Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/32aaa01f-995d-4f0c-b001-966e8e9d1e01.roa
File:                     32aaa01f-995d-4f0c-b001-966e8e9d1e01.roa (raw, json)
Hash identifier:          HsSC1srFo2coS8yIXHmyEZ36f5UnlkosxB9kruUEtzM=
Subject key identifier:   34:04:2B:D8:96:D2:B3:2E:A7:58:F4:97:C1:35:D0:76:E0:06:F6:3C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       77E5FF1197E5E8EA87202EC36194DCB80E656E36
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/32aaa01f-995d-4f0c-b001-966e8e9d1e01.roa
Signing time:             Tue 26 Dec 2023 00:00:00 +0000
ROA not before:           Tue 26 Dec 2023 00:00:00 +0000
ROA not after:            Tue 30 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:e5:ff:11:97:e5:e8:ea:87:20:2e:c3:61:94:dc:b8:0e:65:6e:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 26 00:00:00 2023 GMT
            Not After : Jan 30 23:59:59 2024 GMT
        Subject: serialNumber=75e41feb8488b66909ac4de461ebe77c9bd8c4b5054e6544f31fa9d0216e0193, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:59:a2:c1:83:56:02:71:a2:97:3b:26:7b:b0:
                    14:89:5e:30:8e:a9:b5:c7:12:46:5e:98:17:1f:97:
                    cb:c6:7f:67:94:d2:c2:b2:a3:c5:f9:59:55:33:30:
                    35:12:09:11:fb:81:08:9d:ff:b8:c4:be:6a:03:87:
                    e6:7b:42:6f:d4:19:8e:a1:35:3e:97:70:cc:7b:58:
                    a8:10:7a:40:38:be:79:19:1b:8b:70:23:64:2c:a6:
                    e3:b5:7c:74:2f:31:ba:7f:c4:a3:06:b7:3f:71:3c:
                    b8:0c:99:b6:86:54:e6:43:aa:bb:0e:e2:c1:44:81:
                    8d:be:c6:43:45:52:8a:0f:6a:09:38:d9:f2:b8:01:
                    b9:00:76:a7:a9:00:ca:96:60:fc:e3:43:ce:ec:53:
                    40:05:ad:49:9f:2e:78:8b:8b:85:69:99:35:17:54:
                    25:87:14:0f:4d:83:26:5e:fb:5a:54:4d:b8:97:a5:
                    0e:82:a0:c8:b4:d1:31:67:2f:d8:6b:df:1b:27:7c:
                    d2:69:6b:cf:80:4b:79:54:87:93:4d:46:4e:8e:01:
                    72:d2:6c:18:3d:fd:e4:84:a5:cd:d4:74:dd:3c:87:
                    c3:fe:36:49:cf:9b:c0:be:09:64:1e:a0:58:7a:8e:
                    e2:2d:69:ae:f8:e7:b9:59:7c:2c:59:d2:30:a2:65:
                    c1:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:04:2B:D8:96:D2:B3:2E:A7:58:F4:97:C1:35:D0:76:E0:06:F6:3C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/32aaa01f-995d-4f0c-b001-966e8e9d1e01.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:f8:31:7a:36:92:44:31:13:fe:2a:78:f1:36:50:77:79:f9:
         ff:b4:86:b0:70:1d:39:13:8e:3f:52:66:88:f9:e4:a5:7d:76:
         03:4f:ee:bb:53:56:60:4c:65:83:7a:92:89:d0:ff:e6:ff:bd:
         87:d2:3a:bd:77:a0:1d:d4:48:67:8b:98:ba:ee:1f:8f:d6:30:
         8b:f0:43:cc:8c:7c:e5:72:d3:fc:c4:aa:a0:a7:83:c9:b6:59:
         58:13:e9:33:c4:c9:99:e2:7e:7b:1d:f8:5d:3d:74:68:9b:f7:
         82:9c:0e:68:38:94:af:69:32:8e:dc:a5:da:5b:3c:78:a3:39:
         92:64:32:f4:18:55:90:47:3a:e0:38:5b:40:8c:a9:8c:de:77:
         a4:01:16:58:9d:e0:98:d2:23:fe:20:07:e2:0c:df:f3:91:01:
         4e:1f:81:c7:b5:de:28:94:15:63:01:58:53:90:7b:1a:93:eb:
         96:c3:c9:42:f0:88:5d:fd:fe:b9:be:42:73:76:47:ba:c2:01:
         b1:bb:02:88:3a:20:dc:c5:b6:60:03:c4:23:9a:2f:0d:ef:ed:
         1b:d2:70:15:23:31:33:81:ba:4e:09:63:2b:15:89:8a:0d:3e:
         b0:d6:08:f5:63:d3:38:05:15:03:5a:2c:4b:45:88:f2:0c:28:
         f5:c8:49:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd+X/EZfl6OqHIC7DYZTcuA5lbjYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjI2MDAwMDAwWhcNMjQwMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NWU0MWZlYjg0ODhiNjY5MDlhYzRkZTQ2MWViZTc3Yzli
ZDhjNGI1MDU0ZTY1NDRmMzFmYTlkMDIxNmUwMTkzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLWaLBg1YCcaKXOyZ7sBSJXjCOqbXHEkZemBcfl8vGf2eU
0sKyo8X5WVUzMDUSCRH7gQid/7jEvmoDh+Z7Qm/UGY6hNT6XcMx7WKgQekA4vnkZ
G4twI2QspuO1fHQvMbp/xKMGtz9xPLgMmbaGVOZDqrsO4sFEgY2+xkNFUooPagk4
2fK4AbkAdqepAMqWYPzjQ87sU0AFrUmfLniLi4VpmTUXVCWHFA9NgyZe+1pUTbiX
pQ6CoMi00TFnL9hr3xsnfNJpa8+AS3lUh5NNRk6OAXLSbBg9/eSEpc3UdN08h8P+
NknPm8C+CWQeoFh6juItaa7457lZfCxZ0jCiZcHtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNAQr2JbSsy6nWPSXwTXQduAG9jwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMyYWFhMDFmLTk5NWQtNGYwYy1iMDAxLTk2NmU4ZTlkMWUwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJH4MXo2kkQxE/4qePE2UHd5+f+0
hrBwHTkTjj9SZoj55KV9dgNP7rtTVmBMZYN6konQ/+b/vYfSOr13oB3USGeLmLru
H4/WMIvwQ8yMfOVy0/zEqqCng8m2WVgT6TPEyZnifnsd+F09dGib94KcDmg4lK9p
Mo7cpdpbPHijOZJkMvQYVZBHOuA4W0CMqYzed6QBFlid4JjSI/4gB+IM3/ORAU4f
gce13iiUFWMBWFOQexqT65bDyULwiF39/rm+QnN2R7rCAbG7Aog6INzFtmADxCOa
Lw3v7RvScBUjMTOBuk4JYysViYoNPrDWCPVj0zgFFQNaLEtFiPIMKPXISZ4=
-----END CERTIFICATE-----