Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1188809-d8e1-4dda-b226-5f1174c9e51e.roa
File:                     c1188809-d8e1-4dda-b226-5f1174c9e51e.roa (raw, json)
Hash identifier:          0xjmktzf3ER97iyiukZXr9OdoT5SSEAsveZh/xOKdfg=
Subject key identifier:   09:EB:64:B5:CF:A4:E4:1B:B7:97:44:9F:4E:F6:CA:E6:2A:4C:E2:47
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2A6EEAAC423D1E223EBFA074043F49608A77F19C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1188809-d8e1-4dda-b226-5f1174c9e51e.roa
Signing time:             Thu 31 Oct 2024 00:00:00 +0000
ROA not before:           Thu 31 Oct 2024 00:00:00 +0000
ROA not after:            Thu 05 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:6e:ea:ac:42:3d:1e:22:3e:bf:a0:74:04:3f:49:60:8a:77:f1:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 31 00:00:00 2024 GMT
            Not After : Dec  5 23:59:59 2024 GMT
        Subject: serialNumber=3cf28892d97cb6ed511399a23b0ab0ced32583f05d55779a1c74d4d5e72b03e2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a6:40:1c:b5:34:e7:32:c4:5a:b9:94:be:31:
                    f8:33:86:c3:b4:7d:8a:ba:76:30:46:b4:01:2b:6b:
                    c7:14:54:ce:eb:86:19:c2:48:7d:b5:5d:c5:21:a9:
                    b9:0a:21:f5:a4:85:0a:87:8c:68:a8:50:6f:37:f8:
                    53:38:05:f7:d2:c6:81:4f:a4:e0:51:d2:f4:9e:14:
                    26:b6:42:d2:51:03:ff:93:e1:94:5b:00:13:21:ef:
                    72:ab:62:2d:3b:67:ef:cd:b9:e1:9c:53:b9:e3:4a:
                    e0:ef:9d:0c:2a:f3:43:ef:f8:32:71:47:2f:f6:50:
                    2d:ea:2a:65:d0:dd:3f:69:27:f4:02:e1:84:3b:1a:
                    87:09:d9:e6:14:b5:57:fe:c7:12:69:9b:7e:e3:b2:
                    ac:66:3a:43:78:31:a5:a3:56:f3:2e:c1:fe:95:c0:
                    32:7b:f1:c6:c7:29:48:52:75:8d:1f:ba:b8:85:6e:
                    32:9f:b5:ca:93:d1:3b:25:f1:36:5a:36:3e:6b:e0:
                    61:b7:8a:c3:ac:3f:7d:18:a1:c2:88:25:05:2f:19:
                    a8:bd:c1:7a:cb:28:84:7f:dc:ab:b6:a8:8a:4a:42:
                    0b:70:69:27:05:c0:f3:af:18:33:af:1b:0e:ec:60:
                    9c:7e:9e:f9:ee:23:9d:59:5d:08:9b:c7:44:06:1f:
                    3a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:EB:64:B5:CF:A4:E4:1B:B7:97:44:9F:4E:F6:CA:E6:2A:4C:E2:47
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1188809-d8e1-4dda-b226-5f1174c9e51e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:73:b0:ae:ad:f9:19:c2:80:91:35:8a:dc:cf:74:d4:01:09:
         d5:be:1e:11:8e:b3:f6:0d:a7:31:ff:71:a5:ab:9a:0f:cd:df:
         2a:1b:57:cb:69:3b:4e:ab:b9:bd:90:92:aa:2c:b2:2f:f5:e0:
         d3:42:54:53:d5:bd:0b:4d:0c:59:e8:f3:ea:fd:72:68:af:29:
         a7:e0:37:d1:16:9a:a4:31:49:e9:06:83:32:2f:4e:66:15:3b:
         62:09:fd:20:0f:9a:9f:66:16:8b:e0:15:60:33:03:39:92:8e:
         c5:d2:6a:95:1c:a2:5e:b8:f2:d2:f7:0d:9a:f8:cf:19:57:79:
         5b:eb:db:cd:74:5b:31:d1:42:25:ac:48:19:39:40:c4:91:4d:
         ba:be:da:09:0f:5d:f8:83:a9:57:67:0c:2c:ef:6f:e0:bd:b9:
         87:21:df:a6:05:0e:18:a2:8c:b5:81:ef:ef:43:2e:36:83:9f:
         08:ed:fe:b4:a1:f8:d1:21:22:81:0a:ce:84:6f:61:f7:43:0a:
         d7:c7:0c:93:2f:c8:5e:62:b7:a0:80:e5:f2:8e:1d:ec:d8:24:
         cc:4f:cf:6f:18:fa:99:06:5d:3b:ac:07:41:84:ac:c8:91:89:
         5f:05:af:9d:dd:fa:e9:5e:1a:45:df:16:c0:8f:8f:99:a5:e6:
         2a:ac:1a:50
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKm7qrEI9HiI+v6B0BD9JYIp38ZwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDMxMDAwMDAwWhcNMjQxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzY2YyODg5MmQ5N2NiNmVkNTExMzk5YTIzYjBhYjBjZWQz
MjU4M2YwNWQ1NTc3OWExYzc0ZDRkNWU3MmIwM2UyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgpkActTTnMsRauZS+MfgzhsO0fYq6djBGtAEra8cUVM7r
hhnCSH21XcUhqbkKIfWkhQqHjGioUG83+FM4BffSxoFPpOBR0vSeFCa2QtJRA/+T
4ZRbABMh73KrYi07Z+/NueGcU7njSuDvnQwq80Pv+DJxRy/2UC3qKmXQ3T9pJ/QC
4YQ7GocJ2eYUtVf+xxJpm37jsqxmOkN4MaWjVvMuwf6VwDJ78cbHKUhSdY0furiF
bjKftcqT0Tsl8TZaNj5r4GG3isOsP30YocKIJQUvGai9wXrLKIR/3Ku2qIpKQgtw
aScFwPOvGDOvGw7sYJx+nvnuI51ZXQibx0QGHzr9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCetktc+k5Bu3l0SfTvbK5ipM4kcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2MxMTg4ODA5LWQ4ZTEtNGRkYS1iMjI2LTVmMTE3NGM5ZTUxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAElzsK6t+RnCgJE1itzPdNQBCdW+
HhGOs/YNpzH/caWrmg/N3yobV8tpO06rub2Qkqossi/14NNCVFPVvQtNDFno8+r9
cmivKafgN9EWmqQxSekGgzIvTmYVO2IJ/SAPmp9mFovgFWAzAzmSjsXSapUcol64
8tL3DZr4zxlXeVvr2810WzHRQiWsSBk5QMSRTbq+2gkPXfiDqVdnDCzvb+C9uYch
36YFDhiijLWB7+9DLjaDnwjt/rSh+NEhIoEKzoRvYfdDCtfHDJMvyF5it6CA5fKO
HezYJMxPz28Y+pkGXTusB0GErMiRiV8Fr53d+uleGkXfFsCPj5ml5iqsGlA=
-----END CERTIFICATE-----