Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17aff6d9-6243-411d-914d-618b09a5d222.roa
File:                     17aff6d9-6243-411d-914d-618b09a5d222.roa (raw, json)
Hash identifier:          yeSWEDZvSX/d/ne9HoXNmsNvmiwTnbrAV0XqvkjEZMQ=
Subject key identifier:   8F:5A:8D:02:BF:8A:75:8E:B2:02:0C:87:C2:C2:DF:F5:BA:BE:98:30
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       09A383D9B4290AC3E093C5BD145EDECB0B993391
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17aff6d9-6243-411d-914d-618b09a5d222.roa
Signing time:             Sun 05 Nov 2023 00:00:00 +0000
ROA not before:           Sun 05 Nov 2023 00:00:00 +0000
ROA not after:            Sun 10 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:a3:83:d9:b4:29:0a:c3:e0:93:c5:bd:14:5e:de:cb:0b:99:33:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  5 00:00:00 2023 GMT
            Not After : Dec 10 23:59:59 2023 GMT
        Subject: serialNumber=5a9e450aa88964ef698c6c320a13eddc911655fe672e268f63b8e9bc4ed1d5ac, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:a0:9e:c9:0f:92:16:10:d2:74:dc:68:fe:62:
                    77:aa:80:51:72:d8:db:b2:5f:33:4d:d2:5f:24:03:
                    0f:e8:41:6e:22:d9:d5:61:de:7d:2f:08:ea:68:83:
                    2b:23:14:f4:c5:05:52:ab:ab:91:5d:bc:20:03:ab:
                    de:3f:03:30:7b:51:04:49:92:46:2f:48:3f:b7:86:
                    88:10:d1:f8:71:ff:fb:a5:0b:8d:7b:09:4a:2b:08:
                    db:69:61:15:f9:89:c8:3f:b7:9d:b2:ad:69:05:c9:
                    7c:d6:27:3b:4a:d1:52:7b:b5:cf:00:cc:4e:d1:06:
                    e8:e0:eb:ed:90:6a:8e:46:5f:3f:71:6d:e4:26:d0:
                    ef:2f:13:96:4c:c5:bc:29:f0:10:45:1f:ce:c0:1d:
                    ab:29:d1:fc:a8:81:f9:41:27:c4:3c:58:44:01:2c:
                    cf:d1:f7:1c:70:cd:cf:e5:b8:3b:7f:62:2a:36:fe:
                    05:c1:63:ef:35:f4:12:19:fe:85:6f:68:3e:89:af:
                    74:11:8c:76:c4:4b:d6:e0:f4:6f:e0:72:2b:8b:9f:
                    da:64:69:83:67:c2:56:94:d3:15:f1:75:bd:54:6c:
                    80:ee:a5:ec:14:ae:78:b6:fd:ee:4f:45:9a:96:75:
                    c5:33:4a:bf:d9:4e:31:6d:34:26:aa:b6:35:bf:cc:
                    fd:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:5A:8D:02:BF:8A:75:8E:B2:02:0C:87:C2:C2:DF:F5:BA:BE:98:30
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17aff6d9-6243-411d-914d-618b09a5d222.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:97:35:71:5b:46:ba:88:1a:7d:c1:10:2a:a5:f6:ad:af:e6:
         4f:cd:04:21:cd:f6:0f:a7:09:97:80:13:81:bb:27:63:a8:d7:
         cc:4c:11:20:2d:93:56:44:a6:88:3a:7f:96:7b:42:75:ac:ec:
         11:b6:27:ed:4e:0b:67:e0:51:0f:af:7b:f1:74:b2:83:0d:7a:
         c9:b8:28:80:65:d9:e1:39:1a:12:fc:bd:c3:90:ca:46:b4:03:
         b8:2a:15:65:a4:7d:5e:d3:06:da:0d:c1:4d:43:04:05:ae:96:
         fa:a6:bf:31:56:91:cb:80:d8:38:40:64:43:ab:a6:83:da:88:
         24:50:70:af:d9:78:2e:4d:a3:f8:11:02:ed:13:70:35:c3:fe:
         33:ab:fb:bf:01:2d:62:c1:9b:ac:8e:72:64:6b:37:5c:ce:fe:
         01:5f:75:87:0f:d0:31:16:a8:b9:dc:c6:d7:6c:c0:62:82:78:
         5a:b7:c1:11:6a:3e:2c:7a:d9:3a:fd:28:24:96:88:81:02:e2:
         a2:a0:2a:37:4d:df:85:d2:3f:eb:79:ee:80:9f:a9:d5:57:a3:
         ea:cb:4e:9b:55:4c:c2:b0:33:97:f1:e4:b9:f4:59:4f:45:14:
         50:84:cc:15:2d:64:f6:d5:0a:6f:ec:65:eb:1c:5f:94:28:99:
         d2:ee:16:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCaOD2bQpCsPgk8W9FF7eywuZM5EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA1MDAwMDAwWhcNMjMxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTllNDUwYWE4ODk2NGVmNjk4YzZjMzIwYTEzZWRkYzkx
MTY1NWZlNjcyZTI2OGY2M2I4ZTliYzRlZDFkNWFjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnoJ7JD5IWENJ03Gj+YneqgFFy2NuyXzNN0l8kAw/oQW4i
2dVh3n0vCOpogysjFPTFBVKrq5FdvCADq94/AzB7UQRJkkYvSD+3hogQ0fhx//ul
C417CUorCNtpYRX5icg/t52yrWkFyXzWJztK0VJ7tc8AzE7RBujg6+2Qao5GXz9x
beQm0O8vE5ZMxbwp8BBFH87AHasp0fyogflBJ8Q8WEQBLM/R9xxwzc/luDt/Yio2
/gXBY+819BIZ/oVvaD6Jr3QRjHbES9bg9G/gciuLn9pkaYNnwlaU0xXxdb1UbIDu
pewUrni2/e5PRZqWdcUzSr/ZTjFtNCaqtjW/zP31AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUj1qNAr+KdY6yAgyHwsLf9bq+mDAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE3YWZmNmQ5LTYyNDMtNDExZC05MTRkLTYxOGIwOWE1ZDIyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG2XNXFbRrqIGn3BECql9q2v5k/N
BCHN9g+nCZeAE4G7J2Oo18xMESAtk1ZEpog6f5Z7QnWs7BG2J+1OC2fgUQ+ve/F0
soMNesm4KIBl2eE5GhL8vcOQyka0A7gqFWWkfV7TBtoNwU1DBAWulvqmvzFWkcuA
2DhAZEOrpoPaiCRQcK/ZeC5No/gRAu0TcDXD/jOr+78BLWLBm6yOcmRrN1zO/gFf
dYcP0DEWqLncxtdswGKCeFq3wRFqPix62Tr9KCSWiIEC4qKgKjdN34XSP+t57oCf
qdVXo+rLTptVTMKwM5fx5Ln0WU9FFFCEzBUtZPbVCm/sZescX5QomdLuFo0=
-----END CERTIFICATE-----