Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2c8ac9e9-01b4-4523-94df-2fdcb7c8d8c9.roa
File:                     2c8ac9e9-01b4-4523-94df-2fdcb7c8d8c9.roa (raw, json)
Hash identifier:          tFpBifIKwVzXR6qHFV8gvKlvO9WYagIpxhKR1FdVy3w=
Subject key identifier:   2D:3A:9B:F1:75:32:B8:A8:0D:76:FD:19:92:DE:CA:1D:D7:65:D7:71
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       629F8F41D2D3EF33D6751B5099AE28285245FDC3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2c8ac9e9-01b4-4523-94df-2fdcb7c8d8c9.roa
Signing time:             Thu 21 Sep 2023 00:00:00 +0000
ROA not before:           Thu 21 Sep 2023 00:00:00 +0000
ROA not after:            Thu 26 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:9f:8f:41:d2:d3:ef:33:d6:75:1b:50:99:ae:28:28:52:45:fd:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 21 00:00:00 2023 GMT
            Not After : Oct 26 23:59:59 2023 GMT
        Subject: serialNumber=34849724a4d3d89d3d13d3dda194a70452638f72137fe4f7938a9d43f40d58bd, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ef:47:6c:c0:e4:41:de:e6:ed:52:fe:ce:54:
                    dd:15:e7:00:d0:c6:b5:23:b1:2e:2c:aa:96:da:e4:
                    fc:e9:d0:04:e2:79:b8:7a:b0:bb:76:d3:eb:0d:1b:
                    ab:1a:53:20:bb:62:df:40:74:b3:74:7d:8a:48:ef:
                    ee:16:10:bd:39:c4:ac:ce:e5:a2:7f:58:c4:7e:1e:
                    6c:7c:da:69:b6:fe:b1:99:32:93:d8:e3:04:0a:d3:
                    bb:40:99:8c:85:16:f5:e6:9f:17:5f:0c:3b:bf:b4:
                    5f:6e:78:cb:30:31:79:05:a4:b8:07:28:b6:bd:e1:
                    6d:69:d7:81:95:a5:e4:d0:ad:bf:2a:af:7f:a8:dd:
                    05:83:4a:87:b0:f1:ec:bb:84:ba:67:52:69:0b:c0:
                    09:2d:8c:6f:ef:29:84:8c:08:10:6b:b3:1f:86:6e:
                    c5:54:0b:d6:90:d6:15:11:f4:a2:f5:4e:30:e5:51:
                    bc:02:53:de:53:de:ed:b3:bb:e3:9a:fe:64:a9:e1:
                    ff:03:d7:28:3b:fc:3c:67:0a:8c:c6:8a:86:d8:4a:
                    4b:60:ca:b0:6b:ab:b1:3d:e0:f3:31:fc:3f:39:88:
                    6e:bc:16:48:0f:22:4d:7d:33:cb:7f:70:f9:d5:9c:
                    31:4d:10:9f:fa:c0:4d:07:bc:87:79:37:13:f9:51:
                    1b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:3A:9B:F1:75:32:B8:A8:0D:76:FD:19:92:DE:CA:1D:D7:65:D7:71
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2c8ac9e9-01b4-4523-94df-2fdcb7c8d8c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:32:10:43:07:61:c5:13:7f:4c:65:c6:f7:b1:f5:93:76:f8:
         5e:04:cb:0b:99:5d:86:cd:64:72:44:bb:d1:49:28:e9:aa:78:
         92:02:62:7b:62:22:9f:a2:b1:6a:be:fa:af:81:26:32:6e:d9:
         50:2b:8f:77:1b:d0:c5:ed:73:7d:a3:45:50:5f:ba:b0:76:2e:
         4a:a5:8f:d2:47:e6:2b:0d:b5:00:ed:7f:c8:4b:fd:86:69:9f:
         ba:06:f5:47:2c:eb:a7:ae:d5:24:ee:61:59:03:d6:6e:68:23:
         94:70:be:ad:66:dd:d8:94:5a:84:17:e4:87:33:62:7f:0e:10:
         b2:bb:23:99:13:1f:ee:8e:b2:f6:30:f2:5a:9b:35:f8:85:67:
         2e:5b:9f:87:0a:f5:c1:69:2d:0e:80:62:15:fa:f1:62:6b:c8:
         fa:01:d8:34:2a:44:d1:7f:59:a8:31:53:04:36:07:97:7a:1d:
         1f:c7:d1:f4:6d:ff:ba:01:d7:96:a7:cf:30:7c:7e:e3:c0:60:
         c7:51:7a:4b:97:fa:47:39:21:56:10:fe:da:8a:5e:a6:8d:48:
         1d:e9:8b:78:95:75:04:d9:11:c9:ba:75:ea:81:4d:60:6d:e7:
         b0:75:9e:57:48:b2:9f:8c:86:83:c1:56:07:e4:74:17:c5:63:
         98:2b:6f:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYp+PQdLT7zPWdRtQma4oKFJF/cMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIxMDAwMDAwWhcNMjMxMDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDg0OTcyNGE0ZDNkODlkM2QxM2QzZGRhMTk0YTcwNDUy
NjM4ZjcyMTM3ZmU0Zjc5MzhhOWQ0M2Y0MGQ1OGJkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC770dswORB3ubtUv7OVN0V5wDQxrUjsS4sqpba5Pzp0ATi
ebh6sLt20+sNG6saUyC7Yt9AdLN0fYpI7+4WEL05xKzO5aJ/WMR+Hmx82mm2/rGZ
MpPY4wQK07tAmYyFFvXmnxdfDDu/tF9ueMswMXkFpLgHKLa94W1p14GVpeTQrb8q
r3+o3QWDSoew8ey7hLpnUmkLwAktjG/vKYSMCBBrsx+GbsVUC9aQ1hUR9KL1TjDl
UbwCU95T3u2zu+Oa/mSp4f8D1yg7/DxnCozGiobYSktgyrBrq7E94PMx/D85iG68
FkgPIk19M8t/cPnVnDFNEJ/6wE0HvId5NxP5URvLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULTqb8XUyuKgNdv0Zkt7KHddl13EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJjOGFjOWU5LTAxYjQtNDUyMy05NGRmLTJmZGNiN2M4ZDhjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALIyEEMHYcUTf0xlxvex9ZN2+F4E
ywuZXYbNZHJEu9FJKOmqeJICYntiIp+isWq++q+BJjJu2VArj3cb0MXtc32jRVBf
urB2Lkqlj9JH5isNtQDtf8hL/YZpn7oG9Ucs66eu1STuYVkD1m5oI5Rwvq1m3diU
WoQX5IczYn8OELK7I5kTH+6OsvYw8lqbNfiFZy5bn4cK9cFpLQ6AYhX68WJryPoB
2DQqRNF/WagxUwQ2B5d6HR/H0fRt/7oB15anzzB8fuPAYMdRekuX+kc5IVYQ/tqK
XqaNSB3pi3iVdQTZEcm6deqBTWBt57B1nldIsp+MhoPBVgfkdBfFY5grb+c=
-----END CERTIFICATE-----