Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/129f86a6-eb1e-4ac1-a45f-290aa8da0106.roa
File:                     129f86a6-eb1e-4ac1-a45f-290aa8da0106.roa (raw, json)
Hash identifier:          otomaORJV9rqnl13oX68AFwYAWRJf9DcQlLsQombgGY=
Subject key identifier:   94:F1:37:93:27:4D:C2:F4:7C:1E:5F:47:A1:7F:C6:68:C8:76:33:E5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6F0A255AD99DAB53E1EF713C25EB6357F56237D0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/129f86a6-eb1e-4ac1-a45f-290aa8da0106.roa
Signing time:             Mon 02 Oct 2023 00:00:00 +0000
ROA not before:           Mon 02 Oct 2023 00:00:00 +0000
ROA not after:            Mon 06 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:0a:25:5a:d9:9d:ab:53:e1:ef:71:3c:25:eb:63:57:f5:62:37:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  2 00:00:00 2023 GMT
            Not After : Nov  6 23:59:59 2023 GMT
        Subject: serialNumber=35aa1e75db9c7aef7909e961a84aab08a787bec7754dac97955dc464d9e3e3f5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:1a:3a:77:f0:58:24:55:27:83:49:85:d7:d1:
                    7b:8a:7e:78:22:3d:56:7e:ff:08:2e:af:86:71:22:
                    58:25:c1:66:a6:60:1f:45:09:86:ad:a5:19:ff:10:
                    5a:38:aa:af:74:c3:5a:66:a6:76:ba:21:85:55:2d:
                    43:23:51:33:be:26:fa:96:8d:ed:c2:4b:53:17:1e:
                    f1:f5:f6:6e:3d:4b:18:fd:ad:61:dd:ec:68:d9:f1:
                    73:3f:bc:66:ac:c1:4f:21:0d:93:41:58:7c:5b:5c:
                    22:d0:45:34:0a:c3:65:af:d0:50:36:42:f2:05:6a:
                    29:c0:98:d8:a2:36:5a:80:b1:71:e8:03:42:0e:5a:
                    2d:8f:55:b5:46:e2:30:4a:81:50:24:9b:b7:c7:16:
                    d1:d8:b7:9b:08:7d:23:b4:7c:81:ab:70:9a:01:8e:
                    92:ad:b6:8a:20:23:48:87:55:a9:a5:92:d9:83:af:
                    ac:09:e1:78:ff:44:b6:c8:4b:90:9a:29:91:70:25:
                    07:9e:3d:ab:75:83:6c:97:ae:ed:7e:9b:93:79:36:
                    8f:ac:78:45:d8:a1:87:27:4d:31:95:5f:91:05:d4:
                    5b:ce:9d:7a:08:b2:05:25:36:4a:e1:c3:62:75:66:
                    c2:c3:d5:f5:a5:27:9e:43:58:60:5a:a7:17:50:47:
                    c9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:F1:37:93:27:4D:C2:F4:7C:1E:5F:47:A1:7F:C6:68:C8:76:33:E5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/129f86a6-eb1e-4ac1-a45f-290aa8da0106.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:b2:ab:ff:6c:75:0f:35:41:ef:33:8b:81:3b:04:40:01:b7:
         3b:10:3a:61:58:eb:e6:cd:44:1b:5a:cc:46:4c:84:a4:dc:dd:
         9b:90:dc:ac:b6:4f:71:03:f0:d4:7a:ad:b7:12:a9:23:f8:21:
         62:41:a9:b5:57:1f:87:15:88:50:03:22:74:bb:3f:86:84:8b:
         ae:78:68:3d:74:2c:c5:40:58:58:05:21:ae:55:bf:4f:5f:ea:
         21:e4:f5:ce:97:bd:87:dd:d6:42:9b:90:5e:f5:4e:2c:cd:e1:
         fb:f5:2b:2a:b6:a6:62:92:81:ad:29:85:cc:53:38:da:f4:28:
         13:74:13:1a:47:73:e1:4b:f8:ab:3e:ec:e5:0f:9a:9a:cc:ba:
         36:07:85:e8:7b:56:68:b6:d0:95:53:c4:bc:79:94:ea:49:4d:
         b7:82:f9:14:1b:ce:39:65:d9:2d:29:4b:19:fd:ce:6f:99:57:
         a8:26:24:cb:92:9a:f0:06:36:41:b4:c0:1e:dd:4b:89:1d:83:
         57:6d:ec:a4:85:36:f7:2c:c3:36:54:6d:a4:86:06:00:73:6a:
         23:e5:0e:a0:df:e1:65:9c:6e:b0:e6:74:ab:6a:f2:80:35:e4:
         01:6a:23:9a:38:d0:29:3b:a0:72:a6:35:fb:f1:4d:dd:e1:aa:
         7b:ed:82:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbwolWtmdq1Ph73E8JetjV/ViN9AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDAyMDAwMDAwWhcNMjMxMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNWFhMWU3NWRiOWM3YWVmNzkwOWU5NjFhODRhYWIwOGE3
ODdiZWM3NzU0ZGFjOTc5NTVkYzQ2NGQ5ZTNlM2Y1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXGjp38FgkVSeDSYXX0XuKfngiPVZ+/wgur4ZxIlglwWam
YB9FCYatpRn/EFo4qq90w1pmpna6IYVVLUMjUTO+JvqWje3CS1MXHvH19m49Sxj9
rWHd7GjZ8XM/vGaswU8hDZNBWHxbXCLQRTQKw2Wv0FA2QvIFainAmNiiNlqAsXHo
A0IOWi2PVbVG4jBKgVAkm7fHFtHYt5sIfSO0fIGrcJoBjpKttoogI0iHVamlktmD
r6wJ4Xj/RLbIS5CaKZFwJQeePat1g2yXru1+m5N5No+seEXYoYcnTTGVX5EF1FvO
nXoIsgUlNkrhw2J1ZsLD1fWlJ55DWGBapxdQR8nLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlPE3kydNwvR8Hl9HoX/GaMh2M+UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzEyOWY4NmE2LWViMWUtNGFjMS1hNDVmLTI5MGFhOGRhMDEwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABWyq/9sdQ81Qe8zi4E7BEABtzsQ
OmFY6+bNRBtazEZMhKTc3ZuQ3Ky2T3ED8NR6rbcSqSP4IWJBqbVXH4cViFADInS7
P4aEi654aD10LMVAWFgFIa5Vv09f6iHk9c6XvYfd1kKbkF71TizN4fv1Kyq2pmKS
ga0phcxTONr0KBN0ExpHc+FL+Ks+7OUPmprMujYHheh7Vmi20JVTxLx5lOpJTbeC
+RQbzjll2S0pSxn9zm+ZV6gmJMuSmvAGNkG0wB7dS4kdg1dt7KSFNvcswzZUbaSG
BgBzaiPlDqDf4WWcbrDmdKtq8oA15AFqI5o40Ck7oHKmNfvxTd3hqnvtguM=
-----END CERTIFICATE-----