Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/077f9dc1-fe83-4923-8c7c-bd41e277d2b5.roa
File:                     077f9dc1-fe83-4923-8c7c-bd41e277d2b5.roa (raw, json)
Hash identifier:          ghZgCLHenB76RB101BVTgWwR8IQTN9w+JnV4Afb9EmM=
Subject key identifier:   00:2B:FF:21:71:A3:77:58:9B:C6:17:1B:1D:AD:12:F7:3C:D7:0D:5E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       321082B5DC1232B85B2ADAA91AF4F71B15AB1BEA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/077f9dc1-fe83-4923-8c7c-bd41e277d2b5.roa
Signing time:             Mon 31 Jul 2023 00:00:00 +0000
ROA not before:           Mon 31 Jul 2023 00:00:00 +0000
ROA not after:            Mon 04 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:10:82:b5:dc:12:32:b8:5b:2a:da:a9:1a:f4:f7:1b:15:ab:1b:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 31 00:00:00 2023 GMT
            Not After : Sep  4 23:59:59 2023 GMT
        Subject: serialNumber=003a9e60f0c2614c9b3451682b66928f3a11c1765999d205a5482be157ff91b8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:10:4b:82:3b:34:f3:5b:cb:61:de:86:b1:b2:
                    bf:6e:ed:49:d7:72:51:15:d8:24:49:ce:f7:9b:84:
                    d4:ec:f9:f2:6d:2f:e9:4f:e0:75:8b:a4:6e:16:80:
                    b4:44:5a:71:ec:ae:e3:cf:df:14:7d:34:51:50:2b:
                    c2:c3:ab:f2:25:90:96:95:a0:f8:bf:ba:c4:cb:7c:
                    d5:6b:49:e7:79:06:33:ae:7d:db:7b:dc:a6:3d:79:
                    5f:e8:fc:65:7e:53:3a:88:cc:92:44:a2:82:6b:4e:
                    be:bd:c1:09:75:83:7f:a7:8f:7f:f4:6f:ff:73:94:
                    21:63:5e:74:92:86:12:96:fa:34:5b:31:44:f2:1a:
                    c8:bc:89:5d:58:bf:2f:4b:85:4e:e1:bb:8b:02:c6:
                    cf:53:94:cc:94:a6:c9:2f:d3:a9:0a:bd:d4:d6:e4:
                    37:56:26:00:a7:fe:e6:03:13:76:bb:8f:cc:7d:dd:
                    d4:03:7e:fc:54:38:22:e7:38:36:2a:ee:97:35:0b:
                    06:e9:8f:bf:e3:8a:ed:68:b6:cb:23:65:4f:1a:62:
                    e1:07:23:5e:31:fe:d0:bd:39:af:b0:f9:68:f0:c5:
                    72:08:eb:ca:99:47:58:41:50:e5:07:78:a6:ab:40:
                    d3:bb:9d:a1:cc:93:9a:2a:05:5c:f5:66:5f:ef:8d:
                    e4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:2B:FF:21:71:A3:77:58:9B:C6:17:1B:1D:AD:12:F7:3C:D7:0D:5E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/077f9dc1-fe83-4923-8c7c-bd41e277d2b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:03:94:88:5c:87:c5:0f:23:28:0e:57:f0:2c:91:ed:5d:17:
         97:df:ba:c9:01:69:dd:94:40:2f:32:1b:67:ca:9a:07:ea:41:
         b1:95:bc:1c:2f:7f:94:69:7e:43:5a:a2:74:83:b4:88:04:21:
         76:34:1b:86:08:f3:7c:94:d4:0b:32:55:42:c7:6f:e8:36:24:
         f4:82:77:fc:28:02:ba:0d:82:2d:68:db:de:62:cc:5a:ec:6a:
         dd:d8:0e:7f:17:24:be:f5:c6:af:06:0c:48:4e:b3:e7:5a:68:
         0e:d8:f9:38:0b:41:a1:fa:c2:19:17:6d:03:ca:cf:5b:17:a9:
         d4:ba:27:9e:a1:5b:c6:43:fa:48:81:cc:83:e4:d0:ec:ea:76:
         cb:17:6e:85:98:8c:06:23:15:d3:70:c6:b8:d1:a5:2d:03:4e:
         c1:c6:eb:97:fe:c4:0a:bc:ce:fa:43:e1:49:9f:b1:8f:69:b6:
         21:5e:75:0b:4a:3f:76:26:28:bb:2e:d7:9f:14:86:14:41:f5:
         86:5b:ce:68:75:c6:dc:fb:48:20:9c:79:f5:5b:f2:4a:4f:de:
         22:67:63:cc:43:bb:c2:e0:62:27:7e:32:9f:f6:89:8c:f8:ec:
         28:09:c1:0e:9f:b7:70:39:8c:26:0d:9a:0c:c2:65:a5:3a:cf:
         27:4b:32:b0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMhCCtdwSMrhbKtqpGvT3GxWrG+owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzMxMDAwMDAwWhcNMjMwOTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMDNhOWU2MGYwYzI2MTRjOWIzNDUxNjgyYjY2OTI4ZjNh
MTFjMTc2NTk5OWQyMDVhNTQ4MmJlMTU3ZmY5MWI4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuEEuCOzTzW8th3oaxsr9u7UnXclEV2CRJzvebhNTs+fJt
L+lP4HWLpG4WgLREWnHsruPP3xR9NFFQK8LDq/IlkJaVoPi/usTLfNVrSed5BjOu
fdt73KY9eV/o/GV+UzqIzJJEooJrTr69wQl1g3+nj3/0b/9zlCFjXnSShhKW+jRb
MUTyGsi8iV1Yvy9LhU7hu4sCxs9TlMyUpskv06kKvdTW5DdWJgCn/uYDE3a7j8x9
3dQDfvxUOCLnODYq7pc1Cwbpj7/jiu1otssjZU8aYuEHI14x/tC9Oa+w+WjwxXII
68qZR1hBUOUHeKarQNO7naHMk5oqBVz1Zl/vjeQHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUACv/IXGjd1ibxhcbHa0S9zzXDV4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA3N2Y5ZGMxLWZlODMtNDkyMy04YzdjLWJkNDFlMjc3ZDJiNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIYDlIhch8UPIygOV/Aske1dF5ff
uskBad2UQC8yG2fKmgfqQbGVvBwvf5RpfkNaonSDtIgEIXY0G4YI83yU1AsyVULH
b+g2JPSCd/woAroNgi1o295izFrsat3YDn8XJL71xq8GDEhOs+daaA7Y+TgLQaH6
whkXbQPKz1sXqdS6J56hW8ZD+kiBzIPk0OzqdssXboWYjAYjFdNwxrjRpS0DTsHG
65f+xAq8zvpD4UmfsY9ptiFedQtKP3YmKLsu158UhhRB9YZbzmh1xtz7SCCcefVb
8kpP3iJnY8xDu8LgYid+Mp/2iYz47CgJwQ6ft3A5jCYNmgzCZaU6zydLMrA=
-----END CERTIFICATE-----