Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/06f4d5ae-92e0-432c-a6d2-43ddcdc35c62.roa
File:                     06f4d5ae-92e0-432c-a6d2-43ddcdc35c62.roa (raw, json)
Hash identifier:          cxi2e8em95Y0Pg6l4lxt3cOThCypjzvjtbS0i5zXjdk=
Subject key identifier:   B9:69:A7:D5:5A:83:CC:9D:35:5B:D6:FB:3C:C4:FF:99:AA:41:72:7F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       61A336D05893CB3A8D135F107C34CBD258A3F438
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/06f4d5ae-92e0-432c-a6d2-43ddcdc35c62.roa
Signing time:             Wed 22 Nov 2023 00:00:00 +0000
ROA not before:           Wed 22 Nov 2023 00:00:00 +0000
ROA not after:            Wed 27 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:a3:36:d0:58:93:cb:3a:8d:13:5f:10:7c:34:cb:d2:58:a3:f4:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 22 00:00:00 2023 GMT
            Not After : Dec 27 23:59:59 2023 GMT
        Subject: serialNumber=eef946cd41a9be8e90687cb1bbf3341f11e550fdcc724baa93098adce1111999, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:69:29:62:25:c0:ec:24:72:b2:82:61:23:b3:
                    5f:47:5a:af:0e:2f:78:79:bd:c2:05:1a:60:05:e0:
                    45:d4:5b:fe:6d:78:2e:9e:c7:53:59:ff:55:10:99:
                    89:36:24:81:1c:f1:da:8c:b7:a2:39:70:df:35:f7:
                    4c:cb:49:1e:59:cb:4e:a5:1d:b2:6c:8a:67:da:72:
                    69:47:c3:46:3e:28:f8:69:7d:f6:6f:f7:6c:be:f0:
                    dd:dd:81:92:59:af:67:73:72:99:ea:4c:10:7f:25:
                    3b:37:fe:8e:4e:9b:c2:95:51:08:a9:d5:f9:9c:8a:
                    9b:db:ef:9a:ce:47:70:07:b8:27:6f:17:87:2c:85:
                    9e:07:eb:f0:0f:50:af:cb:64:2e:71:2e:f7:25:5c:
                    f1:ea:d8:ac:06:f6:95:b3:d8:2c:34:74:bc:2d:0c:
                    62:0a:ac:03:03:c6:2a:5e:0e:f1:41:c9:07:28:d7:
                    40:15:f7:de:21:5d:11:e8:b9:49:a9:64:54:47:13:
                    42:9c:54:3b:56:9e:bb:9a:d2:66:e9:11:1b:0f:da:
                    64:af:a8:59:a1:41:99:09:75:20:2e:9a:d8:0c:5f:
                    c4:b5:75:59:8a:3d:b5:87:78:1f:64:db:b7:63:fd:
                    92:be:f2:dc:a0:dd:d5:88:83:26:95:42:d2:df:36:
                    f7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:69:A7:D5:5A:83:CC:9D:35:5B:D6:FB:3C:C4:FF:99:AA:41:72:7F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/06f4d5ae-92e0-432c-a6d2-43ddcdc35c62.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:28:d6:c9:f9:83:34:0b:ca:8c:8d:d6:a8:19:ed:0d:85:3f:
         e0:e2:1f:fc:7d:50:f5:34:f6:ee:6b:d1:08:74:1f:9d:c4:cd:
         dc:80:d9:df:02:59:b8:2f:19:f4:36:8b:35:d0:1d:8c:00:71:
         60:18:59:85:37:3f:ec:74:e2:fa:13:40:0b:8f:06:7f:cc:68:
         77:f8:f1:79:1f:ce:db:4b:68:ae:4d:8a:12:5d:c1:ba:a3:dd:
         fb:07:56:0f:3d:59:85:96:14:3c:4d:cd:41:6a:04:45:53:a3:
         7b:16:42:fe:0e:dc:19:4f:98:ca:94:f1:32:eb:b7:86:77:3b:
         63:97:ee:21:b6:67:81:ad:a5:e1:b0:d8:b2:7b:8a:2b:9e:30:
         84:bc:cc:80:ea:5a:97:3f:81:e3:48:83:17:f4:3d:d5:c5:92:
         be:ff:9a:a7:48:75:f8:e5:e9:00:28:2d:15:8b:2f:3c:5e:bd:
         9d:c4:38:5d:03:c0:f9:21:ba:fe:5d:bd:40:52:10:09:1e:23:
         54:19:76:b3:df:b2:dc:06:a7:36:1e:13:c8:29:de:eb:6a:bc:
         af:25:ae:e7:2a:fe:2c:07:cc:dd:7b:48:aa:27:2e:d6:c9:c5:
         fc:3e:7c:42:97:77:98:e8:15:b7:f0:f3:cf:b9:bb:53:b7:7e:
         e9:d7:a7:5b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYaM20FiTyzqNE18QfDTL0lij9DgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTIyMDAwMDAwWhcNMjMxMjI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZWY5NDZjZDQxYTliZThlOTA2ODdjYjFiYmYzMzQxZjEx
ZTU1MGZkY2M3MjRiYWE5MzA5OGFkY2UxMTExOTk5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjaSliJcDsJHKygmEjs19HWq8OL3h5vcIFGmAF4EXUW/5t
eC6ex1NZ/1UQmYk2JIEc8dqMt6I5cN8190zLSR5Zy06lHbJsimfacmlHw0Y+KPhp
ffZv92y+8N3dgZJZr2dzcpnqTBB/JTs3/o5Om8KVUQip1fmcipvb75rOR3AHuCdv
F4cshZ4H6/APUK/LZC5xLvclXPHq2KwG9pWz2Cw0dLwtDGIKrAMDxipeDvFByQco
10AV994hXRHouUmpZFRHE0KcVDtWnrua0mbpERsP2mSvqFmhQZkJdSAumtgMX8S1
dVmKPbWHeB9k27dj/ZK+8tyg3dWIgyaVQtLfNveLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuWmn1VqDzJ01W9b7PMT/mapBcn8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA2ZjRkNWFlLTkyZTAtNDMyYy1hNmQyLTQzZGRjZGMzNWM2Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEQo1sn5gzQLyoyN1qgZ7Q2FP+Di
H/x9UPU09u5r0Qh0H53EzdyA2d8CWbgvGfQ2izXQHYwAcWAYWYU3P+x04voTQAuP
Bn/MaHf48XkfzttLaK5NihJdwbqj3fsHVg89WYWWFDxNzUFqBEVTo3sWQv4O3BlP
mMqU8TLrt4Z3O2OX7iG2Z4GtpeGw2LJ7iiueMIS8zIDqWpc/geNIgxf0PdXFkr7/
mqdIdfjl6QAoLRWLLzxevZ3EOF0DwPkhuv5dvUBSEAkeI1QZdrPfstwGpzYeE8gp
3utqvK8lrucq/iwHzN17SKonLtbJxfw+fEKXd5joFbfw88+5u1O3funXp1s=
-----END CERTIFICATE-----