fa:
         de:fd:8d:1d:fe:81:31:22:3f:bd:d2:e5:56:36:b5:d0:c5:13:
         96:bb:9a:f9:18:6b:a3:d8:3e:49:04:64:5f:35:5d:e1:48:2e:
         25:dc:d2:f2:e1:18:75:f4:28:e4:16:8c:35:1c:b7:34:5f:c2:
         7c:f7:50:57:c0:0a:ef:fd:9f:ef:13:84:fd:9c:83:e8:90:21:
         98:de:ab:3d:38:f0:c5:3a:0b:f5:ec:bf:5a:18:a6:b9:00:09:
         5b:01:d0:0c:c0:94:11:44:97:97:0b:52:53:9f:50:1e:08:9d:
         ae:6a:9f:15:5a:77:4f:1a:e5:ca:41:68:60:52:5d:c1:79:74:
         17:32:c1:c4:4a:8f:6c:73:55:a9:ea:2e:ae:0c:78:40:f3:8d:
         73:7e:6f:42
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF2gLws3wPiT4DkM1AmM4u+RLgpQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjI0MDAwMDAwWhcNMjQwMzMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYWQzN2QxOGRkYTMyN2UyNDA2MTk4ZWFhY2MxOTAyOGEx
ODEzNzQyNjdhNzI0YjNhYTA3MmQyYjU4MzBmN2Y3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAtseXqIcZZ+tlRJYr5z8PQWreGh9vNfgpERaUBr/sje9V
KFXszKNX3N7SAdZoEO9a+QQUZznyzShlvuX8STQq0ZSK1lIqRSpZWvmn/Yy7ctiM
eUwiQTVyqImzh86lPDAFkbz5jMtFyB1JgbB22QnK5YBN6C9vP4Xrw8PJFhUlbgF+
p1AgoCc1K1np59u64EfvJZBlDMLQMU5TRjotuJQ5gdIw7NfXMRK+JKxikYKqR9QX
399J5+RFc5djdm/H1cmCoRqTfjj3x7KimoXBeU7b/Vb+Zug7JYDxq3/dhfGUDOZC
e0T5IQHaDRK0yY5yafksRGSWDLkAOXMYDKH2TL4lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlxRB/PSUl7uNI6rNIGfwXFkCN1UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU5NTk2YTRkLWEwNjYtNGI2Yy1hODU3LTUzMGUxNzUzNjg5OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACrs1A2WY2SpFhb6Ex+t2GZLSBlU
btb6UXLjxwAiBLtg2m24cZnCMp/wxU/TADCwvt6wA5mJM1DArQJOpLk2zjJ8qfMk
4vtVSaddCbgnZ8wP0qjz6XlAIHanl6/K+Xe3gyClaiBWQmdY/NR/+t79jR3+gTEi
P73S5VY2tdDFE5a7mvkYa6PYPkkEZF81XeFILiXc0vLhGHX0KOQWjDUctzRfwnz3
UFfACu/9n+8ThP2cg+iQIZjeqz048MU6C/Xsv1oYprkACVsB0AzAlBFEl5cLUlOf
UB4Ina5qnxVad08a5cpBaGBSXcF5dBcywcRKj2xzVanqLq4MeEDzjXN+b0I=
-----END CERTIFICATE-----