Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c06416b4-bb97-4791-bfaf-7577c747da71.roa
File:                     c06416b4-bb97-4791-bfaf-7577c747da71.roa (raw, json)
Hash identifier:          rFkm+Vjt1tCvkauslmJPx8KDdJNvoeQ+oFK5JCZ/DIE=
Subject key identifier:   41:BA:1C:BA:E4:CF:D8:BD:06:AC:51:C6:F5:F1:D0:F8:A3:24:5E:96
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0149144036F55272B4A7B02299F34112DC29668B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c06416b4-bb97-4791-bfaf-7577c747da71.roa
Signing time:             Sun 25 Feb 2024 00:00:00 +0000
ROA not before:           Sun 25 Feb 2024 00:00:00 +0000
ROA not after:            Sun 31 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:49:14:40:36:f5:52:72:b4:a7:b0:22:99:f3:41:12:dc:29:66:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 25 00:00:00 2024 GMT
            Not After : Mar 31 23:59:59 2024 GMT
        Subject: serialNumber=6aaf3abe5aede0ead7c7b48e8d83a86481908c50bdfd0105ea2c8cbb30229045, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:de:36:7e:bf:ab:d6:09:3c:f5:d7:25:16:36:
                    3b:f6:2a:ef:d2:b2:7c:59:29:9a:4a:9e:38:47:2e:
                    9f:ba:6a:75:0a:f9:56:75:2c:de:15:8d:ea:de:e4:
                    43:79:84:23:28:67:26:c3:26:e4:3c:29:3e:1d:cb:
                    29:c3:af:f4:65:4f:27:a1:b4:0e:dd:bf:fc:f5:38:
                    81:2e:4b:97:f2:94:7c:6c:a8:30:4d:b5:89:d3:3f:
                    5b:3a:90:2d:e5:ff:cd:6e:0b:42:e5:c2:6f:4c:19:
                    52:76:ef:84:ff:32:16:e5:db:4e:fd:2d:8d:98:c9:
                    8c:43:47:1c:75:ae:b8:a3:42:e1:90:d9:31:3c:36:
                    ed:8f:79:0b:16:de:e5:17:2f:e8:e0:2a:16:38:9d:
                    e1:14:96:a5:1d:39:f0:5a:71:9c:12:44:b4:66:05:
                    05:a2:e1:3d:ec:58:85:90:81:91:dd:11:09:88:2e:
                    a7:ea:1e:3e:f7:25:f8:63:97:f1:9a:68:61:d1:d7:
                    7b:b4:f9:13:d8:3d:ce:44:1d:36:fa:b5:79:80:0f:
                    b4:62:79:21:74:8f:6f:59:38:04:d5:0a:7c:0c:56:
                    79:b5:0b:96:1c:6a:6b:cc:de:2f:dd:be:e4:d4:a0:
                    b1:62:a1:e9:84:80:f3:ed:e2:8c:09:1b:70:af:60:
                    ba:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:BA:1C:BA:E4:CF:D8:BD:06:AC:51:C6:F5:F1:D0:F8:A3:24:5E:96
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c06416b4-bb97-4791-bfaf-7577c747da71.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:d2:4e:c0:6a:ba:7a:db:d7:8f:cd:9f:2e:d5:1f:f0:10:bf:
         4e:60:db:e2:21:64:5a:50:98:77:3e:cc:62:90:e1:a8:1f:d6:
         74:a6:7b:99:c3:ed:85:5d:15:73:92:74:3a:29:bc:a3:99:f8:
         72:78:60:4d:8c:2e:25:b6:64:89:74:f7:22:b4:8e:d4:5d:c6:
         66:c5:ca:c6:ed:fb:59:6b:6a:d1:f2:95:f9:04:ba:31:0f:c2:
         61:07:8e:8d:20:76:d2:5e:74:dc:b8:5e:92:e9:db:39:f4:f9:
         51:db:d1:34:35:3d:f3:fa:29:d7:71:b1:95:42:5d:72:26:5e:
         ac:93:38:39:54:1c:73:05:a7:6a:cd:38:a9:55:2a:60:5f:81:
         8c:0a:d0:c2:de:38:d4:18:43:f4:7c:73:47:9a:af:25:73:99:
         fa:b1:13:95:72:c1:2d:c0:e5:8f:7d:e9:b7:bc:4d:a8:58:cd:
         a8:d4:13:d2:5a:c1:7d:da:a9:0d:2c:fb:e2:1e:6f:5a:11:b9:
         39:9d:49:4a:b9:8a:0e:6a:0f:24:c8:27:ef:0b:a4:7c:1f:d6:
         a5:a5:58:bd:ae:3c:ad:96:ff:60:c4:d6:82:4c:fb:e2:8b:49:
         3b:29:d2:b6:c0:4b:e0:46:95:81:6a:c8:84:e2:87:3a:51:4f:
         93:1e:ec:ab
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAUkUQDb1UnK0p7AimfNBEtwpZoswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjI1MDAwMDAwWhcNMjQwMzMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YWFmM2FiZTVhZWRlMGVhZDdjN2I0OGU4ZDgzYTg2NDgx
OTA4YzUwYmRmZDAxMDVlYTJjOGNiYjMwMjI5MDQ1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv3jZ+v6vWCTz11yUWNjv2Ku/SsnxZKZpKnjhHLp+6anUK
+VZ1LN4Vjere5EN5hCMoZybDJuQ8KT4dyynDr/RlTyehtA7dv/z1OIEuS5fylHxs
qDBNtYnTP1s6kC3l/81uC0Llwm9MGVJ274T/Mhbl2079LY2YyYxDRxx1rrijQuGQ
2TE8Nu2PeQsW3uUXL+jgKhY4neEUlqUdOfBacZwSRLRmBQWi4T3sWIWQgZHdEQmI
LqfqHj73Jfhjl/GaaGHR13u0+RPYPc5EHTb6tXmAD7RieSF0j29ZOATVCnwMVnm1
C5YcamvM3i/dvuTUoLFioemEgPPt4owJG3CvYLrjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQbocuuTP2L0GrFHG9fHQ+KMkXpYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2MwNjQxNmI0LWJiOTctNDc5MS1iZmFmLTc1NzdjNzQ3ZGE3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADPSTsBqunrb14/Nny7VH/AQv05g
2+IhZFpQmHc+zGKQ4agf1nSme5nD7YVdFXOSdDopvKOZ+HJ4YE2MLiW2ZIl09yK0
jtRdxmbFysbt+1lratHylfkEujEPwmEHjo0gdtJedNy4XpLp2zn0+VHb0TQ1PfP6
KddxsZVCXXImXqyTODlUHHMFp2rNOKlVKmBfgYwK0MLeONQYQ/R8c0earyVzmfqx
E5VywS3A5Y996be8TahYzajUE9JawX3aqQ0s++Ieb1oRuTmdSUq5ig5qDyTIJ+8L
pHwf1qWlWL2uPK2W/2DE1oJM++KLSTsp0rbAS+BGlYFqyITihzpRT5Me7Ks=
-----END CERTIFICATE-----