Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/069fcbb2-f69a-43bb-97eb-21dd4392cece.roa
File:                     069fcbb2-f69a-43bb-97eb-21dd4392cece.roa (raw, json)
Hash identifier:          HiaQhUyTorjPWr2E0kYCYCFy38YJWwraY7p+jRA5Fmo=
Subject key identifier:   FD:BC:A4:CD:A6:6D:C3:F7:FC:52:70:A9:3C:66:C8:2E:19:F3:D5:8C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       39A2A09C99832F1B1CD227CACBDE1B3269F489A2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/069fcbb2-f69a-43bb-97eb-21dd4392cece.roa
Signing time:             Sun 24 Sep 2023 00:00:00 +0000
ROA not before:           Sun 24 Sep 2023 00:00:00 +0000
ROA not after:            Sun 29 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:a2:a0:9c:99:83:2f:1b:1c:d2:27:ca:cb:de:1b:32:69:f4:89:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 24 00:00:00 2023 GMT
            Not After : Oct 29 23:59:59 2023 GMT
        Subject: serialNumber=035e00dab25fe70ffbb9088d85191abba31cc05e9e2dd76dfe94489ab1e3c3e7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:cf:36:f7:f1:73:c2:bc:0b:20:88:7b:eb:de:
                    f1:0b:95:c3:e2:9f:7a:d3:52:89:06:39:dd:d1:42:
                    9b:75:c1:08:f2:84:10:de:b3:f4:0c:8f:b7:4f:61:
                    58:9d:fd:af:e4:6e:de:32:46:1c:da:c9:33:fb:95:
                    29:35:63:55:d1:a9:32:10:ed:72:54:44:63:91:c8:
                    9e:32:a7:cd:51:f6:e5:ba:f2:a9:a5:e7:48:64:a2:
                    05:16:e9:e9:62:5c:e0:f7:04:fe:b4:18:62:89:a1:
                    5b:db:59:8f:b2:95:ce:0a:d3:05:18:c6:07:b5:80:
                    09:6b:26:3f:8c:c8:7e:73:1e:59:ab:e0:22:38:09:
                    f2:ff:f5:0d:6f:20:56:63:47:95:49:97:69:58:44:
                    49:c7:89:d7:f0:61:43:70:85:6b:2a:6f:41:df:01:
                    31:ba:d6:dd:86:d6:d2:fa:de:12:70:f3:52:c9:91:
                    bc:f2:08:45:eb:84:13:57:74:2f:03:a6:76:6c:f1:
                    e9:07:0f:4b:d1:8d:f2:02:9a:77:10:bd:0e:ee:d9:
                    e5:60:f0:f5:0c:0a:2a:d7:a8:76:43:7b:f3:37:9b:
                    69:12:ee:46:82:1f:94:62:d6:1d:16:7d:5d:ab:ea:
                    a5:a3:55:f3:40:cc:d9:c2:6c:18:3f:58:55:96:95:
                    ca:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:BC:A4:CD:A6:6D:C3:F7:FC:52:70:A9:3C:66:C8:2E:19:F3:D5:8C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/069fcbb2-f69a-43bb-97eb-21dd4392cece.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:b7:35:fc:bf:57:52:32:91:00:47:80:50:f0:7e:43:90:70:
         66:44:ba:21:99:63:76:26:5c:4e:63:2d:6c:3c:d6:6e:0e:ea:
         31:0b:91:5f:64:42:28:34:49:1d:a1:35:29:30:93:1a:22:d3:
         a9:5f:71:5b:6e:70:02:38:3b:83:73:28:ac:e3:ca:16:08:e5:
         d7:17:8a:7a:98:76:17:2f:fa:fb:78:2b:70:ad:62:04:05:97:
         80:4b:3e:89:84:1a:52:ad:bd:4a:d0:55:4e:bc:0e:f6:a1:50:
         5b:79:01:4d:21:0d:06:42:71:3a:f7:89:8b:27:ca:d9:df:52:
         2b:08:9c:d0:70:76:0a:78:7f:5a:d4:c7:8f:b4:5f:13:25:8f:
         98:7d:c1:1d:14:58:94:6f:d1:50:ab:97:79:18:1c:69:01:33:
         eb:da:1c:d3:5c:87:98:4e:53:42:3b:73:fe:8d:a7:ef:28:52:
         cb:f3:86:6b:2d:1a:2c:0c:ca:ff:c3:8a:14:51:92:4c:72:83:
         3f:27:96:4c:8b:03:23:52:b3:87:4d:9a:46:3f:34:68:0e:ea:
         f0:c4:b6:51:e6:b5:4e:e7:18:80:da:0c:b3:9b:a5:df:ab:22:
         b6:0e:b1:7b:24:50:04:eb:66:f4:32:ce:15:a6:5d:34:a1:83:
         75:27:7c:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOaKgnJmDLxsc0ifKy94bMmn0iaIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI0MDAwMDAwWhcNMjMxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMzVlMDBkYWIyNWZlNzBmZmJiOTA4OGQ4NTE5MWFiYmEz
MWNjMDVlOWUyZGQ3NmRmZTk0NDg5YWIxZTNjM2U3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOzzb38XPCvAsgiHvr3vELlcPin3rTUokGOd3RQpt1wQjy
hBDes/QMj7dPYVid/a/kbt4yRhzayTP7lSk1Y1XRqTIQ7XJURGORyJ4yp81R9uW6
8qml50hkogUW6eliXOD3BP60GGKJoVvbWY+ylc4K0wUYxge1gAlrJj+MyH5zHlmr
4CI4CfL/9Q1vIFZjR5VJl2lYREnHidfwYUNwhWsqb0HfATG61t2G1tL63hJw81LJ
kbzyCEXrhBNXdC8DpnZs8ekHD0vRjfICmncQvQ7u2eVg8PUMCirXqHZDe/M3m2kS
7kaCH5Ri1h0WfV2r6qWjVfNAzNnCbBg/WFWWlcpDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/bykzaZtw/f8UnCpPGbILhnz1YwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA2OWZjYmIyLWY2OWEtNDNiYi05N2ViLTIxZGQ0MzkyY2VjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHK3Nfy/V1IykQBHgFDwfkOQcGZE
uiGZY3YmXE5jLWw81m4O6jELkV9kQig0SR2hNSkwkxoi06lfcVtucAI4O4NzKKzj
yhYI5dcXinqYdhcv+vt4K3CtYgQFl4BLPomEGlKtvUrQVU68DvahUFt5AU0hDQZC
cTr3iYsnytnfUisInNBwdgp4f1rUx4+0XxMlj5h9wR0UWJRv0VCrl3kYHGkBM+va
HNNch5hOU0I7c/6Np+8oUsvzhmstGiwMyv/DihRRkkxygz8nlkyLAyNSs4dNmkY/
NGgO6vDEtlHmtU7nGIDaDLObpd+rIrYOsXskUATrZvQyzhWmXTShg3UnfEg=
-----END CERTIFICATE-----