Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2b5a40de-8dc7-420e-80fe-bf957dbe99f4.roa
File:                     2b5a40de-8dc7-420e-80fe-bf957dbe99f4.roa (raw, json)
Hash identifier:          UH50P3akwVNJN+6BjhiSKjJUYD/a7UhbcdFIAA/VEGM=
Subject key identifier:   78:55:9C:26:B3:9F:5A:EA:EB:6B:41:15:B1:A4:9F:F2:12:00:71:A8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4F88BD681E16E94C25FC195D0C1157C1DEC0CE9F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2b5a40de-8dc7-420e-80fe-bf957dbe99f4.roa
Signing time:             Sun 26 Nov 2023 00:00:00 +0000
ROA not before:           Sun 26 Nov 2023 00:00:00 +0000
ROA not after:            Sun 31 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:88:bd:68:1e:16:e9:4c:25:fc:19:5d:0c:11:57:c1:de:c0:ce:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 26 00:00:00 2023 GMT
            Not After : Dec 31 23:59:59 2023 GMT
        Subject: serialNumber=ad2ad24757c76852ffca3acbe886dc50bf39cdf4db5c6a9ad7b6b2cc2a0b5a82, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:44:e0:a1:62:63:35:1f:1a:c5:5c:05:07:99:
                    72:a0:fb:c2:2b:00:3a:b6:60:83:e6:52:4d:1e:eb:
                    c4:87:e8:f5:47:e9:50:64:86:b5:48:e4:8f:20:9f:
                    18:29:3e:80:9f:2f:08:fc:54:4f:ae:50:0b:e3:c6:
                    78:3f:d3:7d:a8:81:04:f2:1a:d6:83:4e:1a:cc:ef:
                    b8:f9:1a:32:f0:0b:cf:7e:bc:30:ce:5d:07:2e:4f:
                    f0:3c:94:da:d5:68:10:54:04:c6:98:0f:41:f9:02:
                    26:a6:77:5f:01:60:f8:4d:a8:a3:cc:33:4f:07:a3:
                    58:3b:7c:f4:04:f3:4f:1f:33:b5:1b:72:4a:8b:fc:
                    ec:5b:cf:b7:08:e6:2c:ec:79:12:ed:e7:97:7d:43:
                    b6:05:7f:cc:3f:ef:cf:56:3e:67:25:4d:72:03:af:
                    73:57:01:db:48:5f:87:e2:93:af:17:ea:f0:a1:ed:
                    cd:f3:7d:52:63:dd:b4:07:b1:3e:3a:e5:f0:62:4e:
                    43:74:d2:ec:d5:fe:36:92:52:37:10:fa:76:13:e4:
                    e2:1a:ef:71:54:12:21:e5:f5:10:0d:6b:4e:1f:9b:
                    0d:f3:6b:a3:ef:62:ec:38:fd:f1:1c:fc:21:18:cb:
                    74:27:02:3e:1b:ae:dd:80:06:dd:bd:ce:02:97:15:
                    ec:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:55:9C:26:B3:9F:5A:EA:EB:6B:41:15:B1:A4:9F:F2:12:00:71:A8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2b5a40de-8dc7-420e-80fe-bf957dbe99f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:c1:17:32:05:25:ab:05:f5:ec:be:f2:25:bc:23:2e:e7:34:
         99:20:13:b9:47:4d:1e:0b:1d:10:e8:84:4f:36:07:c9:40:78:
         f1:0c:8a:7a:38:33:ea:43:89:ea:e9:85:67:b6:43:aa:29:e9:
         2c:b8:52:0d:a8:ad:f7:5f:a0:51:16:4f:06:a5:ff:23:41:d1:
         fb:e8:4e:93:1d:d7:c7:02:85:c3:73:8e:b1:a0:90:f7:67:36:
         9d:9b:27:82:a1:6e:dc:60:66:86:c0:a5:b5:2e:6d:d2:6b:5e:
         1f:1f:c3:01:76:16:91:ea:35:50:f0:5c:f9:69:d8:5a:62:3a:
         a5:6e:f4:8d:f2:f8:5a:93:3f:ff:4e:34:ea:65:40:81:de:de:
         a5:62:9e:72:a2:a3:a5:30:c5:7d:74:9d:74:40:6b:66:4d:dc:
         8d:8f:b8:31:0e:3d:b9:8b:42:11:5e:62:48:18:fb:42:51:2d:
         1b:86:c0:63:00:9a:05:7d:9f:f8:e6:71:3c:9e:25:87:29:d3:
         c6:ba:1f:57:a5:32:aa:ba:67:b2:58:cf:58:4e:db:37:9c:6b:
         b7:36:05:27:1b:dd:3f:c9:ea:2a:3e:36:fd:53:be:55:08:00:
         fd:db:7b:4c:ff:64:7b:a0:83:0a:d3:f4:a1:1b:28:9b:64:94:
         91:b7:1d:f2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT4i9aB4W6Uwl/BldDBFXwd7Azp8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTI2MDAwMDAwWhcNMjMxMjMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDJhZDI0NzU3Yzc2ODUyZmZjYTNhY2JlODg2ZGM1MGJm
MzljZGY0ZGI1YzZhOWFkN2I2YjJjYzJhMGI1YTgyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvROChYmM1HxrFXAUHmXKg+8IrADq2YIPmUk0e68SH6PVH
6VBkhrVI5I8gnxgpPoCfLwj8VE+uUAvjxng/032ogQTyGtaDThrM77j5GjLwC89+
vDDOXQcuT/A8lNrVaBBUBMaYD0H5Aiamd18BYPhNqKPMM08Ho1g7fPQE808fM7Ub
ckqL/Oxbz7cI5izseRLt55d9Q7YFf8w/789WPmclTXIDr3NXAdtIX4fik68X6vCh
7c3zfVJj3bQHsT465fBiTkN00uzV/jaSUjcQ+nYT5OIa73FUEiHl9RANa04fmw3z
a6PvYuw4/fEc/CEYy3QnAj4brt2ABt29zgKXFey/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeFWcJrOfWurra0EVsaSf8hIAcagwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJiNWE0MGRlLThkYzctNDIwZS04MGZlLWJmOTU3ZGJlOTlmNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACPBFzIFJasF9ey+8iW8Iy7nNJkg
E7lHTR4LHRDohE82B8lAePEMino4M+pDierphWe2Q6op6Sy4Ug2orfdfoFEWTwal
/yNB0fvoTpMd18cChcNzjrGgkPdnNp2bJ4KhbtxgZobApbUubdJrXh8fwwF2FpHq
NVDwXPlp2FpiOqVu9I3y+FqTP/9ONOplQIHe3qVinnKio6UwxX10nXRAa2ZN3I2P
uDEOPbmLQhFeYkgY+0JRLRuGwGMAmgV9n/jmcTyeJYcp08a6H1elMqq6Z7JYz1hO
2zeca7c2BScb3T/J6io+Nv1TvlUIAP3be0z/ZHuggwrT9KEbKJtklJG3HfI=
-----END CERTIFICATE-----