Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d9ac7c0-058d-45df-904c-dfeda6618e77.roa
File:                     0d9ac7c0-058d-45df-904c-dfeda6618e77.roa (raw, json)
Hash identifier:          SNiK/vjzAB2XiCW1Ir6S4RqopCbWigUSHgDHQmXSbtA=
Subject key identifier:   C1:1C:12:9F:DE:7D:BE:74:1D:EA:CD:8D:82:CF:85:89:36:3C:8D:20
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       348A430A8F420AB5626B0D38206EC9B9D4DA0C55
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d9ac7c0-058d-45df-904c-dfeda6618e77.roa
Signing time:             Sat 28 Oct 2023 00:00:00 +0000
ROA not before:           Sat 28 Oct 2023 00:00:00 +0000
ROA not after:            Sat 02 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:8a:43:0a:8f:42:0a:b5:62:6b:0d:38:20:6e:c9:b9:d4:da:0c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 28 00:00:00 2023 GMT
            Not After : Dec  2 23:59:59 2023 GMT
        Subject: serialNumber=7892e1ce71cc218c86d94abd03a443b9e0ada0badc38400839e8db3bb0a84a72, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:5b:31:f6:2a:28:12:41:97:72:1d:23:92:36:
                    31:59:88:f8:5c:4b:49:f2:07:33:56:62:e8:0d:03:
                    18:c5:43:0d:e0:72:e7:12:1c:a4:43:11:81:36:eb:
                    97:0a:45:09:2a:56:f6:28:b5:fc:0e:e3:0c:01:bd:
                    36:33:ad:8c:9f:a4:c7:01:b8:eb:6e:a4:87:f9:0d:
                    2b:59:df:dc:53:3b:ed:eb:e7:f1:e4:79:e5:df:72:
                    9a:1a:0b:cd:9e:b5:69:30:43:6a:a2:ed:51:93:4e:
                    c6:5d:45:67:b8:2c:3c:e9:b8:8b:4c:16:ee:0e:3a:
                    6b:a6:1e:4b:d9:f9:53:90:3a:7e:8a:65:c0:14:bc:
                    41:d7:5c:7e:af:c5:72:2f:aa:97:01:58:45:12:db:
                    cd:1c:de:3a:8a:0f:90:ba:b3:bb:43:10:41:31:b6:
                    31:1e:0d:2d:54:eb:9d:c1:0b:71:8b:11:07:a8:f3:
                    0e:43:31:a1:cb:98:83:a7:d9:44:db:91:88:28:22:
                    2c:ce:83:64:86:b4:00:70:da:a4:74:ca:3e:06:4e:
                    67:78:3e:1a:46:01:74:98:b8:1b:6e:dd:29:7b:99:
                    45:ce:11:f7:4d:fc:78:85:d2:3c:91:dd:b1:fd:7e:
                    06:98:39:bf:c6:ad:3f:a0:84:68:9d:1a:7c:59:a7:
                    24:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:1C:12:9F:DE:7D:BE:74:1D:EA:CD:8D:82:CF:85:89:36:3C:8D:20
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d9ac7c0-058d-45df-904c-dfeda6618e77.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:82:39:a5:01:b9:91:0a:f1:b6:2f:24:f3:fb:37:aa:cb:65:
         ab:2d:2f:b8:af:3c:85:d1:27:bb:6c:64:96:52:bf:26:21:a9:
         4c:9a:cf:9a:78:19:62:04:2f:13:73:93:40:96:d4:73:08:7e:
         72:b6:c0:af:3b:b9:cb:31:6b:ed:9b:b0:e1:6d:3e:3e:f8:12:
         27:69:ef:fc:04:d6:b6:ac:bc:15:5c:0d:12:30:c8:f1:bd:c2:
         c5:9d:c2:e1:b6:5a:6f:b1:5f:ad:c2:6f:3a:37:4b:c0:23:99:
         6c:9a:7e:43:e1:81:a1:3c:df:b2:a5:b5:59:37:cc:a6:ca:b9:
         91:6d:e6:4a:8d:3a:50:18:4d:16:a4:4d:2d:d1:32:d5:55:30:
         be:22:cd:eb:51:11:ed:c5:9c:2d:d4:9f:b4:50:3f:2c:e1:89:
         3c:77:3b:d4:55:ac:82:f4:8e:51:d8:5d:a0:e3:75:14:67:61:
         e9:3f:79:66:01:c7:3f:2d:89:03:92:45:f6:6f:3e:07:63:b8:
         17:5c:04:e2:03:51:ac:c8:41:46:6e:65:c6:c9:99:cb:85:2e:
         cd:7d:72:a0:1e:8a:12:62:8a:91:ab:e0:4a:30:95:23:65:2d:
         0e:d2:ef:f9:a6:33:fe:19:82:c7:d9:96:00:63:68:41:af:0e:
         51:42:d3:0e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNIpDCo9CCrViaw04IG7JudTaDFUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI4MDAwMDAwWhcNMjMxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODkyZTFjZTcxY2MyMThjODZkOTRhYmQwM2E0NDNiOWUw
YWRhMGJhZGMzODQwMDgzOWU4ZGIzYmIwYTg0YTcyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbWzH2KigSQZdyHSOSNjFZiPhcS0nyBzNWYugNAxjFQw3g
cucSHKRDEYE265cKRQkqVvYotfwO4wwBvTYzrYyfpMcBuOtupIf5DStZ39xTO+3r
5/HkeeXfcpoaC82etWkwQ2qi7VGTTsZdRWe4LDzpuItMFu4OOmumHkvZ+VOQOn6K
ZcAUvEHXXH6vxXIvqpcBWEUS280c3jqKD5C6s7tDEEExtjEeDS1U653BC3GLEQeo
8w5DMaHLmIOn2UTbkYgoIizOg2SGtABw2qR0yj4GTmd4PhpGAXSYuBtu3Sl7mUXO
EfdN/HiF0jyR3bH9fgaYOb/GrT+ghGidGnxZpyTPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwRwSn959vnQd6s2Ngs+FiTY8jSAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBkOWFjN2MwLTA1OGQtNDVkZi05MDRjLWRmZWRhNjYxOGU3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKmCOaUBuZEK8bYvJPP7N6rLZast
L7ivPIXRJ7tsZJZSvyYhqUyaz5p4GWIELxNzk0CW1HMIfnK2wK87ucsxa+2bsOFt
Pj74Eidp7/wE1rasvBVcDRIwyPG9wsWdwuG2Wm+xX63Cbzo3S8AjmWyafkPhgaE8
37KltVk3zKbKuZFt5kqNOlAYTRakTS3RMtVVML4izetREe3FnC3Un7RQPyzhiTx3
O9RVrIL0jlHYXaDjdRRnYek/eWYBxz8tiQOSRfZvPgdjuBdcBOIDUazIQUZuZcbJ
mcuFLs19cqAeihJiipGr4EowlSNlLQ7S7/mmM/4ZgsfZlgBjaEGvDlFC0w4=
-----END CERTIFICATE-----