Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/232aad9c-8e72-4f27-aee7-770c813d258b.roa
File:                     232aad9c-8e72-4f27-aee7-770c813d258b.roa (raw, json)
Hash identifier:          H8uHr76RkN9xMxzgxN4iT3MXiFYyezgArSV9EAytBSU=
Subject key identifier:   58:69:72:B1:3E:39:AA:B3:1F:80:73:98:19:06:C9:14:21:E5:35:40
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       22845BFA736D815AEC1B34711E8E6ED5B6E71F8B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/232aad9c-8e72-4f27-aee7-770c813d258b.roa
Signing time:             Sat 23 Dec 2023 00:00:00 +0000
ROA not before:           Sat 23 Dec 2023 00:00:00 +0000
ROA not after:            Sat 27 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:84:5b:fa:73:6d:81:5a:ec:1b:34:71:1e:8e:6e:d5:b6:e7:1f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 23 00:00:00 2023 GMT
            Not After : Jan 27 23:59:59 2024 GMT
        Subject: serialNumber=4da18974b941bec8ae270d7101e20975e318fae8135d31f91c1ddb6b505b838d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:96:1b:df:b9:0b:35:0b:3f:88:37:39:2c:88:
                    9c:23:7d:b7:50:24:25:bc:e2:72:26:68:03:ec:23:
                    4f:ba:80:8e:c1:b6:ce:65:ee:e2:4e:0a:f1:cd:05:
                    fa:c7:9a:bb:82:fb:db:a4:4d:34:b8:86:0a:70:2a:
                    36:cc:90:62:e5:f0:8a:3a:2a:59:fe:fb:92:b0:4b:
                    b1:22:00:a4:b4:f8:14:bd:51:67:ef:81:37:70:55:
                    d4:a8:07:c6:0c:dd:74:87:86:1c:df:d3:84:fb:69:
                    c8:f3:29:06:b4:82:6b:9b:26:ce:9a:42:5f:ff:a5:
                    02:61:8b:0e:ec:2a:ed:de:f7:69:38:5a:54:16:5c:
                    91:6a:73:0e:02:a2:f7:a0:b3:4e:5d:4c:98:b2:ec:
                    ba:c5:75:34:51:27:ba:1a:ce:3a:e0:f6:d8:45:ec:
                    bc:8d:e0:42:da:6d:c9:00:77:f5:7d:9a:82:5a:20:
                    c9:cc:48:d9:bd:ff:87:bf:94:05:1e:0b:84:a1:42:
                    f7:3e:2c:c0:e8:b3:51:1b:24:76:36:e5:a9:c5:08:
                    54:ef:07:51:b7:f0:da:34:0a:05:23:36:ec:b6:9f:
                    23:d7:4c:0d:22:10:b8:4b:67:5f:2a:78:50:7c:6f:
                    f5:60:dc:9c:8e:7c:c1:ac:6f:07:30:4b:ef:fa:76:
                    03:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:69:72:B1:3E:39:AA:B3:1F:80:73:98:19:06:C9:14:21:E5:35:40
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/232aad9c-8e72-4f27-aee7-770c813d258b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:64:c7:60:e7:e3:b9:31:14:9f:2c:5b:03:19:1e:91:df:d3:
         9f:d5:8b:d0:ab:dc:08:99:25:0c:40:8e:9b:e2:4e:17:d8:fc:
         1c:8f:45:8a:bc:e2:c1:84:4d:46:fc:b7:af:f9:0a:44:75:cf:
         60:3a:32:f7:1b:85:87:b7:ed:b4:b3:d2:21:33:86:17:75:02:
         86:39:b8:ed:0f:cc:09:c9:1f:d2:67:3c:3d:57:0f:2f:bd:53:
         fe:7f:3b:db:c8:9c:a6:6a:fc:f1:75:0e:bb:0e:bb:fb:22:25:
         84:56:5e:a9:5f:41:1a:d1:b5:96:9d:5e:30:ca:e1:40:b2:74:
         62:a6:9b:00:96:03:a6:16:d1:8d:15:7d:54:bf:51:26:d1:a1:
         e2:32:e4:92:10:40:a7:e1:4d:56:e0:60:79:50:5c:b1:74:4b:
         6f:50:e5:a9:3c:7c:a6:37:0d:60:57:99:c3:0f:a3:9e:3a:30:
         32:09:b4:bd:11:2a:21:33:b4:12:aa:0e:e0:21:c2:1b:94:10:
         c0:fc:28:cb:d1:d5:51:54:4c:f6:07:ef:58:4f:fb:48:f9:63:
         61:ad:7e:79:1f:24:55:b6:1e:c2:ed:8f:37:d3:e0:6a:66:63:
         3e:e3:ba:20:a3:b2:8b:53:3c:ad:1c:ee:9f:12:fa:7c:5d:7e:
         a7:ed:67:05
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIoRb+nNtgVrsGzRxHo5u1bbnH4swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjIzMDAwMDAwWhcNMjQwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZGExODk3NGI5NDFiZWM4YWUyNzBkNzEwMWUyMDk3NWUz
MThmYWU4MTM1ZDMxZjkxYzFkZGI2YjUwNWI4MzhkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjlhvfuQs1Cz+INzksiJwjfbdQJCW84nImaAPsI0+6gI7B
ts5l7uJOCvHNBfrHmruC+9ukTTS4hgpwKjbMkGLl8Io6Kln++5KwS7EiAKS0+BS9
UWfvgTdwVdSoB8YM3XSHhhzf04T7acjzKQa0gmubJs6aQl//pQJhiw7sKu3e92k4
WlQWXJFqcw4Covegs05dTJiy7LrFdTRRJ7oazjrg9thF7LyN4ELabckAd/V9moJa
IMnMSNm9/4e/lAUeC4ShQvc+LMDos1EbJHY25anFCFTvB1G38No0CgUjNuy2nyPX
TA0iELhLZ18qeFB8b/Vg3JyOfMGsbwcwS+/6dgPBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWGlysT45qrMfgHOYGQbJFCHlNUAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIzMmFhZDljLThlNzItNGYyNy1hZWU3LTc3MGM4MTNkMjU4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJpkx2Dn47kxFJ8sWwMZHpHf05/V
i9Cr3AiZJQxAjpviThfY/ByPRYq84sGETUb8t6/5CkR1z2A6MvcbhYe37bSz0iEz
hhd1AoY5uO0PzAnJH9JnPD1XDy+9U/5/O9vInKZq/PF1DrsOu/siJYRWXqlfQRrR
tZadXjDK4UCydGKmmwCWA6YW0Y0VfVS/USbRoeIy5JIQQKfhTVbgYHlQXLF0S29Q
5ak8fKY3DWBXmcMPo546MDIJtL0RKiEztBKqDuAhwhuUEMD8KMvR1VFUTPYH71hP
+0j5Y2GtfnkfJFW2HsLtjzfT4GpmYz7juiCjsotTPK0c7p8S+nxdfqftZwU=
-----END CERTIFICATE-----