Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17ead2fe-4dde-4eb7-8c06-29eb16e99f3b.roa
File:                     17ead2fe-4dde-4eb7-8c06-29eb16e99f3b.roa (raw, json)
Hash identifier:          3sL6CX/knSK5kynpRWK0yok43Ygwdnx2ZQQBp9PM9jE=
Subject key identifier:   78:F8:C3:34:58:5C:BC:30:72:2A:F6:35:4F:27:EF:C5:54:0F:AB:CB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1312DC9AA549DAB512097BCC092044D088209B14
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17ead2fe-4dde-4eb7-8c06-29eb16e99f3b.roa
Signing time:             Tue 01 Aug 2023 00:00:00 +0000
ROA not before:           Tue 01 Aug 2023 00:00:00 +0000
ROA not after:            Tue 05 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:12:dc:9a:a5:49:da:b5:12:09:7b:cc:09:20:44:d0:88:20:9b:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  1 00:00:00 2023 GMT
            Not After : Sep  5 23:59:59 2023 GMT
        Subject: serialNumber=5b07faeea8306847d43adf572fa2b25e40269ae443b47fb0da3ff4e8a5d954db, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7d:b1:ba:a5:c5:4c:93:59:41:6b:3d:95:75:
                    56:39:06:4a:55:c8:e5:6f:0a:3d:5e:07:9b:8a:cb:
                    56:08:ba:66:c1:a5:54:18:8e:2f:5c:d0:f7:80:ba:
                    e6:d1:17:fe:47:44:12:ca:9d:c5:7b:ce:c8:88:30:
                    26:40:f8:c3:65:a6:ca:44:39:0d:f4:5e:cf:60:ad:
                    a9:63:26:86:aa:74:a7:d0:db:b6:55:81:d4:e3:38:
                    e3:6c:b9:4a:fe:ff:34:89:41:07:17:d3:d6:30:af:
                    8e:e3:02:32:e7:ed:38:2c:06:61:86:0e:23:62:5e:
                    5f:6c:b4:f5:a1:4b:07:ed:96:e4:16:ad:c9:40:b3:
                    32:bf:8d:3c:d6:be:af:e6:1a:84:7e:ba:fb:51:f3:
                    f4:22:72:5d:f9:c7:38:9d:8c:0e:a4:c0:81:c1:eb:
                    5e:8b:fd:8e:9f:d5:86:fa:aa:d2:06:eb:9e:d3:29:
                    75:d3:7e:b8:79:ac:ec:27:31:b3:34:ca:dc:c8:f1:
                    f8:19:7b:11:09:7b:52:b0:d4:cc:90:dd:24:87:48:
                    c5:0c:81:ae:b4:b8:a0:8a:29:b1:5e:08:39:a8:c6:
                    f7:b9:cc:3a:cf:0f:c2:c2:18:07:4f:db:d3:8d:c4:
                    93:99:8f:3a:6a:9f:a8:1a:5e:75:39:79:54:0e:3b:
                    9d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:F8:C3:34:58:5C:BC:30:72:2A:F6:35:4F:27:EF:C5:54:0F:AB:CB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17ead2fe-4dde-4eb7-8c06-29eb16e99f3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:fc:68:79:44:09:6f:51:3b:5f:0c:7d:60:a9:c9:43:b0:57:
         27:2b:8e:0b:00:18:1f:9d:5c:25:a5:58:01:08:68:34:1c:30:
         a4:ea:ea:f9:4e:5a:51:6c:62:0e:60:f6:32:d1:6c:e8:55:2f:
         b4:b6:e6:0d:9b:79:ca:3e:45:aa:f0:7b:7a:ea:bc:33:e6:50:
         3d:af:4d:85:37:ab:10:ee:6d:a7:0b:5a:37:db:ad:4a:d6:34:
         5d:13:53:c1:c1:3d:e3:11:18:c7:38:a5:ed:e4:ad:50:42:30:
         12:0f:00:fb:18:c4:3e:54:f9:7e:e4:f9:86:8f:b2:5e:e9:2f:
         ee:bc:ae:22:28:e8:c5:ff:4d:de:8d:ba:6a:34:fd:12:29:e2:
         df:72:e9:a1:41:ab:5d:94:73:cd:26:cb:e7:65:eb:17:cc:af:
         71:e0:97:30:77:02:f4:94:3d:b6:37:95:11:c4:c0:65:00:04:
         4e:14:a7:fb:17:41:ba:67:e2:55:b0:a8:4d:b2:ce:85:a8:63:
         46:c4:38:6f:73:41:8d:2a:37:73:87:9c:1e:06:80:70:cc:d2:
         f9:1f:79:f3:cc:16:da:d0:b7:f6:ba:c8:25:33:ba:07:1e:df:
         cf:46:29:f1:10:4d:89:d7:bf:4a:34:11:f3:a3:e4:9e:5c:d9:
         d1:63:b7:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUExLcmqVJ2rUSCXvMCSBE0IggmxQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODAxMDAwMDAwWhcNMjMwOTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YjA3ZmFlZWE4MzA2ODQ3ZDQzYWRmNTcyZmEyYjI1ZTQw
MjY5YWU0NDNiNDdmYjBkYTNmZjRlOGE1ZDk1NGRiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCKfbG6pcVMk1lBaz2VdVY5BkpVyOVvCj1eB5uKy1YIumbB
pVQYji9c0PeAuubRF/5HRBLKncV7zsiIMCZA+MNlpspEOQ30Xs9graljJoaqdKfQ
27ZVgdTjOONsuUr+/zSJQQcX09Ywr47jAjLn7TgsBmGGDiNiXl9stPWhSwftluQW
rclAszK/jTzWvq/mGoR+uvtR8/Qicl35xzidjA6kwIHB616L/Y6f1Yb6qtIG657T
KXXTfrh5rOwnMbM0ytzI8fgZexEJe1Kw1MyQ3SSHSMUMga60uKCKKbFeCDmoxve5
zDrPD8LCGAdP29ONxJOZjzpqn6gaXnU5eVQOO501AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUePjDNFhcvDByKvY1TyfvxVQPq8swHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE3ZWFkMmZlLTRkZGUtNGViNy04YzA2LTI5ZWIxNmU5OWYzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFv8aHlECW9RO18MfWCpyUOwVycr
jgsAGB+dXCWlWAEIaDQcMKTq6vlOWlFsYg5g9jLRbOhVL7S25g2beco+Rarwe3rq
vDPmUD2vTYU3qxDubacLWjfbrUrWNF0TU8HBPeMRGMc4pe3krVBCMBIPAPsYxD5U
+X7k+YaPsl7pL+68riIo6MX/Td6Numo0/RIp4t9y6aFBq12Uc80my+dl6xfMr3Hg
lzB3AvSUPbY3lRHEwGUABE4Up/sXQbpn4lWwqE2yzoWoY0bEOG9zQY0qN3OHnB4G
gHDM0vkfefPMFtrQt/a6yCUzugce389GKfEQTYnXv0o0EfOj5J5c2dFjt40=
-----END CERTIFICATE-----