Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b0c515cb-f7a7-4464-83c5-74dc983719dc.roa
File:                     b0c515cb-f7a7-4464-83c5-74dc983719dc.roa (raw, json)
Hash identifier:          52nATCbOuhPogXMsYBIU8o0LPy5srlIZb3xcXycZjR0=
Subject key identifier:   7C:F9:6C:17:A2:6D:9A:C1:27:79:C0:D7:2C:91:62:05:92:35:63:A9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       45C0CE8B1BB678A90DA784F9C7CBD5D61CA42E09
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b0c515cb-f7a7-4464-83c5-74dc983719dc.roa
Signing time:             Wed 25 Sep 2024 00:00:00 +0000
ROA not before:           Wed 25 Sep 2024 00:00:00 +0000
ROA not after:            Wed 30 Oct 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:c0:ce:8b:1b:b6:78:a9:0d:a7:84:f9:c7:cb:d5:d6:1c:a4:2e:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 25 00:00:00 2024 GMT
            Not After : Oct 30 23:59:59 2024 GMT
        Subject: serialNumber=f8875fb26ed6b89b48011d66c40a4d41ef16260d43804ec378d08a1861d3cf75, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5e:e0:d2:bb:2b:54:da:68:81:ed:a2:e0:23:
                    1a:21:ab:8c:cb:31:c9:6a:12:b6:af:f1:c9:6b:c0:
                    42:4a:43:2b:f2:5d:d0:39:1c:53:ab:7d:6b:22:56:
                    30:8e:ea:ea:4b:6b:5d:e0:7a:4f:77:76:a0:81:ce:
                    2c:18:2b:c5:4c:a8:7b:72:42:37:af:ba:25:fc:ac:
                    46:99:5f:88:0a:a7:63:d6:b2:23:c1:c6:09:b4:c8:
                    e9:f6:c7:b1:f9:3f:57:8e:a3:99:4a:6c:2a:06:6d:
                    b5:7a:63:b3:cf:91:65:8e:aa:e2:40:77:3b:d1:12:
                    ac:9f:1d:fc:13:d7:b7:7a:c8:31:7a:76:7d:b0:71:
                    58:fb:8c:ce:85:7c:d8:a7:a8:8c:6b:23:fb:77:1c:
                    0f:56:76:67:dc:cd:52:76:6d:80:54:a8:ab:3b:a8:
                    b8:65:e9:a5:57:c8:56:9c:d7:90:b0:0a:cd:fb:a7:
                    1a:3f:fd:45:f2:4d:5d:da:90:da:50:66:e3:f9:e3:
                    12:40:6b:5a:4b:f6:a1:97:68:9c:00:87:4b:91:95:
                    e3:a0:6d:a0:44:d3:e6:06:31:c3:48:0a:5e:66:dc:
                    03:db:d5:9b:ad:68:03:18:e6:18:17:75:6b:22:8f:
                    3b:e5:6c:20:8f:80:ee:f6:a8:1a:e6:5c:a7:5a:4d:
                    92:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F9:6C:17:A2:6D:9A:C1:27:79:C0:D7:2C:91:62:05:92:35:63:A9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b0c515cb-f7a7-4464-83c5-74dc983719dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:ca:36:cb:50:9b:2e:15:37:c2:5a:60:98:81:47:88:b6:ad:
         12:6e:75:a4:ca:ca:24:ad:09:8a:9b:aa:d7:f0:19:59:a7:98:
         dc:60:f6:56:53:75:f4:9f:b2:f1:cf:96:76:09:85:1d:83:6f:
         0e:84:21:54:0e:9e:03:b0:fd:b5:72:2e:6a:59:3e:e7:b7:d7:
         35:fb:03:b8:20:c6:f3:26:d2:3b:11:28:e7:c8:79:49:1c:e4:
         3c:1f:95:f3:31:43:ae:95:4b:a9:ef:86:66:96:88:60:ad:7c:
         ce:0e:51:0c:2e:0a:b3:0b:ab:68:46:76:8f:e2:fb:39:03:b7:
         da:90:b4:48:cb:8b:ef:cf:b8:7e:41:a4:cc:eb:25:f1:1d:a0:
         9a:a0:62:6f:c4:11:0c:a1:c3:c3:81:21:c5:ff:8d:71:a9:5a:
         0d:ba:35:83:38:99:f4:d4:fb:97:29:79:ea:f4:02:b5:9a:2b:
         44:c6:1c:5c:77:f6:53:b8:0b:bc:dc:c1:5c:3a:0c:1f:bc:e9:
         15:10:b6:bf:13:68:f2:70:61:f0:a0:9c:0d:7a:b8:3c:ea:6d:
         59:03:72:5a:6a:d1:4a:47:00:68:bb:61:ec:8a:7f:2a:f4:fc:
         a2:f7:e4:3c:f1:75:08:f0:7d:ac:a9:8d:6e:a3:97:37:52:c8:
         6f:c0:1b:ba
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURcDOixu2eKkNp4T5x8vV1hykLgkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwOTI1MDAwMDAwWhcNMjQxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmODg3NWZiMjZlZDZiODliNDgwMTFkNjZjNDBhNGQ0MWVm
MTYyNjBkNDM4MDRlYzM3OGQwOGExODYxZDNjZjc1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSXuDSuytU2miB7aLgIxohq4zLMclqErav8clrwEJKQyvy
XdA5HFOrfWsiVjCO6upLa13gek93dqCBziwYK8VMqHtyQjevuiX8rEaZX4gKp2PW
siPBxgm0yOn2x7H5P1eOo5lKbCoGbbV6Y7PPkWWOquJAdzvREqyfHfwT17d6yDF6
dn2wcVj7jM6FfNinqIxrI/t3HA9WdmfczVJ2bYBUqKs7qLhl6aVXyFac15CwCs37
pxo//UXyTV3akNpQZuP54xJAa1pL9qGXaJwAh0uRleOgbaBE0+YGMcNICl5m3APb
1ZutaAMY5hgXdWsijzvlbCCPgO72qBrmXKdaTZJxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfPlsF6JtmsEnecDXLJFiBZI1Y6kwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2IwYzUxNWNiLWY3YTctNDQ2NC04M2M1LTc0ZGM5ODM3MTlkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEnKNstQmy4VN8JaYJiBR4i2rRJu
daTKyiStCYqbqtfwGVmnmNxg9lZTdfSfsvHPlnYJhR2Dbw6EIVQOngOw/bVyLmpZ
Pue31zX7A7ggxvMm0jsRKOfIeUkc5DwflfMxQ66VS6nvhmaWiGCtfM4OUQwuCrML
q2hGdo/i+zkDt9qQtEjLi+/PuH5BpMzrJfEdoJqgYm/EEQyhw8OBIcX/jXGpWg26
NYM4mfTU+5cpeer0ArWaK0TGHFx39lO4C7zcwVw6DB+86RUQtr8TaPJwYfCgnA16
uDzqbVkDclpq0UpHAGi7YeyKfyr0/KL35DzxdQjwfaypjW6jlzdSyG/AG7o=
-----END CERTIFICATE-----