Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/acd32106-10ab-40c8-9ecf-d3cffa246010.roa
File:                     acd32106-10ab-40c8-9ecf-d3cffa246010.roa (raw, json)
Hash identifier:          g/eq4qbNptAIdBpfJt0MXNov8vnYoKFeZTHqQkq+B3g=
Subject key identifier:   72:AB:B5:FB:3B:E2:6D:41:1A:53:09:C2:4B:94:31:60:4F:F7:76:68
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       09EE0A6B7BEFEE793A59B516577838587B1C1E00
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/acd32106-10ab-40c8-9ecf-d3cffa246010.roa
Signing time:             Tue 07 May 2024 00:00:00 +0000
ROA not before:           Tue 07 May 2024 00:00:00 +0000
ROA not after:            Tue 11 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:ee:0a:6b:7b:ef:ee:79:3a:59:b5:16:57:78:38:58:7b:1c:1e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May  7 00:00:00 2024 GMT
            Not After : Jun 11 23:59:59 2024 GMT
        Subject: serialNumber=d50b328837273e7efaddce7e4ede9bfe20a249ed7238797d5dd1a62f02eea0c9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:96:94:f3:63:b2:c5:49:eb:40:f7:e1:b9:74:
                    a9:31:5b:29:33:ad:e2:3d:de:80:08:29:86:a0:8d:
                    70:4e:f6:29:bd:05:c9:89:05:06:52:96:28:2c:f0:
                    39:dc:4d:a3:d4:42:80:b7:91:3d:34:40:aa:dd:84:
                    57:48:2f:3a:e0:41:38:40:bb:6e:ec:94:4c:4f:53:
                    5d:69:0a:d5:74:e2:a4:e7:18:4a:36:af:72:15:9f:
                    a1:19:2f:95:13:bc:83:3e:2d:91:52:4a:3c:05:13:
                    1a:a1:de:45:91:73:3c:9d:c7:d1:c6:cd:c2:3e:9e:
                    f2:8f:49:55:c4:f7:20:5d:7d:9b:61:90:87:a9:92:
                    91:dd:43:a5:e6:e1:9e:06:0e:17:f5:70:bb:99:5a:
                    84:81:9e:5d:06:0c:ae:7c:2c:9e:97:23:2d:d6:56:
                    9f:03:52:16:33:c7:0e:83:78:3d:b6:d1:e0:3b:99:
                    fb:f9:d7:0d:d3:41:15:77:d4:ff:b2:da:4c:c5:38:
                    e4:03:83:5f:79:e4:0f:32:75:a1:26:51:be:11:1f:
                    26:83:d4:61:ca:33:83:85:3f:33:37:b5:b6:52:d3:
                    c1:f9:da:2e:98:3a:b3:48:f9:79:a6:6e:f1:0c:d9:
                    62:97:8e:00:d6:04:2b:9e:da:a3:9f:2c:76:9b:14:
                    fa:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:AB:B5:FB:3B:E2:6D:41:1A:53:09:C2:4B:94:31:60:4F:F7:76:68
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/acd32106-10ab-40c8-9ecf-d3cffa246010.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:f3:b6:52:dd:1e:15:78:00:ce:75:b6:2d:41:34:b8:82:a3:
         73:eb:7c:08:b8:6b:8d:75:2e:23:dd:c1:d4:2a:8a:5f:33:20:
         66:b4:a6:36:39:d9:e9:87:e9:a3:69:a4:5d:14:67:b3:c3:b0:
         0c:32:cc:86:a2:bf:23:0f:b5:e3:05:f6:10:d6:97:bd:3e:97:
         59:ba:30:1e:e4:ef:91:38:02:87:9a:07:2e:d2:5d:cf:17:ae:
         6e:56:fd:79:ae:ab:1c:42:6d:28:4d:cf:59:82:98:7a:1c:79:
         28:22:f1:94:cf:b1:2a:ea:b3:b1:26:8b:c3:f5:67:7c:06:d6:
         59:22:79:1f:bf:52:89:1e:df:af:b1:7e:50:5d:a8:35:3c:48:
         b6:e5:a8:8b:c3:f1:2e:8d:7f:86:da:1a:6f:d1:35:73:cb:70:
         e4:9b:56:d4:2e:d4:25:ec:60:b4:50:68:58:cc:02:35:28:47:
         0f:b4:5c:79:86:51:1d:a2:d0:78:ca:4d:0a:c3:d7:07:62:5e:
         9e:c5:fe:e2:29:6a:9c:8b:d0:29:70:74:3a:37:19:87:b5:5a:
         27:2b:a0:d0:f3:24:92:75:ac:2b:b7:20:ba:c6:d0:42:e0:1d:
         3e:52:f0:5b:d6:c6:fe:01:ee:fe:0d:b8:01:28:77:e0:6c:89:
         d4:18:9e:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCe4Ka3vv7nk6WbUWV3g4WHscHgAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTA3MDAwMDAwWhcNMjQwNjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTBiMzI4ODM3MjczZTdlZmFkZGNlN2U0ZWRlOWJmZTIw
YTI0OWVkNzIzODc5N2Q1ZGQxYTYyZjAyZWVhMGM5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPlpTzY7LFSetA9+G5dKkxWykzreI93oAIKYagjXBO9im9
BcmJBQZSligs8DncTaPUQoC3kT00QKrdhFdILzrgQThAu27slExPU11pCtV04qTn
GEo2r3IVn6EZL5UTvIM+LZFSSjwFExqh3kWRczydx9HGzcI+nvKPSVXE9yBdfZth
kIepkpHdQ6Xm4Z4GDhf1cLuZWoSBnl0GDK58LJ6XIy3WVp8DUhYzxw6DeD220eA7
mfv51w3TQRV31P+y2kzFOOQDg1955A8ydaEmUb4RHyaD1GHKM4OFPzM3tbZS08H5
2i6YOrNI+XmmbvEM2WKXjgDWBCue2qOfLHabFPpvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcqu1+zvibUEaUwnCS5QxYE/3dmgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FjZDMyMTA2LTEwYWItNDBjOC05ZWNmLWQzY2ZmYTI0NjAxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABfztlLdHhV4AM51ti1BNLiCo3Pr
fAi4a411LiPdwdQqil8zIGa0pjY52emH6aNppF0UZ7PDsAwyzIaivyMPteMF9hDW
l70+l1m6MB7k75E4AoeaBy7SXc8Xrm5W/XmuqxxCbShNz1mCmHoceSgi8ZTPsSrq
s7Emi8P1Z3wG1lkieR+/Uoke36+xflBdqDU8SLblqIvD8S6Nf4baGm/RNXPLcOSb
VtQu1CXsYLRQaFjMAjUoRw+0XHmGUR2i0HjKTQrD1wdiXp7F/uIpapyL0ClwdDo3
GYe1WicroNDzJJJ1rCu3ILrG0ELgHT5S8FvWxv4B7v4NuAEod+BsidQYnnI=
-----END CERTIFICATE-----