Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/313454fd-59bc-4d22-a6d0-5cf5b9ea1456.roa
File:                     313454fd-59bc-4d22-a6d0-5cf5b9ea1456.roa (raw, json)
Hash identifier:          +1F5Gwf/gWACQTJrMrF0F0r0UvtFAQlnphHaWPF5Y0M=
Subject key identifier:   8F:68:39:6D:38:C7:FB:9E:0F:65:F8:41:FE:F9:C6:2F:FB:B9:8C:E7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       51CCCE8B8EDB22707EECB1135F273B95E30E31FE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/313454fd-59bc-4d22-a6d0-5cf5b9ea1456.roa
Signing time:             Fri 10 Nov 2023 00:00:00 +0000
ROA not before:           Fri 10 Nov 2023 00:00:00 +0000
ROA not after:            Fri 15 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:cc:ce:8b:8e:db:22:70:7e:ec:b1:13:5f:27:3b:95:e3:0e:31:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 10 00:00:00 2023 GMT
            Not After : Dec 15 23:59:59 2023 GMT
        Subject: serialNumber=813f30b6afb1437bc73f011ae1e495da2f36447d75411bb1281568112a70aade, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:e2:f3:a7:e4:b1:a0:70:cc:38:77:d4:a4:b5:
                    72:9f:eb:08:31:17:9e:16:4c:26:9f:63:23:ea:d5:
                    25:bf:57:df:f4:5d:66:40:5b:1f:f5:9b:02:e3:35:
                    50:ab:e9:d9:1b:30:f9:c0:2e:3b:2d:1f:ae:be:81:
                    26:69:cb:28:3a:db:3e:fb:30:19:6a:ca:b0:2f:ed:
                    0e:5a:c3:89:bb:fd:e2:5b:c2:bc:80:d2:e9:76:b2:
                    e4:d1:99:ce:13:2c:be:82:e6:f1:78:7c:b2:7f:ce:
                    7e:21:8b:ca:e8:e0:bc:aa:23:06:ac:ad:11:68:a4:
                    15:e6:72:86:b3:35:0e:4e:7a:4b:d6:36:57:11:e4:
                    63:c4:2b:cd:6a:1f:5b:ac:3e:34:7f:96:a0:64:97:
                    da:55:48:16:d0:67:e8:c8:0f:92:e1:01:61:99:7c:
                    4f:56:62:a7:29:cf:8d:a9:6b:e4:1a:3d:5d:05:f2:
                    c7:08:d7:52:45:8e:98:22:10:f4:1a:40:d1:43:5b:
                    7d:74:a0:56:1d:9a:25:76:d7:f0:f4:af:bc:8e:20:
                    5b:20:44:db:16:76:2a:12:45:89:fa:d5:d3:c1:3d:
                    e9:b1:fa:c7:82:91:cd:41:5e:f5:3e:e3:66:c4:3f:
                    50:56:e2:0b:67:da:8b:40:b8:3b:17:33:86:6e:d6:
                    c3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:68:39:6D:38:C7:FB:9E:0F:65:F8:41:FE:F9:C6:2F:FB:B9:8C:E7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/313454fd-59bc-4d22-a6d0-5cf5b9ea1456.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:a7:36:d3:4e:80:8a:d2:35:1e:88:31:82:9d:55:bf:6e:65:
         e4:0a:ed:60:29:08:0e:91:38:12:a6:65:36:8d:71:df:b7:f0:
         d4:d0:d1:7c:f7:a4:4b:c0:11:89:f1:4e:c9:9e:b6:31:98:45:
         c5:dc:99:33:7f:86:f5:0e:95:9c:3a:c6:5c:4f:6d:4d:32:2e:
         38:6f:c3:94:92:91:58:83:4a:73:71:61:17:7e:23:dc:53:94:
         01:90:1b:d3:4b:6f:77:a3:3b:2f:10:a5:90:8d:e9:76:a6:9e:
         35:af:1d:5f:e8:ab:57:dc:45:12:94:41:94:c6:30:df:e9:be:
         3c:fe:38:dc:56:70:11:04:18:9e:01:2f:7d:14:67:f3:4b:c5:
         6a:0e:e8:ec:07:82:32:c7:5f:0b:61:93:d6:f7:74:a1:09:4a:
         97:a1:0e:a4:61:19:7c:1b:ba:ff:d9:89:b6:38:ab:29:7e:67:
         32:65:46:44:02:07:d5:0c:56:0e:22:a3:da:1f:91:39:bb:55:
         7f:ac:4a:78:94:3f:dd:f1:8c:5e:8a:d0:28:fc:fa:e7:12:8e:
         69:95:70:6a:ed:d1:ea:c7:5c:5d:1d:11:63:70:28:ce:ee:79:
         e1:7f:57:08:0e:d8:38:45:d1:3a:85:d8:c6:2f:46:6d:90:9f:
         cd:4e:16:6d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUczOi47bInB+7LETXyc7leMOMf4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTEwMDAwMDAwWhcNMjMxMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MTNmMzBiNmFmYjE0MzdiYzczZjAxMWFlMWU0OTVkYTJm
MzY0NDdkNzU0MTFiYjEyODE1NjgxMTJhNzBhYWRlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDf4vOn5LGgcMw4d9SktXKf6wgxF54WTCafYyPq1SW/V9/0
XWZAWx/1mwLjNVCr6dkbMPnALjstH66+gSZpyyg62z77MBlqyrAv7Q5aw4m7/eJb
wryA0ul2suTRmc4TLL6C5vF4fLJ/zn4hi8ro4LyqIwasrRFopBXmcoazNQ5OekvW
NlcR5GPEK81qH1usPjR/lqBkl9pVSBbQZ+jID5LhAWGZfE9WYqcpz42pa+QaPV0F
8scI11JFjpgiEPQaQNFDW310oFYdmiV21/D0r7yOIFsgRNsWdioSRYn61dPBPemx
+seCkc1BXvU+42bEP1BW4gtn2otAuDsXM4Zu1sMzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUj2g5bTjH+54PZfhB/vnGL/u5jOcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMxMzQ1NGZkLTU5YmMtNGQyMi1hNmQwLTVjZjViOWVhMTQ1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHunNtNOgIrSNR6IMYKdVb9uZeQK
7WApCA6ROBKmZTaNcd+38NTQ0Xz3pEvAEYnxTsmetjGYRcXcmTN/hvUOlZw6xlxP
bU0yLjhvw5SSkViDSnNxYRd+I9xTlAGQG9NLb3ejOy8QpZCN6XamnjWvHV/oq1fc
RRKUQZTGMN/pvjz+ONxWcBEEGJ4BL30UZ/NLxWoO6OwHgjLHXwthk9b3dKEJSpeh
DqRhGXwbuv/ZibY4qyl+ZzJlRkQCB9UMVg4io9ofkTm7VX+sSniUP93xjF6K0Cj8
+ucSjmmVcGrt0erHXF0dEWNwKM7ueeF/VwgO2DhF0TqF2MYvRm2Qn81OFm0=
-----END CERTIFICATE-----