Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdba559-5e3d-421c-ab45-f37051743997.roa
File:                     dcdba559-5e3d-421c-ab45-f37051743997.roa (raw, json)
Hash identifier:          tGa3TWUxcYjL/8lS/J9bv4qT7Uvxbyo4sgi+wKd8k90=
Subject key identifier:   A1:CE:32:86:91:BA:AF:E5:A0:55:71:B0:0D:2D:6F:DE:1C:5F:AB:FF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       72C554056FFD5730C40CAFB4BCFB0F43EF0B22C5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdba559-5e3d-421c-ab45-f37051743997.roa
Signing time:             Thu 18 Jan 2024 00:00:00 +0000
ROA not before:           Thu 18 Jan 2024 00:00:00 +0000
ROA not after:            Thu 22 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:c5:54:05:6f:fd:57:30:c4:0c:af:b4:bc:fb:0f:43:ef:0b:22:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 18 00:00:00 2024 GMT
            Not After : Feb 22 23:59:59 2024 GMT
        Subject: serialNumber=59302347de977c5b34488791400fb6c605d25694b5b9bc28b3c81a544586ba74, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:15:25:0b:07:51:44:3c:18:37:b9:ef:cd:9d:
                    2f:bc:bc:97:cd:48:2a:c7:8f:0d:17:f2:78:02:81:
                    18:68:11:51:73:63:bd:ef:12:32:26:7d:65:d3:47:
                    11:82:0b:4d:4b:6d:21:da:68:a9:5c:2c:69:f4:5c:
                    46:83:c9:6c:cc:df:92:d0:33:1b:f2:41:1e:96:74:
                    13:fd:27:42:0e:f2:84:35:b6:42:f6:e0:90:c9:37:
                    58:81:be:d5:df:5b:64:dd:c5:36:83:54:dc:ef:7a:
                    00:3c:ac:30:89:86:9d:0e:a5:29:fb:ab:87:25:0c:
                    b7:83:a7:01:82:7c:96:01:3d:7f:75:72:6d:bf:c0:
                    a3:dc:2c:f1:1b:80:98:4b:da:2e:59:0c:6b:ba:f7:
                    a4:5e:7f:05:7e:cc:81:06:cd:31:53:bd:61:26:98:
                    3f:44:68:05:1b:a0:da:88:0a:7a:5c:96:2a:6d:a7:
                    1b:7f:9c:67:03:48:86:f2:d2:ec:73:01:9c:b1:2d:
                    be:52:f8:fc:be:42:66:15:e0:b9:d4:d1:12:15:f1:
                    d4:31:3a:1a:10:38:28:53:2a:0b:1f:bf:18:14:75:
                    07:b2:93:e9:f3:d4:78:b6:1a:3e:31:3e:d1:3c:57:
                    0b:a2:d5:8d:4d:92:21:c3:10:67:12:65:64:22:f9:
                    d2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:CE:32:86:91:BA:AF:E5:A0:55:71:B0:0D:2D:6F:DE:1C:5F:AB:FF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdba559-5e3d-421c-ab45-f37051743997.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:30:5a:65:3b:30:4c:43:42:03:15:b2:7f:68:9b:04:f7:1a:
         ae:5b:64:83:8c:62:9a:17:89:9d:7e:c2:07:30:6f:ea:2a:7a:
         5c:f3:01:c3:0c:6a:be:ab:c6:b8:ae:c8:9f:aa:cb:23:d5:85:
         bd:29:3d:9b:b0:c4:0d:80:2c:d1:58:f8:1c:2c:ab:ec:0b:8d:
         3c:72:d2:e7:53:d1:9c:16:6c:bd:34:68:e4:28:ca:2c:77:58:
         66:00:68:47:4a:c3:38:25:8d:38:5e:18:f0:ee:40:31:97:f3:
         0b:83:d1:8f:b3:c6:3c:da:2e:1b:86:1a:3e:1a:1d:dd:e0:7f:
         6d:6e:de:36:4f:5b:f3:a8:71:79:5e:a4:dc:a2:be:de:43:48:
         34:f2:61:87:50:af:af:99:ef:92:b9:3b:a2:9e:aa:2e:78:fc:
         d0:39:0d:85:b4:58:c8:c7:12:b2:96:15:eb:cf:44:01:9b:2d:
         e2:6e:f0:99:f7:2b:e9:0b:06:07:0c:c7:29:d2:fb:e5:5b:53:
         4d:40:e1:c8:24:17:1a:81:22:c2:7d:37:53:d9:c4:07:cd:95:
         60:a2:c1:1a:73:a6:ab:1f:d9:ea:b3:25:db:97:6f:40:f9:88:
         7b:02:48:17:e5:ac:9c:ab:7e:6f:e0:eb:4c:d6:62:16:39:de:
         43:e4:38:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcsVUBW/9VzDEDK+0vPsPQ+8LIsUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTE4MDAwMDAwWhcNMjQwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1OTMwMjM0N2RlOTc3YzViMzQ0ODg3OTE0MDBmYjZjNjA1
ZDI1Njk0YjViOWJjMjhiM2M4MWE1NDQ1ODZiYTc0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxFSULB1FEPBg3ue/NnS+8vJfNSCrHjw0X8ngCgRhoEVFz
Y73vEjImfWXTRxGCC01LbSHaaKlcLGn0XEaDyWzM35LQMxvyQR6WdBP9J0IO8oQ1
tkL24JDJN1iBvtXfW2TdxTaDVNzvegA8rDCJhp0OpSn7q4clDLeDpwGCfJYBPX91
cm2/wKPcLPEbgJhL2i5ZDGu696RefwV+zIEGzTFTvWEmmD9EaAUboNqICnpclipt
pxt/nGcDSIby0uxzAZyxLb5S+Py+QmYV4LnU0RIV8dQxOhoQOChTKgsfvxgUdQey
k+nz1Hi2Gj4xPtE8Vwui1Y1NkiHDEGcSZWQi+dLfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoc4yhpG6r+WgVXGwDS1v3hxfq/8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RjZGJhNTU5LTVlM2QtNDIxYy1hYjQ1LWYzNzA1MTc0Mzk5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACIwWmU7MExDQgMVsn9omwT3Gq5b
ZIOMYpoXiZ1+wgcwb+oqelzzAcMMar6rxriuyJ+qyyPVhb0pPZuwxA2ALNFY+Bws
q+wLjTxy0udT0ZwWbL00aOQoyix3WGYAaEdKwzgljTheGPDuQDGX8wuD0Y+zxjza
LhuGGj4aHd3gf21u3jZPW/OocXlepNyivt5DSDTyYYdQr6+Z75K5O6Keqi54/NA5
DYW0WMjHErKWFevPRAGbLeJu8Jn3K+kLBgcMxynS++VbU01A4cgkFxqBIsJ9N1PZ
xAfNlWCiwRpzpqsf2eqzJduXb0D5iHsCSBflrJyrfm/g60zWYhY53kPkOFo=
-----END CERTIFICATE-----