Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2d7d2fd0-a9a0-4386-b890-775097ed487b.roa
File:                     2d7d2fd0-a9a0-4386-b890-775097ed487b.roa (raw, json)
Hash identifier:          0G6+jPNhcZqzAW2l9+86XKq7OeTKMsZe+Yt+PvSANFI=
Subject key identifier:   CF:BA:8A:42:43:59:88:43:C7:42:E8:9C:36:92:86:EE:EB:CA:41:2B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       388D9D86337E7BBDE41D3145F87E823E6AC2B8F1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2d7d2fd0-a9a0-4386-b890-775097ed487b.roa
Signing time:             Mon 16 Oct 2023 00:00:00 +0000
ROA not before:           Mon 16 Oct 2023 00:00:00 +0000
ROA not after:            Mon 20 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:8d:9d:86:33:7e:7b:bd:e4:1d:31:45:f8:7e:82:3e:6a:c2:b8:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 16 00:00:00 2023 GMT
            Not After : Nov 20 23:59:59 2023 GMT
        Subject: serialNumber=1b45c054949550e2d66de62388be3968c46eaebcbc455b8fd42075bab2c7aaad, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e8:06:7c:e6:b2:2b:b7:47:5c:67:90:e2:4b:
                    e3:82:0a:15:02:76:4d:63:f6:9a:03:bf:32:29:22:
                    e5:28:2e:3c:5d:2f:c2:ed:96:5e:a1:68:20:ef:40:
                    88:c4:dd:1b:9a:68:88:b1:0d:87:cb:e9:eb:9d:08:
                    30:8e:16:0b:32:58:72:45:69:3f:30:f4:81:b0:8d:
                    19:20:4a:1c:50:ba:b4:76:a6:69:d8:d9:7d:ff:22:
                    61:b6:24:07:f7:3f:4b:b3:cd:1c:35:c6:30:63:08:
                    ee:0c:1e:59:14:c1:bf:a2:ac:62:55:e6:4a:d3:30:
                    4c:91:ce:6c:17:2e:0c:6a:33:1d:03:04:bb:74:c7:
                    6d:85:2f:07:61:46:a7:63:5b:ed:3e:5c:cc:33:bf:
                    b8:6d:dc:86:4d:76:86:94:d9:f4:1e:bd:c6:f2:b2:
                    d6:f9:51:b1:43:e3:bb:50:0e:a5:93:a1:9f:fb:a4:
                    6a:c6:79:54:14:bc:51:b5:d5:c3:84:9a:e7:bc:95:
                    e8:7d:ec:a5:18:f9:d8:99:cb:e4:85:71:04:21:a7:
                    a9:2d:ed:d7:d7:4d:56:4e:22:63:57:c6:2d:ff:6d:
                    02:64:bf:ff:5c:2e:71:cf:ef:f4:d2:ac:ea:b4:8f:
                    ef:da:a1:ca:ac:dd:4c:53:19:48:25:9a:51:86:26:
                    33:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:BA:8A:42:43:59:88:43:C7:42:E8:9C:36:92:86:EE:EB:CA:41:2B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2d7d2fd0-a9a0-4386-b890-775097ed487b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:42:85:6c:56:47:28:6b:57:dd:6e:bd:62:62:8f:3e:e5:41:
         dc:df:95:0c:54:a0:91:da:47:63:1d:61:69:1d:bd:2b:5a:71:
         be:33:17:41:79:45:65:88:54:69:d8:aa:59:6c:f0:89:e8:66:
         82:4f:41:6c:5c:8f:c4:69:a9:cc:06:2d:48:48:e4:ef:d4:09:
         d8:30:04:86:cf:01:f4:e8:e2:0f:50:a3:64:0f:4f:53:cf:88:
         c2:2f:9e:c7:47:c9:5d:64:84:75:1a:e6:e8:93:06:85:33:9a:
         30:71:76:f8:f3:ef:0e:be:14:e8:9d:5e:5a:ed:fb:8f:d3:70:
         dd:bf:71:c1:d1:a9:c0:40:2c:dd:41:76:28:6f:c0:bd:f8:8a:
         ee:a8:6e:b8:e1:33:44:bc:a3:94:32:c8:46:39:d3:c3:35:b7:
         c1:58:2a:cd:e7:72:50:c7:9f:8d:54:a6:21:9c:dd:e4:79:c1:
         bb:b5:90:45:bd:08:3f:78:36:16:dc:f8:b7:ed:5a:56:3a:fe:
         8b:ec:24:f2:7c:c2:f8:dd:5e:d8:b0:d1:41:c3:be:26:f3:0e:
         74:28:0d:3b:40:df:af:c4:74:96:a1:23:ed:0a:1d:f5:58:ea:
         73:85:98:a7:88:96:41:29:80:c0:a0:51:1c:ef:86:f8:60:16:
         cf:99:c8:1d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOI2dhjN+e73kHTFF+H6CPmrCuPEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE2MDAwMDAwWhcNMjMxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYjQ1YzA1NDk0OTU1MGUyZDY2ZGU2MjM4OGJlMzk2OGM0
NmVhZWJjYmM0NTViOGZkNDIwNzViYWIyYzdhYWFkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ6AZ85rIrt0dcZ5DiS+OCChUCdk1j9poDvzIpIuUoLjxd
L8Ltll6haCDvQIjE3RuaaIixDYfL6eudCDCOFgsyWHJFaT8w9IGwjRkgShxQurR2
pmnY2X3/ImG2JAf3P0uzzRw1xjBjCO4MHlkUwb+irGJV5krTMEyRzmwXLgxqMx0D
BLt0x22FLwdhRqdjW+0+XMwzv7ht3IZNdoaU2fQevcbystb5UbFD47tQDqWToZ/7
pGrGeVQUvFG11cOEmue8leh97KUY+diZy+SFcQQhp6kt7dfXTVZOImNXxi3/bQJk
v/9cLnHP7/TSrOq0j+/aocqs3UxTGUglmlGGJjMhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUz7qKQkNZiEPHQuicNpKG7uvKQSswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJkN2QyZmQwLWE5YTAtNDM4Ni1iODkwLTc3NTA5N2VkNDg3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABhChWxWRyhrV91uvWJijz7lQdzf
lQxUoJHaR2MdYWkdvStacb4zF0F5RWWIVGnYqlls8InoZoJPQWxcj8RpqcwGLUhI
5O/UCdgwBIbPAfTo4g9Qo2QPT1PPiMIvnsdHyV1khHUa5uiTBoUzmjBxdvjz7w6+
FOidXlrt+4/TcN2/ccHRqcBALN1BdihvwL34iu6obrjhM0S8o5QyyEY508M1t8FY
Ks3nclDHn41UpiGc3eR5wbu1kEW9CD94Nhbc+LftWlY6/ovsJPJ8wvjdXtiw0UHD
vibzDnQoDTtA36/EdJahI+0KHfVY6nOFmKeIlkEpgMCgURzvhvhgFs+ZyB0=
-----END CERTIFICATE-----