Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/03aa0d9f-5ed1-4bb3-8d1e-b1ff17f5c9d1.roa
File:                     03aa0d9f-5ed1-4bb3-8d1e-b1ff17f5c9d1.roa (raw, json)
Hash identifier:          IFZKlaVhwjDxKR6IDIaP2LEpKVAsozEvX7Pkp2N9IxQ=
Subject key identifier:   BD:04:1C:14:B8:2F:13:9A:5B:70:FC:CA:E8:DE:15:12:50:C1:86:EB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7B2F73EA50B4D488B2D382DC6DB64FED59A72A5C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/03aa0d9f-5ed1-4bb3-8d1e-b1ff17f5c9d1.roa
Signing time:             Tue 14 Nov 2023 00:00:00 +0000
ROA not before:           Tue 14 Nov 2023 00:00:00 +0000
ROA not after:            Tue 19 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:2f:73:ea:50:b4:d4:88:b2:d3:82:dc:6d:b6:4f:ed:59:a7:2a:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 14 00:00:00 2023 GMT
            Not After : Dec 19 23:59:59 2023 GMT
        Subject: serialNumber=4e5ea9784d332b03a15a459239a02444eb893de986a247a976e26eaf3d41d19c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c9:6b:a1:3b:0f:35:85:94:26:da:4d:f2:61:
                    59:fc:c9:68:15:27:7d:95:6d:40:2a:0e:0e:6e:f1:
                    49:5f:01:26:a1:5a:03:24:a4:9d:97:e0:dd:55:fd:
                    f5:49:85:28:ff:a7:9c:8b:95:57:56:33:68:26:2e:
                    2a:37:cc:3b:30:6c:d7:74:6a:ec:28:36:07:91:c0:
                    d3:11:fb:0d:a0:73:9e:a2:0f:d3:4e:2a:a4:5e:77:
                    f6:76:4c:86:f1:87:b8:7a:b4:12:ee:13:68:1a:70:
                    cb:4d:1c:36:63:ae:9b:29:39:df:ff:d4:7e:25:2f:
                    fa:2d:69:f5:60:af:4b:3f:e0:4b:76:a6:6f:30:4f:
                    79:b6:95:35:db:af:83:8f:5b:77:c8:b5:07:2f:f5:
                    18:5a:a8:c6:33:1c:5b:3f:be:1b:1b:59:65:cc:9b:
                    f7:e8:0a:c9:69:6c:49:c1:04:37:d1:e7:30:9f:76:
                    81:61:59:25:f1:03:71:76:b4:b6:3d:77:72:b8:6a:
                    43:be:0b:c0:02:47:6c:e6:4e:f9:2c:93:4f:7c:51:
                    84:23:73:fb:6b:cd:6f:f7:bb:8e:75:bd:2a:d8:4e:
                    a1:e4:ab:34:16:fb:ca:ca:6d:3a:99:20:63:50:f3:
                    c0:90:ef:20:d9:6a:cc:3a:ac:65:48:09:2d:d1:a4:
                    85:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:04:1C:14:B8:2F:13:9A:5B:70:FC:CA:E8:DE:15:12:50:C1:86:EB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/03aa0d9f-5ed1-4bb3-8d1e-b1ff17f5c9d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:7f:fa:ee:86:41:de:ab:b1:eb:77:4c:9a:90:bc:85:72:f5:
         c8:d0:2a:ce:f5:28:13:25:29:0f:8e:d6:04:91:32:b5:2c:19:
         0e:e9:a0:07:31:13:8d:bb:f7:f5:1a:9d:97:24:1a:5d:2b:67:
         29:23:e2:22:a7:f1:75:9e:f0:6e:09:e9:30:b1:03:7f:e9:8e:
         43:9e:7a:73:1f:48:14:d8:af:4f:9b:3b:14:7b:69:ef:df:9b:
         71:ed:d0:27:20:85:b0:b3:28:db:ea:29:d1:7b:75:da:53:c7:
         84:dd:e1:97:6c:b7:ee:43:da:f0:db:29:9f:2f:d3:f4:18:5b:
         4f:17:ea:91:5a:b9:f0:87:33:39:10:f3:90:9a:a3:63:9b:67:
         7e:11:c1:b1:1b:9a:99:9c:59:ef:d4:81:5b:63:08:19:79:cf:
         6c:1c:8f:31:d3:68:d6:45:95:22:00:59:7e:a4:f7:7f:12:1b:
         75:55:48:85:e6:5f:77:90:b0:0c:df:5d:a0:83:5a:4a:c4:35:
         42:d7:e9:b8:80:99:2a:7f:38:9f:e6:95:51:ea:6d:b7:d0:d9:
         46:3e:d6:db:ec:23:d8:c6:dd:bc:b9:ac:82:d5:38:65:eb:71:
         d5:d9:83:d9:4b:eb:a7:4b:99:c3:7d:a5:67:b7:4e:d5:5d:ce:
         c7:46:f1:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUey9z6lC01Iiy04LcbbZP7VmnKlwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE0MDAwMDAwWhcNMjMxMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZTVlYTk3ODRkMzMyYjAzYTE1YTQ1OTIzOWEwMjQ0NGVi
ODkzZGU5ODZhMjQ3YTk3NmUyNmVhZjNkNDFkMTljMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChyWuhOw81hZQm2k3yYVn8yWgVJ32VbUAqDg5u8UlfASah
WgMkpJ2X4N1V/fVJhSj/p5yLlVdWM2gmLio3zDswbNd0auwoNgeRwNMR+w2gc56i
D9NOKqRed/Z2TIbxh7h6tBLuE2gacMtNHDZjrpspOd//1H4lL/otafVgr0s/4Et2
pm8wT3m2lTXbr4OPW3fItQcv9RhaqMYzHFs/vhsbWWXMm/foCslpbEnBBDfR5zCf
doFhWSXxA3F2tLY9d3K4akO+C8ACR2zmTvksk098UYQjc/trzW/3u451vSrYTqHk
qzQW+8rKbTqZIGNQ88CQ7yDZasw6rGVICS3RpIWJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvQQcFLgvE5pbcPzK6N4VElDBhuswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzAzYWEwZDlmLTVlZDEtNGJiMy04ZDFlLWIxZmYxN2Y1YzlkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALZ/+u6GQd6rset3TJqQvIVy9cjQ
Ks71KBMlKQ+O1gSRMrUsGQ7poAcxE4279/UanZckGl0rZykj4iKn8XWe8G4J6TCx
A3/pjkOeenMfSBTYr0+bOxR7ae/fm3Ht0CcghbCzKNvqKdF7ddpTx4Td4Zdst+5D
2vDbKZ8v0/QYW08X6pFaufCHMzkQ85Cao2ObZ34RwbEbmpmcWe/UgVtjCBl5z2wc
jzHTaNZFlSIAWX6k938SG3VVSIXmX3eQsAzfXaCDWkrENULX6biAmSp/OJ/mlVHq
bbfQ2UY+1tvsI9jG3by5rILVOGXrcdXZg9lL66dLmcN9pWe3TtVdzsdG8Qs=
-----END CERTIFICATE-----