Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8395e63a-a7b3-40f0-aa4b-ecd5146a3fa3.roa
File:                     8395e63a-a7b3-40f0-aa4b-ecd5146a3fa3.roa (raw, json)
Hash identifier:          i+0K7JZ3VVJ6UT8bYqlQHmgGGSjx3bDNP4LBcBiAhAM=
Subject key identifier:   32:7D:F6:CD:8D:A8:74:3C:39:2B:05:42:3C:70:7C:87:81:91:66:E0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       636123C695621EF876A1225F21388A8EB37A22A4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8395e63a-a7b3-40f0-aa4b-ecd5146a3fa3.roa
Signing time:             Thu 11 Jul 2024 00:00:00 +0000
ROA not before:           Thu 11 Jul 2024 00:00:00 +0000
ROA not after:            Thu 15 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:61:23:c6:95:62:1e:f8:76:a1:22:5f:21:38:8a:8e:b3:7a:22:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 11 00:00:00 2024 GMT
            Not After : Aug 15 23:59:59 2024 GMT
        Subject: serialNumber=3910c98489a82016617d4ceb9b284eec7f63a51d4a117025fbad3d1584f516b6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d0:7a:32:89:af:5a:ed:61:1d:71:1b:23:ea:
                    41:22:64:c1:3a:02:09:57:19:79:06:6c:f6:69:4e:
                    86:1b:5a:14:da:52:8e:d2:77:d6:90:b7:3c:d4:0b:
                    5a:8d:93:72:38:e9:24:b3:69:8a:e1:e1:e5:ee:89:
                    79:40:e6:06:d7:2c:f2:05:19:d9:7b:0c:d4:3d:3e:
                    8c:db:c9:c8:ff:88:0d:ad:e4:c7:5c:91:e0:e1:8a:
                    0b:54:be:f3:77:7a:06:63:56:2c:90:8b:6d:06:d2:
                    ca:87:5f:27:63:88:91:d9:b3:e0:b8:0c:ce:1b:d3:
                    83:0c:f8:1c:a6:84:0f:f3:3d:bd:df:85:74:89:b2:
                    d4:5d:aa:fd:02:96:9d:1b:51:2e:fa:8b:02:e2:68:
                    d0:e2:ad:ed:69:25:aa:6b:f2:7a:a9:8f:e0:c3:8b:
                    13:94:67:68:9c:05:64:7c:5a:ef:c6:94:72:78:25:
                    a4:12:32:26:1c:ce:1c:95:69:8e:43:bf:e5:30:2e:
                    e5:a3:e6:07:dc:5f:8c:be:d7:35:88:c9:9b:a6:59:
                    87:a4:01:a0:4d:c1:99:ad:41:32:4d:c8:f9:a7:92:
                    fd:e9:62:fc:31:b6:b8:70:54:2d:f2:e7:a1:a3:52:
                    e5:40:2e:d7:73:2c:f8:31:f4:a3:d1:0a:c4:99:5d:
                    7b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:7D:F6:CD:8D:A8:74:3C:39:2B:05:42:3C:70:7C:87:81:91:66:E0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8395e63a-a7b3-40f0-aa4b-ecd5146a3fa3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:3e:40:cd:f1:ad:79:18:1d:63:5d:30:9b:38:b5:86:17:68:
         b2:dc:f0:f8:7f:e9:68:71:3f:9c:48:26:29:2a:5e:21:c1:36:
         d0:0c:d0:84:13:76:17:45:ea:90:fc:0c:7d:27:ba:91:b0:bc:
         1b:e3:6c:03:bd:9a:99:07:7a:f4:e5:de:b7:08:94:05:d7:0c:
         e8:15:6a:1c:6b:16:81:44:92:0e:00:cf:57:e5:df:32:8b:e1:
         dd:df:87:fb:fe:45:28:8a:59:61:70:d8:6b:30:a1:63:fd:d3:
         2c:42:45:bc:1c:72:e3:67:aa:0c:ea:4c:c3:aa:83:6a:9b:c6:
         bc:67:ee:e3:19:85:36:c7:e2:a9:81:e0:5a:0e:3f:e4:79:70:
         ff:3e:16:d8:7c:8a:f8:29:89:56:8b:68:c8:21:aa:d8:36:c0:
         24:c4:a9:c1:ff:6f:0e:db:af:92:1b:d5:25:70:d8:aa:71:b5:
         8f:a2:b8:36:12:09:d6:34:31:67:a7:ff:c3:3b:ef:8e:09:dd:
         db:9c:50:7f:af:ec:7c:b1:75:8c:c1:fb:e8:78:7a:26:ce:ba:
         26:12:16:b4:40:c9:ec:df:5c:b2:08:ed:e8:4c:7a:e2:10:6c:
         8c:17:2d:30:3b:be:9c:25:68:85:c3:87:db:b9:25:03:70:07:
         35:aa:94:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY2EjxpViHvh2oSJfITiKjrN6IqQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzExMDAwMDAwWhcNMjQwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTEwYzk4NDg5YTgyMDE2NjE3ZDRjZWI5YjI4NGVlYzdm
NjNhNTFkNGExMTcwMjVmYmFkM2QxNTg0ZjUxNmI2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC60Hoyia9a7WEdcRsj6kEiZME6AglXGXkGbPZpToYbWhTa
Uo7Sd9aQtzzUC1qNk3I46SSzaYrh4eXuiXlA5gbXLPIFGdl7DNQ9Pozbycj/iA2t
5MdckeDhigtUvvN3egZjViyQi20G0sqHXydjiJHZs+C4DM4b04MM+BymhA/zPb3f
hXSJstRdqv0Clp0bUS76iwLiaNDire1pJapr8nqpj+DDixOUZ2icBWR8Wu/GlHJ4
JaQSMiYczhyVaY5Dv+UwLuWj5gfcX4y+1zWIyZumWYekAaBNwZmtQTJNyPmnkv3p
YvwxtrhwVC3y56GjUuVALtdzLPgx9KPRCsSZXXuNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMn32zY2odDw5KwVCPHB8h4GRZuAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgzOTVlNjNhLWE3YjMtNDBmMC1hYTRiLWVjZDUxNDZhM2ZhMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHg+QM3xrXkYHWNdMJs4tYYXaLLc
8Ph/6WhxP5xIJikqXiHBNtAM0IQTdhdF6pD8DH0nupGwvBvjbAO9mpkHevTl3rcI
lAXXDOgVahxrFoFEkg4Az1fl3zKL4d3fh/v+RSiKWWFw2GswoWP90yxCRbwccuNn
qgzqTMOqg2qbxrxn7uMZhTbH4qmB4FoOP+R5cP8+Fth8ivgpiVaLaMghqtg2wCTE
qcH/bw7br5Ib1SVw2KpxtY+iuDYSCdY0MWen/8M7744J3ducUH+v7HyxdYzB++h4
eibOuiYSFrRAyezfXLII7ehMeuIQbIwXLTA7vpwlaIXDh9u5JQNwBzWqlKE=
-----END CERTIFICATE-----