Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2bbb8a07-4639-43ad-8f43-59c517bb8dd6.roa
File:                     2bbb8a07-4639-43ad-8f43-59c517bb8dd6.roa (raw, json)
Hash identifier:          UZqk+WV4fK6B7GFoBIhdfqDcUA+ZwE8ZnQLwNysL9HE=
Subject key identifier:   AE:69:16:AC:ED:EF:F6:77:BC:A4:AB:83:84:F9:0D:6A:CE:81:BB:18
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1AF97225D119874DD2DBCDCC6E21011B40C77396
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2bbb8a07-4639-43ad-8f43-59c517bb8dd6.roa
Signing time:             Wed 15 Nov 2023 00:00:00 +0000
ROA not before:           Wed 15 Nov 2023 00:00:00 +0000
ROA not after:            Wed 20 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:f9:72:25:d1:19:87:4d:d2:db:cd:cc:6e:21:01:1b:40:c7:73:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 15 00:00:00 2023 GMT
            Not After : Dec 20 23:59:59 2023 GMT
        Subject: serialNumber=2400afc93df8c80a6cec6ffdc6f04a2e6a5d707acab260b940219aa7d07d2678, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:5a:af:0e:6f:d1:7e:a1:af:15:a5:f2:49:1a:
                    33:c4:3f:bf:b9:36:e1:db:74:5b:aa:95:c3:37:3c:
                    b4:c5:34:23:d9:76:21:8a:18:6c:f8:a2:9a:4b:16:
                    96:34:1c:e6:0b:29:92:4b:ef:b6:2c:2c:4a:c6:fa:
                    08:e2:71:d5:fe:73:8a:45:08:c3:cd:70:77:53:7d:
                    87:c9:74:ea:80:c7:ba:30:6a:0f:84:a9:06:7c:ba:
                    77:83:7e:52:d3:41:a9:72:3e:47:e1:af:44:34:60:
                    c2:45:89:db:ab:cc:02:90:80:ab:8e:ff:01:c4:03:
                    59:e8:75:89:a7:86:60:c1:f0:af:ed:1e:66:e3:b3:
                    01:51:bd:ce:d4:a7:9d:03:f9:4e:c7:57:de:e9:dc:
                    f7:67:4e:ce:f0:db:a2:f9:c0:28:92:ac:f6:13:29:
                    e8:61:52:b5:2a:fa:70:5b:be:bf:39:d4:d1:74:45:
                    33:4a:50:cd:c1:5e:8f:b1:48:4b:11:5f:8e:99:73:
                    06:03:a8:d6:0b:3d:d7:83:af:02:c7:65:d5:91:96:
                    b4:4f:e2:3a:14:1c:72:8a:f0:49:3a:3e:95:41:3c:
                    a2:0d:9c:e7:fe:73:b7:e8:14:f5:a1:64:e5:f7:95:
                    78:92:49:d5:20:9a:70:a1:c0:88:58:ff:e7:c3:57:
                    3d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:69:16:AC:ED:EF:F6:77:BC:A4:AB:83:84:F9:0D:6A:CE:81:BB:18
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2bbb8a07-4639-43ad-8f43-59c517bb8dd6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:c0:52:88:b6:7d:58:db:46:ea:55:33:00:ee:64:24:45:8c:
         29:d4:1c:db:2a:e1:2d:65:0d:67:b9:57:c4:c8:d4:8e:4e:ca:
         c2:2b:11:d2:b5:57:86:3d:3d:ce:09:f4:1c:20:e9:93:14:35:
         9f:1a:cf:07:d3:74:4a:1b:f5:8e:a9:4b:86:bc:e2:39:43:06:
         92:7a:f7:1e:ea:24:cb:62:08:03:f4:6f:e2:d5:97:7d:01:36:
         ad:40:42:94:8e:f4:fe:70:eb:c2:0d:9e:a6:82:5a:c1:16:6c:
         f7:dd:37:0c:d4:ca:ec:68:15:2a:78:ae:dc:b4:1b:90:e2:f7:
         9f:19:d4:52:cd:57:ca:57:a8:36:43:aa:d0:7a:d8:09:b6:a4:
         f8:6f:40:28:c2:08:e1:5d:aa:7f:83:87:59:1a:94:a9:8a:46:
         dd:54:c3:ed:3e:4d:8d:50:e3:70:e2:2a:c9:f8:23:ea:7c:c7:
         cb:60:e1:13:26:f5:9c:3f:77:64:fc:c5:b3:23:4a:73:5f:d2:
         2d:71:d6:aa:fd:f0:99:79:19:02:52:4a:c7:f1:d4:f5:a8:bd:
         8a:12:8d:87:6c:4b:50:77:27:45:a8:d6:e8:d5:f5:d5:61:0c:
         e8:f4:67:47:7b:ec:2b:43:b7:37:50:07:0b:72:31:7a:19:aa:
         d3:a0:21:35
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGvlyJdEZh03S283MbiEBG0DHc5YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE1MDAwMDAwWhcNMjMxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDAwYWZjOTNkZjhjODBhNmNlYzZmZmRjNmYwNGEyZTZh
NWQ3MDdhY2FiMjYwYjk0MDIxOWFhN2QwN2QyNjc4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUWq8Ob9F+oa8VpfJJGjPEP7+5NuHbdFuqlcM3PLTFNCPZ
diGKGGz4oppLFpY0HOYLKZJL77YsLErG+gjicdX+c4pFCMPNcHdTfYfJdOqAx7ow
ag+EqQZ8uneDflLTQalyPkfhr0Q0YMJFidurzAKQgKuO/wHEA1nodYmnhmDB8K/t
HmbjswFRvc7Up50D+U7HV97p3PdnTs7w26L5wCiSrPYTKehhUrUq+nBbvr851NF0
RTNKUM3BXo+xSEsRX46ZcwYDqNYLPdeDrwLHZdWRlrRP4joUHHKK8Ek6PpVBPKIN
nOf+c7foFPWhZOX3lXiSSdUgmnChwIhY/+fDVz1NAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrmkWrO3v9ne8pKuDhPkNas6BuxgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJiYmI4YTA3LTQ2MzktNDNhZC04ZjQzLTU5YzUxN2JiOGRkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJHAUoi2fVjbRupVMwDuZCRFjCnU
HNsq4S1lDWe5V8TI1I5OysIrEdK1V4Y9Pc4J9Bwg6ZMUNZ8azwfTdEob9Y6pS4a8
4jlDBpJ69x7qJMtiCAP0b+LVl30BNq1AQpSO9P5w68INnqaCWsEWbPfdNwzUyuxo
FSp4rty0G5Di958Z1FLNV8pXqDZDqtB62Am2pPhvQCjCCOFdqn+Dh1kalKmKRt1U
w+0+TY1Q43DiKsn4I+p8x8tg4RMm9Zw/d2T8xbMjSnNf0i1x1qr98Jl5GQJSSsfx
1PWovYoSjYdsS1B3J0Wo1ujV9dVhDOj0Z0d77CtDtzdQBwtyMXoZqtOgITU=
-----END CERTIFICATE-----