Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/19104f6e-c455-4e5a-a169-2db029556a7f.roa
File:                     19104f6e-c455-4e5a-a169-2db029556a7f.roa (raw, json)
Hash identifier:          rs08KOdEjK0yo3kuLA2lcLDuNYiZK2P7yVjLhLJDkAQ=
Subject key identifier:   3E:9F:F3:6D:1F:43:FF:92:92:CC:6E:52:D3:FA:FD:5B:6F:56:D8:15
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       65C8BF03AEEDABB861E1EAD1E5C6E6B8EB0DC418
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/19104f6e-c455-4e5a-a169-2db029556a7f.roa
Signing time:             Mon 13 Nov 2023 00:00:00 +0000
ROA not before:           Mon 13 Nov 2023 00:00:00 +0000
ROA not after:            Mon 18 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:c8:bf:03:ae:ed:ab:b8:61:e1:ea:d1:e5:c6:e6:b8:eb:0d:c4:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 13 00:00:00 2023 GMT
            Not After : Dec 18 23:59:59 2023 GMT
        Subject: serialNumber=3e12e66466e5bff5cb1428ad97dc9f03d9b1624d732a97a272e4606815dfe801, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:78:c6:a3:ee:98:4c:17:63:a2:2e:02:2b:ce:
                    a7:41:15:8d:db:45:69:a8:f1:59:09:48:e1:cc:f7:
                    27:d1:7f:7e:9e:d1:97:9f:5b:dd:ab:61:42:a1:04:
                    eb:2a:3f:5b:2e:a7:73:fd:74:98:ea:06:17:75:58:
                    72:63:59:5e:23:79:0c:67:6b:53:4a:c7:bd:09:ed:
                    b3:01:c7:23:2e:fb:44:18:15:81:1a:cc:62:25:cd:
                    7a:ba:ba:f6:e1:74:b8:27:d3:7d:e1:85:48:5b:32:
                    22:38:6e:03:bb:1d:af:b6:0b:2c:22:46:27:b6:d7:
                    4f:22:d5:66:ba:90:5e:4d:bb:16:2a:e5:80:d6:a5:
                    27:3d:2c:2d:67:55:c9:54:a7:32:06:7a:1b:1c:e0:
                    5b:db:d3:0d:72:95:79:09:76:0d:ba:7e:f8:4d:b2:
                    79:b4:f1:69:18:41:c4:19:17:45:80:a1:b4:3c:35:
                    54:36:2b:01:7b:02:49:26:3b:d7:f7:26:1c:c6:35:
                    7c:89:67:45:60:72:d0:a8:4b:30:60:04:5d:b7:d2:
                    ac:85:d1:a9:ea:31:55:20:c0:a8:39:53:39:74:01:
                    6b:ef:bd:99:37:b6:20:9a:f4:68:d4:1d:99:bf:03:
                    1b:54:17:15:51:8c:9e:cf:14:d7:77:ac:bd:8c:6e:
                    c9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:9F:F3:6D:1F:43:FF:92:92:CC:6E:52:D3:FA:FD:5B:6F:56:D8:15
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/19104f6e-c455-4e5a-a169-2db029556a7f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:6d:fc:d4:5f:3b:b8:25:b8:8b:18:23:72:23:8c:6c:4f:6c:
         ca:17:c5:d9:5f:e4:e9:66:36:d8:2d:eb:08:b0:0c:a4:aa:06:
         a1:26:52:38:d9:aa:c2:93:88:38:2d:37:9e:30:ea:77:4c:7f:
         93:27:7f:cf:d5:f9:e6:eb:f7:7b:bc:76:35:a4:a3:68:f8:2c:
         03:89:7c:cf:ae:d8:11:dc:3c:9a:92:0f:5b:ad:fd:2a:40:ca:
         61:9f:d4:42:20:c1:97:6d:4f:47:ab:ec:b1:63:ce:72:b1:5c:
         d3:e6:0a:ee:24:0b:68:02:d7:12:8f:37:39:1b:e9:03:35:54:
         96:c0:3c:16:27:2c:f7:10:cf:c6:91:14:32:3a:a2:e5:cb:bd:
         49:5e:c6:72:a3:b6:bb:49:14:0b:ec:ba:89:d8:c9:8e:2d:dd:
         65:b9:00:fc:57:9a:25:fd:5e:da:1f:b1:5d:ae:e3:f3:e4:0a:
         51:ee:6d:63:cd:28:1c:0a:28:e2:7c:db:15:c8:7e:43:02:f1:
         2e:c2:7c:7e:a3:69:3f:79:b0:09:64:98:71:2e:dc:be:2e:0b:
         5e:bb:a1:e0:8d:d4:68:ee:7d:8b:98:a3:f3:81:13:10:9b:40:
         a7:89:b3:6b:da:fe:b5:ad:0d:f9:b8:07:83:b7:19:05:4b:03:
         42:ea:e9:a0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZci/A67tq7hh4erR5cbmuOsNxBgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTEzMDAwMDAwWhcNMjMxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZTEyZTY2NDY2ZTViZmY1Y2IxNDI4YWQ5N2RjOWYwM2Q5
YjE2MjRkNzMyYTk3YTI3MmU0NjA2ODE1ZGZlODAxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEeMaj7phMF2OiLgIrzqdBFY3bRWmo8VkJSOHM9yfRf36e
0ZefW92rYUKhBOsqP1sup3P9dJjqBhd1WHJjWV4jeQxna1NKx70J7bMBxyMu+0QY
FYEazGIlzXq6uvbhdLgn033hhUhbMiI4bgO7Ha+2CywiRie2108i1Wa6kF5NuxYq
5YDWpSc9LC1nVclUpzIGehsc4Fvb0w1ylXkJdg26fvhNsnm08WkYQcQZF0WAobQ8
NVQ2KwF7AkkmO9f3JhzGNXyJZ0VgctCoSzBgBF230qyF0anqMVUgwKg5Uzl0AWvv
vZk3tiCa9GjUHZm/AxtUFxVRjJ7PFNd3rL2MbsnLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPp/zbR9D/5KSzG5S0/r9W29W2BUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE5MTA0ZjZlLWM0NTUtNGU1YS1hMTY5LTJkYjAyOTU1NmE3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEht/NRfO7gluIsYI3IjjGxPbMoX
xdlf5OlmNtgt6wiwDKSqBqEmUjjZqsKTiDgtN54w6ndMf5Mnf8/V+ebr93u8djWk
o2j4LAOJfM+u2BHcPJqSD1ut/SpAymGf1EIgwZdtT0er7LFjznKxXNPmCu4kC2gC
1xKPNzkb6QM1VJbAPBYnLPcQz8aRFDI6ouXLvUlexnKjtrtJFAvsuonYyY4t3WW5
APxXmiX9XtofsV2u4/PkClHubWPNKBwKKOJ82xXIfkMC8S7CfH6jaT95sAlkmHEu
3L4uC167oeCN1GjufYuYo/OBExCbQKeJs2va/rWtDfm4B4O3GQVLA0Lq6aA=
-----END CERTIFICATE-----