Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0ec2d37b-c5d1-4461-96a7-3606587b8cd2.roa
File:                     0ec2d37b-c5d1-4461-96a7-3606587b8cd2.roa (raw, json)
Hash identifier:          4VlACu5qQQyUAKqXTnk1AKuWyAhuFCwCPVzDzgU5AE0=
Subject key identifier:   99:C4:85:61:BA:50:69:E3:91:16:3B:3C:F7:51:D6:03:6F:FF:8F:C7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1BA20522D2B2571B202986973C0DFE36E36E981C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0ec2d37b-c5d1-4461-96a7-3606587b8cd2.roa
Signing time:             Thu 21 Sep 2023 00:00:00 +0000
ROA not before:           Thu 21 Sep 2023 00:00:00 +0000
ROA not after:            Thu 26 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:a2:05:22:d2:b2:57:1b:20:29:86:97:3c:0d:fe:36:e3:6e:98:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 21 00:00:00 2023 GMT
            Not After : Oct 26 23:59:59 2023 GMT
        Subject: serialNumber=1185e55f36fa5172c504dbd4a109c012cb962290754c666d82ce709c7b0ba244, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:36:13:6a:24:5d:f8:b0:09:c2:49:c5:76:9a:
                    2f:30:47:6b:54:11:ff:cc:d6:64:42:f4:71:57:0c:
                    cf:2e:80:4e:ac:45:87:1e:99:44:38:49:bf:d7:c8:
                    0b:bd:4c:c0:a9:20:67:e2:4a:32:2c:4c:0b:ae:49:
                    05:1b:d5:c5:f8:20:a4:c3:88:1c:89:23:65:34:ed:
                    f8:e9:36:e5:84:bc:67:9b:96:74:da:b2:e9:ee:ec:
                    26:a9:ab:17:23:43:49:f4:78:e6:66:41:35:3c:4a:
                    dd:fb:0b:1a:d3:64:99:d8:3d:30:4d:4c:c5:73:3d:
                    89:67:a4:f6:10:fa:8c:6c:8b:b7:d4:fa:0e:13:94:
                    35:e9:28:a0:07:1d:dc:54:4e:59:97:e6:56:38:5e:
                    f2:77:fe:74:8f:37:d6:50:21:a0:8c:d0:5e:07:98:
                    6e:80:f8:d9:48:a3:4d:99:db:8d:7d:d4:5d:0b:c3:
                    d0:64:75:7f:08:af:6c:8b:f2:a7:83:f1:0a:3b:fb:
                    c7:6a:9a:f8:57:71:f6:71:c6:fb:a3:7c:56:a9:af:
                    c2:66:d5:43:d3:25:32:e6:27:30:22:60:7d:1d:5e:
                    47:ff:36:4d:65:73:23:7d:6c:38:ae:ea:3a:45:59:
                    86:cb:18:aa:63:a6:23:92:7e:67:9b:de:ff:bb:e4:
                    1c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:C4:85:61:BA:50:69:E3:91:16:3B:3C:F7:51:D6:03:6F:FF:8F:C7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0ec2d37b-c5d1-4461-96a7-3606587b8cd2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:c1:17:63:0e:e3:b7:5c:8b:d1:25:3c:9d:e2:f9:77:e4:dd:
         6c:10:eb:92:79:ca:54:a0:1b:fa:a0:a2:10:1a:83:16:11:73:
         30:e8:4f:c2:4f:d2:90:f5:42:d3:d5:59:ff:64:9e:54:7e:09:
         72:9f:fe:44:7b:41:9e:c2:a3:98:4d:54:3f:d3:6b:4f:f0:ac:
         a2:44:c5:cb:be:a6:3b:15:10:b8:6d:19:df:da:38:e8:1c:20:
         36:fd:b5:30:57:bd:48:50:59:47:06:9d:4b:83:18:39:8d:d1:
         e1:76:67:43:14:13:b3:29:65:08:6f:44:7b:7f:cf:7a:cd:ef:
         a1:3d:8b:49:5a:d2:61:b6:0f:99:49:35:46:64:72:19:94:56:
         b2:6a:ee:cd:8a:7a:67:11:24:50:b6:42:4a:1d:37:c5:76:35:
         50:dd:8b:1e:fd:49:cd:b9:40:37:ad:6b:54:80:2b:91:6c:9f:
         8d:1c:51:c1:4e:c9:55:34:16:a3:b0:da:21:2e:84:16:05:0e:
         54:85:20:5c:9e:52:14:b9:f8:00:e6:0c:c6:9a:cf:a4:5d:91:
         90:7a:4d:40:58:92:db:de:0c:10:ed:91:98:a2:7c:7e:9b:4b:
         02:b4:10:38:76:f7:1d:a0:c3:04:71:52:ea:12:15:0e:f6:b5:
         3a:5f:28:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG6IFItKyVxsgKYaXPA3+NuNumBwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIxMDAwMDAwWhcNMjMxMDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMTg1ZTU1ZjM2ZmE1MTcyYzUwNGRiZDRhMTA5YzAxMmNi
OTYyMjkwNzU0YzY2NmQ4MmNlNzA5YzdiMGJhMjQ0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUNhNqJF34sAnCScV2mi8wR2tUEf/M1mRC9HFXDM8ugE6s
RYcemUQ4Sb/XyAu9TMCpIGfiSjIsTAuuSQUb1cX4IKTDiByJI2U07fjpNuWEvGeb
lnTasunu7CapqxcjQ0n0eOZmQTU8St37CxrTZJnYPTBNTMVzPYlnpPYQ+oxsi7fU
+g4TlDXpKKAHHdxUTlmX5lY4XvJ3/nSPN9ZQIaCM0F4HmG6A+NlIo02Z24191F0L
w9BkdX8Ir2yL8qeD8Qo7+8dqmvhXcfZxxvujfFapr8Jm1UPTJTLmJzAiYH0dXkf/
Nk1lcyN9bDiu6jpFWYbLGKpjpiOSfmeb3v+75BynAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmcSFYbpQaeORFjs891HWA2//j8cwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBlYzJkMzdiLWM1ZDEtNDQ2MS05NmE3LTM2MDY1ODdiOGNkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA/BF2MO47dci9ElPJ3i+Xfk3WwQ
65J5ylSgG/qgohAagxYRczDoT8JP0pD1QtPVWf9knlR+CXKf/kR7QZ7Co5hNVD/T
a0/wrKJExcu+pjsVELhtGd/aOOgcIDb9tTBXvUhQWUcGnUuDGDmN0eF2Z0MUE7Mp
ZQhvRHt/z3rN76E9i0la0mG2D5lJNUZkchmUVrJq7s2KemcRJFC2QkodN8V2NVDd
ix79Sc25QDeta1SAK5Fsn40cUcFOyVU0FqOw2iEuhBYFDlSFIFyeUhS5+ADmDMaa
z6RdkZB6TUBYktveDBDtkZiifH6bSwK0EDh29x2gwwRxUuoSFQ72tTpfKPY=
-----END CERTIFICATE-----