Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2f5924d7-6753-48de-a8b9-b69f836fbba0.roa
File:                     2f5924d7-6753-48de-a8b9-b69f836fbba0.roa (raw, json)
Hash identifier:          Gar1qYutu43K8EDBSVqokyPTpadRvzT29z2Adh6hVpQ=
Subject key identifier:   E9:9E:F4:91:D7:B2:63:AF:13:51:A4:81:7F:11:4E:C0:1B:AB:26:9C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0C08F9F3D8B69E5F60BFAEBCE064FDA397AA5094
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2f5924d7-6753-48de-a8b9-b69f836fbba0.roa
Signing time:             Tue 19 Dec 2023 00:00:00 +0000
ROA not before:           Tue 19 Dec 2023 00:00:00 +0000
ROA not after:            Tue 23 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:08:f9:f3:d8:b6:9e:5f:60:bf:ae:bc:e0:64:fd:a3:97:aa:50:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 19 00:00:00 2023 GMT
            Not After : Jan 23 23:59:59 2024 GMT
        Subject: serialNumber=af667d93ec905d9c9b208c503f37727a950c77fe50c7eb65c2d6fdae173edc62, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:11:fe:cc:b2:26:d4:46:3c:71:16:4c:f6:fc:
                    e8:29:e5:fc:5d:6a:cd:fa:14:ec:0b:e0:89:12:67:
                    62:cf:58:f6:f6:ef:0b:58:63:30:1b:8d:f2:ac:d2:
                    41:84:3e:9f:c7:b2:c2:b7:03:e6:d7:42:e1:f7:fa:
                    7a:2c:87:a0:2c:dd:97:05:33:f6:05:da:d6:06:f0:
                    7d:8c:ff:ff:6d:75:4a:04:12:06:3c:9b:b9:c8:27:
                    2b:58:37:6a:80:ea:42:07:41:01:9a:a5:28:ad:d4:
                    db:fc:27:49:b8:d7:46:ae:ea:55:f4:99:ff:44:72:
                    28:10:10:e8:ab:5a:cd:f4:44:30:c1:8d:28:d8:b6:
                    b0:4a:27:3a:e2:43:86:ea:1b:6b:86:2f:55:1a:10:
                    62:ef:c5:37:ac:05:cf:4c:02:a9:f5:48:9a:ad:eb:
                    9a:d6:30:78:19:d7:e5:17:05:82:56:f3:b8:54:43:
                    46:28:94:1d:8d:17:4b:fe:46:d7:5f:55:62:e7:65:
                    21:3c:43:22:4a:79:4e:70:d0:f8:e7:b9:b3:f2:8b:
                    57:87:10:78:d8:83:d6:d5:aa:92:c2:94:82:22:c7:
                    17:fd:78:63:1a:49:64:aa:77:ad:65:c8:d3:0a:98:
                    91:fe:9b:71:89:de:ef:85:3e:ea:f5:6c:a7:62:86:
                    c4:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:9E:F4:91:D7:B2:63:AF:13:51:A4:81:7F:11:4E:C0:1B:AB:26:9C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2f5924d7-6753-48de-a8b9-b69f836fbba0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:24:94:bf:21:a4:7d:4a:30:df:d4:7f:a9:5e:82:a2:a8:16:
         4f:a2:e3:8c:2e:1a:8b:40:4b:e1:25:e1:2f:fd:a7:55:04:32:
         86:df:e6:e2:1a:fa:52:bd:97:ae:ed:bb:15:e8:a2:8b:a7:50:
         46:73:17:d1:cb:dc:2d:fe:d0:c8:3e:b1:26:70:0a:2e:6c:16:
         dd:af:58:2e:2c:8f:b5:8d:91:a9:24:c2:5d:39:ee:29:d7:77:
         e2:f2:27:ca:54:68:2f:aa:fe:e1:b6:2e:f2:48:ff:7b:b8:5b:
         a2:23:91:65:c4:2f:37:db:b4:5a:26:65:dd:5d:6b:05:0c:15:
         d9:19:15:6c:e3:20:59:33:52:75:c0:66:30:87:ce:24:45:c6:
         d7:56:f8:68:ad:31:1c:ef:84:ab:70:c2:01:fa:32:39:c0:da:
         3f:fe:28:fa:66:a3:03:62:ff:da:cb:d1:eb:ca:c7:cb:68:e4:
         14:74:d4:71:dc:a4:83:cc:7a:8d:3f:21:52:2e:c0:37:2d:e2:
         76:35:3f:6d:19:72:b9:51:2e:87:00:62:0b:a6:52:f3:2f:1f:
         8b:ca:fb:81:56:74:06:32:bb:ef:58:b7:8a:f0:15:4a:ef:bf:
         c0:eb:24:df:10:dc:9c:c2:45:94:60:e5:5f:24:7b:56:ba:6f:
         70:03:e6:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDAj589i2nl9gv6684GT9o5eqUJQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjE5MDAwMDAwWhcNMjQwMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZjY2N2Q5M2VjOTA1ZDljOWIyMDhjNTAzZjM3NzI3YTk1
MGM3N2ZlNTBjN2ViNjVjMmQ2ZmRhZTE3M2VkYzYyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgEf7MsibURjxxFkz2/Ogp5fxdas36FOwL4IkSZ2LPWPb2
7wtYYzAbjfKs0kGEPp/HssK3A+bXQuH3+nosh6As3ZcFM/YF2tYG8H2M//9tdUoE
EgY8m7nIJytYN2qA6kIHQQGapSit1Nv8J0m410au6lX0mf9EcigQEOirWs30RDDB
jSjYtrBKJzriQ4bqG2uGL1UaEGLvxTesBc9MAqn1SJqt65rWMHgZ1+UXBYJW87hU
Q0YolB2NF0v+RtdfVWLnZSE8QyJKeU5w0PjnubPyi1eHEHjYg9bVqpLClIIixxf9
eGMaSWSqd61lyNMKmJH+m3GJ3u+FPur1bKdihsRFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6Z70kdeyY68TUaSBfxFOwBurJpwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJmNTkyNGQ3LTY3NTMtNDhkZS1hOGI5LWI2OWY4MzZmYmJhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJYklL8hpH1KMN/Uf6legqKoFk+i
44wuGotAS+El4S/9p1UEMobf5uIa+lK9l67tuxXooounUEZzF9HL3C3+0Mg+sSZw
Ci5sFt2vWC4sj7WNkakkwl057inXd+LyJ8pUaC+q/uG2LvJI/3u4W6IjkWXELzfb
tFomZd1dawUMFdkZFWzjIFkzUnXAZjCHziRFxtdW+GitMRzvhKtwwgH6MjnA2j/+
KPpmowNi/9rL0evKx8to5BR01HHcpIPMeo0/IVIuwDct4nY1P20ZcrlRLocAYgum
UvMvH4vK+4FWdAYyu+9Yt4rwFUrvv8DrJN8Q3JzCRZRg5V8ke1a6b3AD5vY=
-----END CERTIFICATE-----