Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/976c15c1-cded-45cf-8e45-5367d60027b5.roa
File:                     976c15c1-cded-45cf-8e45-5367d60027b5.roa (raw, json)
Hash identifier:          g90OdEMsf67G1rd/t9Y6mZfVuxzeIbP4sTGWLk8e0GU=
Subject key identifier:   C7:3B:69:39:53:40:C0:67:AE:C1:55:DC:87:36:68:E2:C1:2B:9B:F9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       50DE042570715AC8D275BDF2920A892C69EAB1A3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/976c15c1-cded-45cf-8e45-5367d60027b5.roa
Signing time:             Fri 28 Jun 2024 00:00:00 +0000
ROA not before:           Fri 28 Jun 2024 00:00:00 +0000
ROA not after:            Fri 02 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:de:04:25:70:71:5a:c8:d2:75:bd:f2:92:0a:89:2c:69:ea:b1:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 28 00:00:00 2024 GMT
            Not After : Aug  2 23:59:59 2024 GMT
        Subject: serialNumber=a241f84c404de5d7e41b652fc72c11db31095754124898521d69a0c03702a22f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:83:10:87:fb:ec:a1:5c:0d:cf:35:1a:81:76:
                    46:37:4c:3a:f6:70:27:53:de:e7:b4:85:8b:bd:90:
                    de:15:0a:c4:27:1f:ef:06:0b:3a:b3:42:cc:a1:5d:
                    ec:08:b5:77:83:c3:fc:e4:3f:72:98:80:66:a6:90:
                    28:12:b0:e4:fd:4b:50:f9:85:ed:54:41:70:b1:c2:
                    c9:44:9e:e7:aa:a9:62:89:aa:ae:c5:b1:6d:51:06:
                    7c:53:88:29:7e:9b:e6:37:43:38:56:26:42:59:54:
                    36:2d:e5:8a:9c:3f:1c:bd:8d:9c:85:f7:09:b2:00:
                    f1:a3:f8:11:36:af:03:0d:81:b5:a4:4f:1d:e1:f6:
                    97:c1:4d:8f:41:d0:a9:bb:b7:ce:5b:45:ed:46:bf:
                    72:9e:94:0c:1a:d6:9e:40:8e:63:33:0a:80:b4:3c:
                    2f:b4:6d:4b:3f:e7:82:e1:e7:8a:20:65:b9:f7:85:
                    62:9e:06:e9:51:f5:37:0e:c0:40:cc:56:63:e1:43:
                    42:40:22:9c:02:ba:2f:db:cc:8c:0d:fe:a3:74:8f:
                    75:1b:c6:fb:7d:0c:db:f6:55:f3:ef:fc:d5:64:7d:
                    96:9b:4f:d6:62:e3:87:aa:a8:97:85:bf:47:8a:3e:
                    4d:43:19:56:57:85:8f:ad:27:97:f9:a4:da:11:0e:
                    2f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:3B:69:39:53:40:C0:67:AE:C1:55:DC:87:36:68:E2:C1:2B:9B:F9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/976c15c1-cded-45cf-8e45-5367d60027b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:d5:9a:82:06:79:ba:d7:e9:50:4c:11:7c:c6:f1:97:11:0f:
         c3:ab:35:37:b4:bb:32:02:94:65:ab:f8:53:d0:ee:01:58:03:
         da:7f:23:2a:96:8d:cd:98:a0:28:95:01:8a:b0:56:c1:af:71:
         be:6a:a8:ef:94:99:10:25:5c:ff:38:39:68:b9:5f:78:ff:82:
         60:47:c8:00:6f:b2:5f:13:0f:ef:c9:dd:d1:8f:84:3e:53:f7:
         c3:ea:56:06:ed:4a:c7:42:9f:0d:48:36:03:2f:4c:35:cb:5a:
         b3:87:ee:69:24:6d:98:e4:29:01:51:50:7a:90:7c:f0:7d:aa:
         26:b8:bb:0a:a5:f5:25:b0:ef:a8:d8:0a:1a:6b:06:43:80:d9:
         e4:e5:9a:99:3b:6e:33:c4:f8:6b:49:68:f7:dc:cf:2c:24:07:
         19:01:6b:80:6f:b1:0a:8e:6f:73:73:c4:36:ce:0c:4b:e0:7d:
         20:16:29:2b:c4:ed:66:fd:3e:24:3d:7a:02:7d:70:e0:3f:72:
         87:7f:a7:63:4e:85:b6:d6:10:08:8f:4e:77:e6:27:fa:c2:82:
         19:54:f4:ca:e2:34:5d:ae:c1:96:b4:c0:2f:82:f8:4d:ef:db:
         61:a8:eb:29:fa:62:38:cc:20:88:2c:c0:56:d8:40:27:6b:22:
         23:f9:09:5b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUN4EJXBxWsjSdb3ykgqJLGnqsaMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNjI4MDAwMDAwWhcNMjQwODAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjQxZjg0YzQwNGRlNWQ3ZTQxYjY1MmZjNzJjMTFkYjMx
MDk1NzU0MTI0ODk4NTIxZDY5YTBjMDM3MDJhMjJmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9gxCH++yhXA3PNRqBdkY3TDr2cCdT3ue0hYu9kN4VCsQn
H+8GCzqzQsyhXewItXeDw/zkP3KYgGamkCgSsOT9S1D5he1UQXCxwslEnueqqWKJ
qq7FsW1RBnxTiCl+m+Y3QzhWJkJZVDYt5YqcPxy9jZyF9wmyAPGj+BE2rwMNgbWk
Tx3h9pfBTY9B0Km7t85bRe1Gv3KelAwa1p5AjmMzCoC0PC+0bUs/54Lh54ogZbn3
hWKeBulR9TcOwEDMVmPhQ0JAIpwCui/bzIwN/qN0j3Ubxvt9DNv2VfPv/NVkfZab
T9Zi44eqqJeFv0eKPk1DGVZXhY+tJ5f5pNoRDi8jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxztpOVNAwGeuwVXchzZo4sErm/kwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk3NmMxNWMxLWNkZWQtNDVjZi04ZTQ1LTUzNjdkNjAwMjdiNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJTVmoIGebrX6VBMEXzG8ZcRD8Or
NTe0uzIClGWr+FPQ7gFYA9p/IyqWjc2YoCiVAYqwVsGvcb5qqO+UmRAlXP84OWi5
X3j/gmBHyABvsl8TD+/J3dGPhD5T98PqVgbtSsdCnw1INgMvTDXLWrOH7mkkbZjk
KQFRUHqQfPB9qia4uwql9SWw76jYChprBkOA2eTlmpk7bjPE+GtJaPfczywkBxkB
a4BvsQqOb3NzxDbODEvgfSAWKSvE7Wb9PiQ9egJ9cOA/cod/p2NOhbbWEAiPTnfm
J/rCghlU9MriNF2uwZa0wC+C+E3v22Go6yn6YjjMIIgswFbYQCdrIiP5CVs=
-----END CERTIFICATE-----