Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/31e87f7e-0111-4c75-99b6-3058de3943ac.roa
File:                     31e87f7e-0111-4c75-99b6-3058de3943ac.roa (raw, json)
Hash identifier:          OQqI18v9rLTTXmkS9wr3f9P4SgZkICLhqiJDoSKcNa8=
Subject key identifier:   18:8B:D0:0A:6F:17:9E:3A:27:AF:C8:CE:05:53:35:FE:15:7D:0F:20
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0DF9EF6E7C990C49C5DE6E38664CA8F4B56ED7ED
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/31e87f7e-0111-4c75-99b6-3058de3943ac.roa
Signing time:             Fri 28 Jul 2023 00:00:00 +0000
ROA not before:           Fri 28 Jul 2023 00:00:00 +0000
ROA not after:            Fri 01 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:f9:ef:6e:7c:99:0c:49:c5:de:6e:38:66:4c:a8:f4:b5:6e:d7:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 28 00:00:00 2023 GMT
            Not After : Sep  1 23:59:59 2023 GMT
        Subject: serialNumber=f33f0e315e801b7097b2532ff35603b35df39c4317abb62a1c3efbfd20117b87, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c7:74:be:a6:e8:dd:93:28:83:56:1f:dd:1c:
                    c7:06:f3:74:aa:77:11:88:43:a2:1e:62:0b:4d:d8:
                    f6:30:6f:a1:fb:ef:b4:b8:f1:1e:6a:6a:cc:76:8a:
                    24:e3:9c:be:95:de:08:c2:2f:9a:c0:91:94:b2:c2:
                    7b:3a:5b:4a:51:23:76:df:ed:32:ad:07:e6:0b:42:
                    49:17:21:e0:76:74:75:5c:1e:37:7b:2e:c6:11:f3:
                    b9:3e:17:42:ff:35:25:29:93:1a:89:38:10:bb:7b:
                    ea:c0:ae:3f:e8:1a:0c:d7:13:6c:f6:23:3b:cf:41:
                    4e:f9:3e:2f:3a:fe:cb:f5:99:cd:15:6b:38:28:d8:
                    06:f9:15:cc:9e:49:b9:d3:5f:64:0e:1f:d3:c9:71:
                    b8:34:23:ee:3b:07:39:2a:d8:cd:9c:6b:54:cb:1c:
                    97:bf:e1:37:41:35:1c:e7:2c:07:99:06:e1:e2:87:
                    1f:2d:26:54:4f:43:8e:e4:36:b4:36:51:0c:e7:c9:
                    e2:1a:87:34:4a:81:80:49:4a:c5:a9:3f:b2:45:19:
                    85:6d:93:2d:48:ca:4c:55:03:85:da:7f:bc:74:dd:
                    43:09:5b:fe:21:a3:df:10:e8:9a:41:4b:8b:08:42:
                    d0:ef:b7:4c:c7:27:35:12:a7:90:15:f6:28:8c:f2:
                    d6:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:8B:D0:0A:6F:17:9E:3A:27:AF:C8:CE:05:53:35:FE:15:7D:0F:20
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/31e87f7e-0111-4c75-99b6-3058de3943ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:f4:c4:06:c4:64:49:4a:36:4a:1b:73:e9:b7:bd:7e:33:98:
         8d:ba:c5:95:78:3e:d9:30:57:0b:98:4d:8e:0a:14:14:d2:04:
         d3:fb:e2:ed:bf:53:98:e9:04:81:92:47:84:c5:56:c3:cb:21:
         d0:b7:58:b4:b9:53:bc:4a:93:84:1c:22:ed:bc:58:a8:36:75:
         a1:30:40:55:57:be:27:5d:10:5a:cd:c9:f4:bb:90:c7:b6:a1:
         4b:fe:d6:b9:d5:85:2d:ec:34:eb:75:bf:26:cf:de:8f:b8:3f:
         10:b0:b5:3b:e1:0d:4a:73:51:fb:e0:96:03:da:93:ec:ab:c7:
         84:41:d0:28:08:77:1b:3c:be:5f:3f:35:9c:1e:14:dd:bd:2b:
         af:1f:fb:26:70:0d:fe:3d:52:70:2c:a5:53:bb:76:94:b1:39:
         16:4f:b2:d6:8d:b1:2b:fd:86:cb:57:ec:29:b0:ee:47:42:b6:
         46:31:71:56:a2:38:8d:a3:73:51:96:b0:f2:eb:30:82:df:45:
         ac:e8:3c:ad:dd:8a:94:9e:e4:25:3f:36:a7:f0:40:0b:59:a2:
         36:b4:90:00:da:55:96:77:b3:5e:74:43:1e:06:2d:db:34:b6:
         da:ec:d2:91:50:6c:fa:0e:fd:7b:4c:0a:7e:df:55:09:89:c3:
         bd:67:f5:5e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDfnvbnyZDEnF3m44Zkyo9LVu1+0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzI4MDAwMDAwWhcNMjMwOTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMzNmMGUzMTVlODAxYjcwOTdiMjUzMmZmMzU2MDNiMzVk
ZjM5YzQzMTdhYmI2MmExYzNlZmJmZDIwMTE3Yjg3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYx3S+pujdkyiDVh/dHMcG83SqdxGIQ6IeYgtN2PYwb6H7
77S48R5qasx2iiTjnL6V3gjCL5rAkZSywns6W0pRI3bf7TKtB+YLQkkXIeB2dHVc
Hjd7LsYR87k+F0L/NSUpkxqJOBC7e+rArj/oGgzXE2z2IzvPQU75Pi86/sv1mc0V
azgo2Ab5FcyeSbnTX2QOH9PJcbg0I+47Bzkq2M2ca1TLHJe/4TdBNRznLAeZBuHi
hx8tJlRPQ47kNrQ2UQznyeIahzRKgYBJSsWpP7JFGYVtky1IykxVA4Xaf7x03UMJ
W/4ho98Q6JpBS4sIQtDvt0zHJzUSp5AV9iiM8tbBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGIvQCm8Xnjonr8jOBVM1/hV9DyAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMxZTg3ZjdlLTAxMTEtNGM3NS05OWI2LTMwNThkZTM5NDNhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABT0xAbEZElKNkobc+m3vX4zmI26
xZV4PtkwVwuYTY4KFBTSBNP74u2/U5jpBIGSR4TFVsPLIdC3WLS5U7xKk4QcIu28
WKg2daEwQFVXviddEFrNyfS7kMe2oUv+1rnVhS3sNOt1vybP3o+4PxCwtTvhDUpz
UfvglgPak+yrx4RB0CgIdxs8vl8/NZweFN29K68f+yZwDf49UnAspVO7dpSxORZP
staNsSv9hstX7Cmw7kdCtkYxcVaiOI2jc1GWsPLrMILfRazoPK3dipSe5CU/Nqfw
QAtZoja0kADaVZZ3s150Qx4GLds0ttrs0pFQbPoO/XtMCn7fVQmJw71n9V4=
-----END CERTIFICATE-----