Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1cc39ed3-50be-4789-be1a-f98bef685946.roa
File:                     1cc39ed3-50be-4789-be1a-f98bef685946.roa (raw, json)
Hash identifier:          j2Wo3Ej/IfwIQcwmMMO10f6rWRnu8xMhgyuEfBepCiI=
Subject key identifier:   59:7C:0B:C2:D6:6C:BA:47:55:23:F4:EF:57:0C:66:55:CD:6D:BE:30
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3E275277B5D6A23AEBFDC5B9E358B00AE7A25609
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1cc39ed3-50be-4789-be1a-f98bef685946.roa
Signing time:             Tue 21 Nov 2023 00:00:00 +0000
ROA not before:           Tue 21 Nov 2023 00:00:00 +0000
ROA not after:            Tue 26 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:27:52:77:b5:d6:a2:3a:eb:fd:c5:b9:e3:58:b0:0a:e7:a2:56:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 21 00:00:00 2023 GMT
            Not After : Dec 26 23:59:59 2023 GMT
        Subject: serialNumber=750ca754c6e4b03395c6575ed1b443953eecfe3b6a98d64fff7ee6091c612b00, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:43:f1:da:6d:c0:7c:4b:5a:f9:24:b4:9d:44:
                    c2:bf:d2:a7:e3:3c:57:58:f0:95:10:fb:ec:b2:6d:
                    a9:50:f3:fc:55:33:f8:cf:f9:96:d4:04:de:2a:c4:
                    44:2f:6c:5b:23:fa:46:cd:42:9c:8c:30:83:ec:91:
                    91:3f:36:83:ec:20:07:ad:84:37:19:1d:a1:b5:83:
                    70:b2:27:32:b2:6b:07:1a:66:48:ef:f3:4c:fb:6c:
                    e1:5b:32:4c:92:1b:e4:4d:25:c9:85:cc:e5:7f:27:
                    7c:e8:74:ab:d8:19:92:af:92:e6:f9:64:d5:f5:76:
                    af:53:4f:55:37:07:6e:ff:f5:7b:c3:39:ac:bb:3d:
                    28:59:b9:ec:95:7e:31:03:f2:46:9c:2f:ad:d6:df:
                    b4:3b:5e:50:f1:a1:5c:d1:5e:28:4c:4a:a9:b6:fa:
                    52:44:81:5a:75:53:75:76:ec:2f:02:2e:4d:72:cd:
                    a4:d8:ea:5e:72:b2:de:11:87:9b:17:03:08:ea:f3:
                    ea:f9:7e:fc:c0:a6:bd:1f:1d:a9:e6:23:c5:15:d8:
                    3d:96:3d:a9:42:7c:68:22:f4:0b:65:e9:05:44:f7:
                    2f:72:11:8a:44:d0:22:5a:98:61:dd:15:6e:a9:bf:
                    01:a8:c2:53:fa:e0:a3:b7:72:47:c7:21:8f:7e:2c:
                    3e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:7C:0B:C2:D6:6C:BA:47:55:23:F4:EF:57:0C:66:55:CD:6D:BE:30
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1cc39ed3-50be-4789-be1a-f98bef685946.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:72:52:ab:09:ef:e6:58:c2:3e:38:00:2d:c8:86:48:88:77:
         fe:53:c1:62:41:a0:98:86:a7:1c:24:50:90:01:ac:3d:bf:70:
         02:97:d5:2f:da:c9:ac:d3:f5:4d:d1:fe:ab:9f:87:ce:41:b1:
         7b:b8:c6:c8:e6:73:cc:27:43:18:f6:a6:bc:d3:8c:99:30:c4:
         b0:bb:79:be:6a:7a:f6:ea:fc:3d:c1:cf:3c:54:13:53:d0:36:
         3e:8e:f5:5f:25:d0:1a:a8:ac:6d:0e:a1:c1:93:d0:38:72:03:
         7c:19:ca:10:97:97:be:f2:50:82:43:ac:26:a0:e5:d1:3f:ce:
         06:b4:c6:d7:bb:0f:a6:06:01:de:29:cb:d6:c3:55:5a:75:c0:
         93:50:ac:d5:20:1e:b2:67:ce:90:d6:5f:75:78:54:68:61:02:
         17:a9:1e:0d:39:b2:70:1e:7c:8d:46:49:c2:06:c8:1e:4f:33:
         f9:68:41:67:2f:d7:5c:81:f4:fb:64:77:d3:10:42:5c:9f:33:
         10:be:c1:71:7b:05:a5:12:cc:5c:b4:03:64:a6:f4:52:e6:8f:
         72:66:5e:4f:c4:8c:e0:c5:6d:f8:8b:e9:86:e7:a0:c4:d8:9d:
         82:46:ff:6b:6f:f6:0d:a6:86:57:c5:d5:50:eb:59:e6:e9:ac:
         71:56:51:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPidSd7XWojrr/cW541iwCueiVgkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTIxMDAwMDAwWhcNMjMxMjI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTBjYTc1NGM2ZTRiMDMzOTVjNjU3NWVkMWI0NDM5NTNl
ZWNmZTNiNmE5OGQ2NGZmZjdlZTYwOTFjNjEyYjAwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPQ/HabcB8S1r5JLSdRMK/0qfjPFdY8JUQ++yybalQ8/xV
M/jP+ZbUBN4qxEQvbFsj+kbNQpyMMIPskZE/NoPsIAethDcZHaG1g3CyJzKyawca
Zkjv80z7bOFbMkySG+RNJcmFzOV/J3zodKvYGZKvkub5ZNX1dq9TT1U3B27/9XvD
Oay7PShZueyVfjED8kacL63W37Q7XlDxoVzRXihMSqm2+lJEgVp1U3V27C8CLk1y
zaTY6l5yst4Rh5sXAwjq8+r5fvzApr0fHanmI8UV2D2WPalCfGgi9Atl6QVE9y9y
EYpE0CJamGHdFW6pvwGowlP64KO3ckfHIY9+LD5VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWXwLwtZsukdVI/TvVwxmVc1tvjAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFjYzM5ZWQzLTUwYmUtNDc4OS1iZTFhLWY5OGJlZjY4NTk0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD9yUqsJ7+ZYwj44AC3IhkiId/5T
wWJBoJiGpxwkUJABrD2/cAKX1S/ayazT9U3R/qufh85BsXu4xsjmc8wnQxj2przT
jJkwxLC7eb5qevbq/D3BzzxUE1PQNj6O9V8l0BqorG0OocGT0DhyA3wZyhCXl77y
UIJDrCag5dE/zga0xte7D6YGAd4py9bDVVp1wJNQrNUgHrJnzpDWX3V4VGhhAhep
Hg05snAefI1GScIGyB5PM/loQWcv11yB9Ptkd9MQQlyfMxC+wXF7BaUSzFy0A2Sm
9FLmj3JmXk/EjODFbfiL6YbnoMTYnYJG/2tv9g2mhlfF1VDrWebprHFWUU4=
-----END CERTIFICATE-----