Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/11b7c666-cbe9-49a5-aa38-233be55d9053.roa
File:                     11b7c666-cbe9-49a5-aa38-233be55d9053.roa (raw, json)
Hash identifier:          cx+zSqEeNU1u7+mdR911CDzz69D99lrs+AdRpHJF3Ho=
Subject key identifier:   5B:ED:03:D2:F7:AB:25:A9:3D:DC:43:5E:B2:6B:41:70:59:56:B3:7B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1FCBB3AE6F739ABF007484CE9AD6718CC84B92E8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/11b7c666-cbe9-49a5-aa38-233be55d9053.roa
Signing time:             Sat 05 Aug 2023 00:00:00 +0000
ROA not before:           Sat 05 Aug 2023 00:00:00 +0000
ROA not after:            Sat 09 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:cb:b3:ae:6f:73:9a:bf:00:74:84:ce:9a:d6:71:8c:c8:4b:92:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  5 00:00:00 2023 GMT
            Not After : Sep  9 23:59:59 2023 GMT
        Subject: serialNumber=0f7a206de6f8f5e0b17a745f21a53452824cf67f94514e3f5054aa504f5da798, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:6c:9f:1a:2d:d1:d8:7d:88:49:4a:94:36:94:
                    22:d3:c5:ab:cb:30:7c:aa:d3:77:e5:6c:75:17:b4:
                    f6:3e:2b:e9:f2:bc:63:3e:16:eb:d7:3f:ed:15:d6:
                    8b:8d:a7:9e:a1:af:64:49:7f:58:d2:fa:0c:08:ef:
                    49:b3:2f:4d:9e:0d:72:b7:e8:c3:01:96:d8:d0:78:
                    2f:ee:94:37:c1:44:25:60:01:ea:df:b3:9d:ac:bb:
                    2f:25:a3:63:cd:d4:4c:f3:1c:1b:03:54:76:4f:f0:
                    94:7b:5e:94:67:c7:a1:4d:8d:d0:7b:54:96:f6:0c:
                    b2:4b:23:9e:d9:57:c7:aa:b2:1b:9d:35:6d:dd:91:
                    0d:2c:f7:47:e5:40:ac:9d:05:7c:39:e0:b6:07:d4:
                    28:9a:db:1e:39:8f:68:97:b2:93:47:56:3c:86:9d:
                    2d:81:a3:bc:72:ff:c1:07:bf:ac:d0:c6:ce:2b:c9:
                    b6:a8:3b:a6:bc:f0:4e:d4:4d:e5:20:ac:be:29:c9:
                    fb:92:05:3e:b2:d0:8d:44:0d:55:cc:81:1c:a4:eb:
                    0a:bd:73:46:8f:3a:3f:e8:59:dd:95:e0:10:4e:6f:
                    b4:7e:b1:b4:ba:6b:76:9e:b8:21:b3:45:f4:4a:37:
                    ae:ad:cf:9c:da:68:6b:8c:c3:55:b3:b7:ba:69:2a:
                    ac:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:ED:03:D2:F7:AB:25:A9:3D:DC:43:5E:B2:6B:41:70:59:56:B3:7B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/11b7c666-cbe9-49a5-aa38-233be55d9053.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:b2:cb:0c:ee:4e:8f:32:fc:bf:ad:e9:8e:41:53:71:d2:2d:
         4e:b0:73:93:d3:a3:85:10:e4:9d:cb:8b:08:78:b4:d9:40:24:
         c4:47:43:b8:b6:f1:03:fe:d3:42:fc:e2:0e:52:3f:29:c1:4e:
         69:cb:14:33:93:16:0a:24:80:f5:e9:52:af:92:28:f6:d9:7f:
         04:1b:1a:42:ee:cc:00:fc:42:30:61:0a:ce:f6:be:a3:e0:dc:
         12:65:4a:e0:e0:f6:f5:c0:dd:eb:d9:5f:ba:3a:2f:b8:ed:4f:
         aa:5b:d6:06:70:da:3e:96:96:aa:2c:3d:0c:a4:d4:19:92:08:
         01:99:6c:9c:86:0a:5a:07:02:66:ab:17:1b:44:ff:58:2d:ac:
         ec:1a:88:4e:32:aa:31:44:8b:63:55:fd:1f:cd:f0:0f:87:99:
         a8:5a:9a:5d:41:b6:b4:56:f3:f0:64:c5:45:a6:70:0d:e2:a2:
         12:f6:53:34:e1:dc:f8:06:ac:99:82:5d:a2:c6:98:9b:e0:52:
         59:cb:ba:0d:5d:9b:31:ed:39:4b:20:37:42:c9:3c:25:7c:5c:
         af:9b:a1:9e:64:48:aa:ec:47:f3:43:35:55:3c:19:d3:9c:e2:
         02:67:ff:68:b1:90:a5:71:6f:ee:ea:c7:5b:42:b1:0a:7b:1a:
         20:90:04:ca
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH8uzrm9zmr8AdITOmtZxjMhLkugwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODA1MDAwMDAwWhcNMjMwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZjdhMjA2ZGU2ZjhmNWUwYjE3YTc0NWYyMWE1MzQ1Mjgy
NGNmNjdmOTQ1MTRlM2Y1MDU0YWE1MDRmNWRhNzk4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKbJ8aLdHYfYhJSpQ2lCLTxavLMHyq03flbHUXtPY+K+ny
vGM+FuvXP+0V1ouNp56hr2RJf1jS+gwI70mzL02eDXK36MMBltjQeC/ulDfBRCVg
Aerfs52suy8lo2PN1EzzHBsDVHZP8JR7XpRnx6FNjdB7VJb2DLJLI57ZV8eqshud
NW3dkQ0s90flQKydBXw54LYH1Cia2x45j2iXspNHVjyGnS2Bo7xy/8EHv6zQxs4r
ybaoO6a88E7UTeUgrL4pyfuSBT6y0I1EDVXMgRyk6wq9c0aPOj/oWd2V4BBOb7R+
sbS6a3aeuCGzRfRKN66tz5zaaGuMw1Wzt7ppKqx1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUW+0D0verJak93ENesmtBcFlWs3swHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzExYjdjNjY2LWNiZTktNDlhNS1hYTM4LTIzM2JlNTVkOTA1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC2yywzuTo8y/L+t6Y5BU3HSLU6w
c5PTo4UQ5J3Liwh4tNlAJMRHQ7i28QP+00L84g5SPynBTmnLFDOTFgokgPXpUq+S
KPbZfwQbGkLuzAD8QjBhCs72vqPg3BJlSuDg9vXA3evZX7o6L7jtT6pb1gZw2j6W
lqosPQyk1BmSCAGZbJyGCloHAmarFxtE/1gtrOwaiE4yqjFEi2NV/R/N8A+Hmaha
ml1BtrRW8/BkxUWmcA3iohL2UzTh3PgGrJmCXaLGmJvgUlnLug1dmzHtOUsgN0LJ
PCV8XK+boZ5kSKrsR/NDNVU8GdOc4gJn/2ixkKVxb+7qx1tCsQp7GiCQBMo=
-----END CERTIFICATE-----