Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/861fd6a8-d64b-4d27-a0e6-7d67f0f99246.roa
File:                     861fd6a8-d64b-4d27-a0e6-7d67f0f99246.roa (raw, json)
Hash identifier:          M4+9tbmSFL0RnvYN/yhIoaC1mx/hb56zmkz8M9LPZGU=
Subject key identifier:   9D:FA:00:E2:9E:44:CA:84:22:41:2E:D6:F4:E2:C2:97:22:A2:A5:9E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0B5826D17DCDD49896ED5A5BC908172E625DB5C6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/861fd6a8-d64b-4d27-a0e6-7d67f0f99246.roa
Signing time:             Wed 07 Aug 2024 00:00:00 +0000
ROA not before:           Wed 07 Aug 2024 00:00:00 +0000
ROA not after:            Wed 11 Sep 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:58:26:d1:7d:cd:d4:98:96:ed:5a:5b:c9:08:17:2e:62:5d:b5:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  7 00:00:00 2024 GMT
            Not After : Sep 11 23:59:59 2024 GMT
        Subject: serialNumber=85fd1e682e6d03bfe854697dbce7e9773e5a72ff2ade8dc4a37ad969aa125670, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:9e:8a:e2:01:74:56:ce:05:be:6d:23:7a:d7:
                    17:3c:66:34:37:e5:7f:ed:63:68:5d:02:4d:e0:10:
                    a8:05:46:6a:66:30:dc:b8:5f:38:a6:4a:f4:fb:17:
                    c6:da:e7:e1:ff:f7:3b:a5:4f:0c:39:a7:c0:69:05:
                    2a:1e:0f:d6:1b:7e:91:74:1d:38:92:39:32:c9:93:
                    cb:e0:16:5c:bc:e4:40:4f:b0:be:7a:0e:7a:67:eb:
                    ca:df:20:e7:6b:ed:d9:13:cd:4d:d1:01:74:38:08:
                    11:1d:d3:82:06:b1:ba:06:6f:47:5e:ee:88:0e:4a:
                    cf:76:20:53:37:26:20:ec:cf:39:5f:a2:f7:ea:95:
                    df:18:dd:bb:43:de:ff:09:83:53:ff:b7:ad:0f:c9:
                    6e:ce:fe:39:a8:ef:f5:5e:99:3f:bb:3b:41:53:ea:
                    90:db:10:e0:71:d6:4d:70:12:5f:a4:07:f5:03:13:
                    b9:24:25:89:44:0c:8c:3e:14:0e:ba:0d:7c:eb:1f:
                    a5:a5:6e:f8:8a:c5:af:95:7c:3d:78:74:f8:f4:05:
                    71:a8:63:8e:67:2f:11:16:57:a1:81:b3:f3:95:ac:
                    6c:87:4a:b2:02:ac:92:15:a6:7b:02:ac:3d:a0:88:
                    c8:13:3e:1a:9b:d3:b6:c0:3a:3f:a7:95:3a:7f:52:
                    54:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:FA:00:E2:9E:44:CA:84:22:41:2E:D6:F4:E2:C2:97:22:A2:A5:9E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/861fd6a8-d64b-4d27-a0e6-7d67f0f99246.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:ea:53:48:cf:be:69:fe:57:26:0e:e5:60:ce:39:c4:cd:80:
         36:fd:9b:a1:32:02:24:09:d3:2a:06:2b:61:77:b8:f3:aa:71:
         d8:71:04:96:99:c4:c4:2f:15:cf:1e:b0:2a:7e:ea:15:c7:9a:
         a7:12:f6:17:d5:1b:51:e8:8b:4a:09:bb:52:6e:a5:3b:82:94:
         ce:b3:be:6b:58:fc:93:72:ad:be:f5:82:b8:20:92:c6:ce:c2:
         b4:b3:47:fa:f9:1b:be:52:e8:0a:b2:bd:cb:bd:fd:ba:45:b1:
         a7:0b:9f:1f:90:fd:13:22:6d:f8:d0:e5:bd:7e:4d:87:27:7d:
         fc:58:03:68:49:81:39:3a:89:b8:95:14:86:dc:b5:41:ae:61:
         42:ec:c8:53:8d:d2:1f:00:a6:a3:bd:a1:92:0e:78:26:bc:e4:
         0f:3f:16:c9:c6:1f:b6:5a:74:d2:14:04:6c:2e:35:c4:75:97:
         71:e2:74:9f:9e:0a:d3:98:d7:5a:ab:bb:16:17:41:3d:cd:57:
         97:d1:7a:84:05:43:71:33:5c:71:41:e5:88:b9:47:3c:cf:52:
         4a:9e:58:ba:50:c6:00:2b:1f:5d:0c:08:d7:09:ed:7f:d1:dd:
         d3:7d:45:bf:ec:c3:f5:d8:d9:53:32:70:49:6d:4e:3c:4f:21:
         33:5a:cd:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC1gm0X3N1JiW7VpbyQgXLmJdtcYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODA3MDAwMDAwWhcNMjQwOTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NWZkMWU2ODJlNmQwM2JmZTg1NDY5N2RiY2U3ZTk3NzNl
NWE3MmZmMmFkZThkYzRhMzdhZDk2OWFhMTI1NjcwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJnoriAXRWzgW+bSN61xc8ZjQ35X/tY2hdAk3gEKgFRmpm
MNy4XzimSvT7F8ba5+H/9zulTww5p8BpBSoeD9YbfpF0HTiSOTLJk8vgFly85EBP
sL56Dnpn68rfIOdr7dkTzU3RAXQ4CBEd04IGsboGb0de7ogOSs92IFM3JiDszzlf
ovfqld8Y3btD3v8Jg1P/t60PyW7O/jmo7/VemT+7O0FT6pDbEOBx1k1wEl+kB/UD
E7kkJYlEDIw+FA66DXzrH6WlbviKxa+VfD14dPj0BXGoY45nLxEWV6GBs/OVrGyH
SrICrJIVpnsCrD2giMgTPhqb07bAOj+nlTp/UlT9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnfoA4p5EyoQiQS7W9OLClyKipZ4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg2MWZkNmE4LWQ2NGItNGQyNy1hMGU2LTdkNjdmMGY5OTI0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIDqU0jPvmn+VyYO5WDOOcTNgDb9
m6EyAiQJ0yoGK2F3uPOqcdhxBJaZxMQvFc8esCp+6hXHmqcS9hfVG1Hoi0oJu1Ju
pTuClM6zvmtY/JNyrb71grggksbOwrSzR/r5G75S6Aqyvcu9/bpFsacLnx+Q/RMi
bfjQ5b1+TYcnffxYA2hJgTk6ibiVFIbctUGuYULsyFON0h8ApqO9oZIOeCa85A8/
FsnGH7ZadNIUBGwuNcR1l3HidJ+eCtOY11qruxYXQT3NV5fReoQFQ3EzXHFB5Yi5
RzzPUkqeWLpQxgArH10MCNcJ7X/R3dN9Rb/sw/XY2VMycEltTjxPITNazVQ=
-----END CERTIFICATE-----