Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f4428bf3-68ba-4229-916f-564d466b78d5.roa
File:                     f4428bf3-68ba-4229-916f-564d466b78d5.roa (raw, json)
Hash identifier:          TEc88Fag/DeCT7mxyx4tkd1naZGg4Su4PqjxjNOr04s=
Subject key identifier:   20:A3:97:C0:56:A8:63:48:4C:06:E7:B5:0C:B3:65:63:F8:D3:9B:99
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0DA1036D4A7B41DE02B5FD744ABEC0F123C02ED1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f4428bf3-68ba-4229-916f-564d466b78d5.roa
Signing time:             Thu 07 Nov 2024 00:00:00 +0000
ROA not before:           Thu 07 Nov 2024 00:00:00 +0000
ROA not after:            Thu 12 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:a1:03:6d:4a:7b:41:de:02:b5:fd:74:4a:be:c0:f1:23:c0:2e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  7 00:00:00 2024 GMT
            Not After : Dec 12 23:59:59 2024 GMT
        Subject: serialNumber=4e18586002d7036447463c006b7ad09ef6f445602c6f849faadf289d5efbcad7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ad:44:85:13:09:50:01:6e:db:11:a4:5f:ca:
                    01:1c:13:d7:75:04:d2:13:15:d4:bd:05:bf:8c:f2:
                    12:ef:76:1d:59:80:b1:16:7d:82:fc:f6:9d:f3:17:
                    6f:17:38:82:9c:c9:98:da:0c:10:bf:bb:38:33:c0:
                    9e:fe:89:6a:e8:2e:62:4e:14:d7:2f:41:4d:6f:7f:
                    16:1d:07:05:95:42:78:51:c8:e3:f3:fe:bd:21:a2:
                    cf:e8:58:7e:fc:41:e1:ab:e2:df:94:67:63:1c:5d:
                    33:1c:b0:06:f1:6c:17:92:19:e0:94:98:4c:d6:8f:
                    43:18:e4:c5:a4:33:eb:fa:ed:f8:05:b9:44:32:eb:
                    8d:88:be:ad:45:14:2e:6a:90:8b:e5:f6:fc:9a:a9:
                    4c:20:b2:6d:ee:a6:fb:b8:3d:f4:18:85:94:f5:a3:
                    1d:ba:b5:93:9e:66:24:a8:30:33:1e:9b:37:59:99:
                    4c:14:83:71:97:ef:f1:47:12:c2:92:de:e4:b2:7c:
                    87:f6:b9:65:3d:18:35:1c:0f:96:84:81:fc:fc:a9:
                    ca:ee:e1:37:71:6e:8a:e7:e7:bf:24:ed:11:12:b8:
                    36:ce:a9:cb:e4:93:ac:54:48:16:75:76:eb:35:00:
                    02:be:39:d4:4e:55:e6:27:49:5d:89:23:27:df:de:
                    d0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A3:97:C0:56:A8:63:48:4C:06:E7:B5:0C:B3:65:63:F8:D3:9B:99
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f4428bf3-68ba-4229-916f-564d466b78d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:0a:0a:54:01:bb:50:72:7d:59:f4:b4:bf:c4:ce:0b:c6:9d:
         23:b1:7e:38:31:2b:54:b8:18:b2:56:fa:1f:a1:97:bf:e9:8c:
         51:e4:31:a1:e6:92:9a:21:65:f3:b9:47:3b:c3:e5:cd:6a:73:
         5a:a7:55:75:ee:6e:4c:b9:c3:fb:fb:c1:b4:9a:3a:98:0a:c1:
         dc:52:e8:b0:fc:62:7a:48:e2:e3:ff:83:89:74:8b:66:a5:f1:
         8f:c3:b3:fe:0e:0d:d6:7c:a3:c9:c4:05:b4:53:83:f2:a2:9b:
         e0:40:5c:86:2d:75:ae:c2:af:d1:4d:5f:e9:78:08:67:0e:59:
         ae:a2:a9:a3:d9:cd:69:e7:a1:6b:2f:93:bc:6f:ee:47:f5:4b:
         56:25:5b:cf:36:ab:a1:53:c7:c2:f1:67:d1:ff:5a:f5:af:7f:
         83:80:d8:3e:7d:bb:07:c8:f0:1e:ac:5a:f3:6c:6a:46:37:09:
         47:41:73:27:d1:19:a7:e0:00:88:e8:17:15:68:e3:9c:21:dd:
         f4:66:c3:e4:0a:fb:96:dc:7d:da:c2:69:b7:a0:98:07:75:94:
         72:07:3f:fe:32:77:c9:10:96:9a:65:15:0e:4c:11:6f:1b:36:
         b1:29:1d:b6:e6:b4:0d:ef:61:a1:49:d8:f4:dd:c9:dc:b8:54:
         0a:44:34:4b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDaEDbUp7Qd4Ctf10Sr7A8SPALtEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTA3MDAwMDAwWhcNMjQxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZTE4NTg2MDAyZDcwMzY0NDc0NjNjMDA2YjdhZDA5ZWY2
ZjQ0NTYwMmM2Zjg0OWZhYWRmMjg5ZDVlZmJjYWQ3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzrUSFEwlQAW7bEaRfygEcE9d1BNITFdS9Bb+M8hLvdh1Z
gLEWfYL89p3zF28XOIKcyZjaDBC/uzgzwJ7+iWroLmJOFNcvQU1vfxYdBwWVQnhR
yOPz/r0hos/oWH78QeGr4t+UZ2McXTMcsAbxbBeSGeCUmEzWj0MY5MWkM+v67fgF
uUQy642Ivq1FFC5qkIvl9vyaqUwgsm3upvu4PfQYhZT1ox26tZOeZiSoMDMemzdZ
mUwUg3GX7/FHEsKS3uSyfIf2uWU9GDUcD5aEgfz8qcru4Tdxborn578k7RESuDbO
qcvkk6xUSBZ1dus1AAK+OdROVeYnSV2JIyff3tBLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIKOXwFaoY0hMBue1DLNlY/jTm5kwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y0NDI4YmYzLTY4YmEtNDIyOS05MTZmLTU2NGQ0NjZiNzhkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJsKClQBu1ByfVn0tL/EzgvGnSOx
fjgxK1S4GLJW+h+hl7/pjFHkMaHmkpohZfO5RzvD5c1qc1qnVXXubky5w/v7wbSa
OpgKwdxS6LD8YnpI4uP/g4l0i2al8Y/Ds/4ODdZ8o8nEBbRTg/Kim+BAXIYtda7C
r9FNX+l4CGcOWa6iqaPZzWnnoWsvk7xv7kf1S1YlW882q6FTx8LxZ9H/WvWvf4OA
2D59uwfI8B6sWvNsakY3CUdBcyfRGafgAIjoFxVo45wh3fRmw+QK+5bcfdrCabeg
mAd1lHIHP/4yd8kQlpplFQ5MEW8bNrEpHbbmtA3vYaFJ2PTdydy4VApENEs=
-----END CERTIFICATE-----