Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/250a0c98-622f-4a9b-a086-38c9baea2218.roa
File:                     250a0c98-622f-4a9b-a086-38c9baea2218.roa (raw, json)
Hash identifier:          L/hrPUTYi1KNGOKnMpkK5KCEDIYrutdreWSmq2s5E1E=
Subject key identifier:   C0:70:F4:30:0E:32:12:01:70:08:DC:E6:C4:C8:77:7B:DA:A4:1D:96
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       237D609250DC93A13BA58E237AE1C2E267ABA08A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/250a0c98-622f-4a9b-a086-38c9baea2218.roa
Signing time:             Wed 27 Sep 2023 00:00:00 +0000
ROA not before:           Wed 27 Sep 2023 00:00:00 +0000
ROA not after:            Wed 01 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:7d:60:92:50:dc:93:a1:3b:a5:8e:23:7a:e1:c2:e2:67:ab:a0:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 27 00:00:00 2023 GMT
            Not After : Nov  1 23:59:59 2023 GMT
        Subject: serialNumber=ce7e832c5bf98b471ab585a1872a62d80781b164f58ccbf7a315bdfab732d666, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7c:2a:9e:fb:12:70:89:c9:a5:a3:74:e6:bd:
                    de:69:71:f8:82:18:2c:70:ae:97:f8:e2:09:e5:33:
                    81:df:d5:7e:f5:1d:f1:80:cd:9f:0b:a4:9b:1c:eb:
                    83:57:6a:dd:56:95:a5:a6:14:fa:42:0e:7f:2f:ac:
                    8b:eb:b2:91:cd:50:d3:d3:7f:67:42:f5:e7:c0:fd:
                    f7:3c:0a:bc:a5:27:91:c6:ff:68:fe:5a:df:77:2e:
                    bb:f0:c3:56:64:b8:54:c3:0c:c1:08:d7:6e:b7:44:
                    c7:a3:45:94:3f:0e:39:cf:b3:e4:ae:bc:9a:3d:00:
                    4b:97:b4:aa:92:ec:cd:2a:ac:3f:62:e8:85:a8:49:
                    41:b8:c7:28:aa:62:a2:8f:9e:d6:86:c2:17:f2:30:
                    30:66:83:00:bb:ea:fb:21:33:6e:a0:0c:04:87:39:
                    ab:3d:49:34:a0:8b:a9:7f:5f:26:5b:91:fc:de:b6:
                    de:52:7c:61:f0:69:9e:ea:0f:24:6e:45:47:05:8f:
                    74:b7:ce:59:55:01:e3:77:ab:a5:d8:3a:86:c7:af:
                    ac:dc:40:9d:e5:81:ac:cb:91:75:0b:e8:58:40:fe:
                    89:9f:d8:a2:a3:56:b0:63:4c:33:df:ce:07:c6:09:
                    78:c6:e1:5c:b5:c3:3f:1c:57:a9:bd:c7:ea:c6:65:
                    32:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:70:F4:30:0E:32:12:01:70:08:DC:E6:C4:C8:77:7B:DA:A4:1D:96
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/250a0c98-622f-4a9b-a086-38c9baea2218.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:22:5e:4b:79:71:5a:67:d7:56:ae:13:b8:14:34:c1:c2:12:
         4c:28:83:ca:02:13:9e:a6:d9:c7:78:48:8b:80:de:91:dd:43:
         2a:c9:4c:d8:6f:5a:68:ca:3e:83:c1:5e:70:e3:a8:8b:87:c6:
         67:6e:60:7e:8c:2a:f5:41:cb:0f:f7:f1:5e:49:af:9f:7c:74:
         15:3c:a1:3c:ba:6f:b7:45:08:3a:e4:13:00:71:86:4f:48:95:
         00:2d:4e:f9:5a:d9:30:22:e6:cb:97:87:24:b6:97:89:d7:34:
         69:fe:1c:f8:40:92:04:fb:95:39:d0:cd:94:d5:3e:2e:69:f8:
         ce:6e:bb:7c:bd:2c:c0:b6:80:09:b2:31:7c:e6:22:49:36:ad:
         29:94:8e:41:a2:93:5b:c3:f1:da:c0:07:76:24:ec:07:fd:da:
         e6:74:4b:6f:3b:24:ca:00:3d:7b:d8:74:87:aa:a0:25:2a:58:
         38:34:c6:de:10:5c:dc:19:bc:60:5e:a5:d5:b0:9e:93:0a:38:
         9b:d3:83:83:79:f1:2e:29:fe:ec:4c:82:ca:bd:e2:03:76:03:
         ef:fe:c5:0b:ab:13:61:12:63:45:fa:f6:2b:fa:f0:7f:58:2d:
         2f:b8:9e:bd:34:1c:88:0c:fc:51:a2:21:e8:f3:5c:46:f8:62:
         a5:be:35:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI31gklDck6E7pY4jeuHC4meroIowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI3MDAwMDAwWhcNMjMxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZTdlODMyYzViZjk4YjQ3MWFiNTg1YTE4NzJhNjJkODA3
ODFiMTY0ZjU4Y2NiZjdhMzE1YmRmYWI3MzJkNjY2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyfCqe+xJwicmlo3Tmvd5pcfiCGCxwrpf44gnlM4Hf1X71
HfGAzZ8LpJsc64NXat1WlaWmFPpCDn8vrIvrspHNUNPTf2dC9efA/fc8CrylJ5HG
/2j+Wt93Lrvww1ZkuFTDDMEI1263RMejRZQ/DjnPs+SuvJo9AEuXtKqS7M0qrD9i
6IWoSUG4xyiqYqKPntaGwhfyMDBmgwC76vshM26gDASHOas9STSgi6l/XyZbkfze
tt5SfGHwaZ7qDyRuRUcFj3S3zllVAeN3q6XYOobHr6zcQJ3lgazLkXUL6FhA/omf
2KKjVrBjTDPfzgfGCXjG4Vy1wz8cV6m9x+rGZTJbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwHD0MA4yEgFwCNzmxMh3e9qkHZYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI1MGEwYzk4LTYyMmYtNGE5Yi1hMDg2LTM4YzliYWVhMjIxOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKYiXkt5cVpn11auE7gUNMHCEkwo
g8oCE56m2cd4SIuA3pHdQyrJTNhvWmjKPoPBXnDjqIuHxmduYH6MKvVByw/38V5J
r598dBU8oTy6b7dFCDrkEwBxhk9IlQAtTvla2TAi5suXhyS2l4nXNGn+HPhAkgT7
lTnQzZTVPi5p+M5uu3y9LMC2gAmyMXzmIkk2rSmUjkGik1vD8drAB3Yk7Af92uZ0
S287JMoAPXvYdIeqoCUqWDg0xt4QXNwZvGBepdWwnpMKOJvTg4N58S4p/uxMgsq9
4gN2A+/+xQurE2ESY0X69iv68H9YLS+4nr00HIgM/FGiIejzXEb4YqW+Nag=
-----END CERTIFICATE-----