Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff1ad9d7-ac44-4ea4-a9b0-f5d79ac14272.roa
File:                     ff1ad9d7-ac44-4ea4-a9b0-f5d79ac14272.roa (raw, json)
Hash identifier:          feRiju3Cc3VsJot43UahkDyYMq0b5zebrcNjfWwDpQU=
Subject key identifier:   24:51:85:59:40:CA:1E:7E:6C:32:37:73:8B:62:AD:62:FE:39:06:F5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4669ADC78966A39F5B287CE0D44A40E8AA472F8D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff1ad9d7-ac44-4ea4-a9b0-f5d79ac14272.roa
Signing time:             Wed 24 Jan 2024 00:00:00 +0000
ROA not before:           Wed 24 Jan 2024 00:00:00 +0000
ROA not after:            Wed 28 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:69:ad:c7:89:66:a3:9f:5b:28:7c:e0:d4:4a:40:e8:aa:47:2f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 24 00:00:00 2024 GMT
            Not After : Feb 28 23:59:59 2024 GMT
        Subject: serialNumber=79e2e41842810812086706e65b748f7a976d1692072dbfb088d6b0d37b37f2d7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:60:7b:cb:e0:de:7b:19:c3:b8:aa:29:1b:b2:
                    50:1f:97:87:69:30:fc:47:e9:20:10:32:5a:47:fd:
                    db:9d:02:b7:5a:79:fe:14:12:e7:76:4f:da:2d:1e:
                    cc:e5:46:33:eb:38:f0:28:b8:e3:96:42:8e:17:df:
                    9e:56:78:1a:1c:fd:fe:df:5e:0f:7d:8b:6d:a8:52:
                    96:ab:8c:c8:a4:e5:a1:d6:d1:c8:0b:69:8b:8d:b4:
                    40:6b:e1:0c:bd:3e:b2:91:72:ea:2e:58:d8:65:db:
                    75:4a:0b:88:52:60:f3:f9:1b:ab:34:3b:c5:aa:bc:
                    ae:cc:72:bb:03:e5:25:65:ee:70:4e:14:67:34:c3:
                    01:18:4d:87:72:54:62:23:4e:3b:ca:b1:b5:e7:47:
                    17:09:ea:cc:97:ff:f0:d3:97:29:b1:52:1e:ba:f4:
                    e3:fc:4f:24:f7:0b:3c:e7:4c:f6:4b:cd:c0:d8:de:
                    62:92:d4:06:24:e3:6f:cd:58:d3:cc:d1:9d:a8:52:
                    af:97:f8:a7:87:19:5b:b0:4f:4f:00:54:da:22:33:
                    31:bd:ab:9b:b0:84:98:4a:5a:35:f6:84:fd:e9:f6:
                    dc:b3:7c:f3:b8:83:f8:e6:bf:af:7f:5e:9f:5d:68:
                    6d:a8:1a:95:db:c4:62:e0:b2:50:ed:ec:cc:db:80:
                    f5:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:51:85:59:40:CA:1E:7E:6C:32:37:73:8B:62:AD:62:FE:39:06:F5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff1ad9d7-ac44-4ea4-a9b0-f5d79ac14272.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:3f:58:7f:d2:52:55:34:6a:05:c5:00:58:ff:8d:2b:88:94:
         9f:5e:32:b7:fd:9d:bf:ac:e1:c8:b5:6c:b4:8f:45:e0:24:43:
         a3:6f:bb:99:26:69:17:27:09:e3:57:7a:5b:97:46:86:aa:3c:
         04:91:d4:db:0d:36:ef:ab:81:e1:b5:c9:3c:9d:73:53:25:7d:
         8b:cf:e9:55:b8:2f:58:d8:5a:e1:27:4c:67:1e:fb:4a:e9:ef:
         82:8d:12:d2:cd:3f:0e:36:0f:db:21:97:32:de:5b:c8:ef:d6:
         9e:e9:60:81:a9:68:26:40:5d:23:17:89:d9:cd:92:7c:a1:16:
         e9:a8:4c:5c:b9:6a:af:23:4a:de:56:2d:bf:9b:22:27:d9:b9:
         f8:cd:ca:4d:09:51:b1:1f:c7:ea:54:eb:7b:8f:e5:00:93:29:
         2d:33:13:6e:6f:93:36:3b:56:2e:bd:40:b0:31:35:08:06:11:
         71:db:60:e0:8b:d2:ca:d5:30:d4:41:c5:2f:2b:95:15:cf:7e:
         79:0b:85:5f:bc:58:0f:56:9d:2a:ee:8e:fa:8c:49:ad:ed:88:
         14:91:72:22:f7:75:fc:04:25:27:d9:16:71:c4:6f:43:8a:d4:
         ca:a5:8b:97:fa:eb:df:96:34:5a:67:cf:f3:2d:74:83:2a:eb:
         62:b5:63:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURmmtx4lmo59bKHzg1EpA6KpHL40wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTI0MDAwMDAwWhcNMjQwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OWUyZTQxODQyODEwODEyMDg2NzA2ZTY1Yjc0OGY3YTk3
NmQxNjkyMDcyZGJmYjA4OGQ2YjBkMzdiMzdmMmQ3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4YHvL4N57GcO4qikbslAfl4dpMPxH6SAQMlpH/dudArda
ef4UEud2T9otHszlRjPrOPAouOOWQo4X355WeBoc/f7fXg99i22oUparjMik5aHW
0cgLaYuNtEBr4Qy9PrKRcuouWNhl23VKC4hSYPP5G6s0O8WqvK7McrsD5SVl7nBO
FGc0wwEYTYdyVGIjTjvKsbXnRxcJ6syX//DTlymxUh669OP8TyT3CzznTPZLzcDY
3mKS1AYk42/NWNPM0Z2oUq+X+KeHGVuwT08AVNoiMzG9q5uwhJhKWjX2hP3p9tyz
fPO4g/jmv69/Xp9daG2oGpXbxGLgslDt7MzbgPXJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJFGFWUDKHn5sMjdzi2KtYv45BvUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZmMWFkOWQ3LWFjNDQtNGVhNC1hOWIwLWY1ZDc5YWMxNDI3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGI/WH/SUlU0agXFAFj/jSuIlJ9e
Mrf9nb+s4ci1bLSPReAkQ6Nvu5kmaRcnCeNXeluXRoaqPASR1NsNNu+rgeG1yTyd
c1MlfYvP6VW4L1jYWuEnTGce+0rp74KNEtLNPw42D9shlzLeW8jv1p7pYIGpaCZA
XSMXidnNknyhFumoTFy5aq8jSt5WLb+bIifZufjNyk0JUbEfx+pU63uP5QCTKS0z
E25vkzY7Vi69QLAxNQgGEXHbYOCL0srVMNRBxS8rlRXPfnkLhV+8WA9WnSrujvqM
Sa3tiBSRciL3dfwEJSfZFnHEb0OK1Mqli5f669+WNFpnz/MtdIMq62K1Y98=
-----END CERTIFICATE-----