Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0aab5d51-a99b-4375-9c42-caf4304f56cd.roa
File:                     0aab5d51-a99b-4375-9c42-caf4304f56cd.roa (raw, json)
Hash identifier:          0zLoYutYnguULYTF0OdnN9o2thQVtp+h3nIaRc4Ww0w=
Subject key identifier:   9A:66:BF:AA:11:3F:91:92:A6:ED:73:7C:38:49:A8:99:D2:09:2B:98
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6F04D454DC2DE85A01416F7DEF2F61CDB451344A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0aab5d51-a99b-4375-9c42-caf4304f56cd.roa
Signing time:             Tue 01 Aug 2023 00:00:00 +0000
ROA not before:           Tue 01 Aug 2023 00:00:00 +0000
ROA not after:            Tue 05 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:04:d4:54:dc:2d:e8:5a:01:41:6f:7d:ef:2f:61:cd:b4:51:34:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  1 00:00:00 2023 GMT
            Not After : Sep  5 23:59:59 2023 GMT
        Subject: serialNumber=a3a9fa9942512dfc633578787112f8ebfbf659c3492e7edd2b040143bdd06ba1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:36:86:b1:af:e1:73:81:ac:81:47:8d:53:07:
                    05:4e:64:66:29:ae:df:dd:d2:10:e6:83:19:06:31:
                    9e:0f:9a:80:f3:a8:6b:4b:d0:5c:3f:37:fe:fc:e2:
                    aa:94:54:d6:0d:4a:de:47:97:98:b4:43:3d:f5:53:
                    c7:37:a8:88:df:d8:49:17:05:13:76:46:38:47:a7:
                    d8:40:cd:e3:14:86:ae:33:fa:72:f4:6d:24:3c:0d:
                    e4:01:26:90:85:05:50:19:e1:4a:ae:aa:0f:04:08:
                    88:4f:d9:52:74:14:49:86:52:df:6a:38:6f:76:b9:
                    46:87:08:e6:c3:5f:7c:1a:47:fe:a5:d5:cd:3a:41:
                    ba:02:17:3c:14:c2:09:9d:aa:16:6f:db:4d:80:3e:
                    2a:d6:81:3e:97:2c:7b:31:4e:0a:9e:06:b9:ba:c8:
                    2e:c9:3f:53:6c:7a:bb:bb:38:6a:d0:3c:ad:27:0f:
                    5d:46:aa:45:63:23:83:10:8e:a2:8e:1e:e5:d9:9d:
                    c1:f7:90:03:39:2d:5e:b6:2b:86:f1:01:17:82:84:
                    f7:83:86:07:11:22:d6:8d:65:ed:e1:bd:a8:ad:ae:
                    43:eb:00:1b:a2:cf:c8:a1:5f:24:8c:54:83:3a:f7:
                    f5:cc:50:c9:88:4a:e9:04:d9:4d:f0:ba:aa:7a:cf:
                    57:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:66:BF:AA:11:3F:91:92:A6:ED:73:7C:38:49:A8:99:D2:09:2B:98
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0aab5d51-a99b-4375-9c42-caf4304f56cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:60:14:41:1b:2f:08:f1:84:07:00:f4:4f:a1:a6:7b:df:bd:
         d6:e8:4c:ae:75:09:7e:8c:9a:88:6a:8c:2d:ed:c5:7d:55:7b:
         fa:9d:a0:6f:a3:6f:91:f1:ce:be:19:55:09:a2:52:cd:84:73:
         73:9a:7f:a4:cc:77:6d:6d:f5:4b:56:c2:e2:31:95:ea:73:1a:
         06:19:65:9c:4b:fe:45:98:d6:14:04:1f:5a:5d:6c:c2:44:e8:
         e3:f3:07:e4:47:c9:1c:2e:3b:f2:96:d6:a0:56:a9:b1:b3:ff:
         77:8c:07:d6:e1:80:f7:35:8e:fc:e4:00:83:a0:1d:38:b0:1e:
         d4:bb:a7:39:ca:64:6e:66:a4:32:d0:46:ac:4e:d5:cc:99:c0:
         41:c5:35:55:0d:6c:35:18:84:88:d7:06:9b:48:69:9c:6d:b8:
         7d:fb:7a:47:04:97:42:29:0d:f0:9a:20:6a:cd:2c:63:ae:f9:
         cf:07:73:48:1e:30:de:48:59:34:2d:0a:56:38:b1:fc:6d:fe:
         53:16:75:47:23:84:ec:77:bf:86:a6:72:0c:a2:4a:43:94:70:
         4f:84:b7:4e:34:9a:7d:62:62:28:74:8a:79:4b:3c:a2:d1:e3:
         10:3a:0b:0e:e1:00:57:86:91:f0:8e:4e:30:cc:88:2a:07:35:
         c6:63:be:d5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbwTUVNwt6FoBQW997y9hzbRRNEowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODAxMDAwMDAwWhcNMjMwOTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhM2E5ZmE5OTQyNTEyZGZjNjMzNTc4Nzg3MTEyZjhlYmZi
ZjY1OWMzNDkyZTdlZGQyYjA0MDE0M2JkZDA2YmExMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChNoaxr+FzgayBR41TBwVOZGYprt/d0hDmgxkGMZ4PmoDz
qGtL0Fw/N/784qqUVNYNSt5Hl5i0Qz31U8c3qIjf2EkXBRN2RjhHp9hAzeMUhq4z
+nL0bSQ8DeQBJpCFBVAZ4Uquqg8ECIhP2VJ0FEmGUt9qOG92uUaHCObDX3waR/6l
1c06QboCFzwUwgmdqhZv202APirWgT6XLHsxTgqeBrm6yC7JP1Nseru7OGrQPK0n
D11GqkVjI4MQjqKOHuXZncH3kAM5LV62K4bxAReChPeDhgcRItaNZe3hvaitrkPr
ABuiz8ihXySMVIM69/XMUMmISukE2U3wuqp6z1dhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmma/qhE/kZKm7XN8OEmomdIJK5gwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBhYWI1ZDUxLWE5OWItNDM3NS05YzQyLWNhZjQzMDRmNTZjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJVgFEEbLwjxhAcA9E+hpnvfvdbo
TK51CX6MmohqjC3txX1Ve/qdoG+jb5Hxzr4ZVQmiUs2Ec3Oaf6TMd21t9UtWwuIx
lepzGgYZZZxL/kWY1hQEH1pdbMJE6OPzB+RHyRwuO/KW1qBWqbGz/3eMB9bhgPc1
jvzkAIOgHTiwHtS7pznKZG5mpDLQRqxO1cyZwEHFNVUNbDUYhIjXBptIaZxtuH37
ekcEl0IpDfCaIGrNLGOu+c8Hc0geMN5IWTQtClY4sfxt/lMWdUcjhOx3v4amcgyi
SkOUcE+Et040mn1iYih0inlLPKLR4xA6Cw7hAFeGkfCOTjDMiCoHNcZjvtU=
-----END CERTIFICATE-----