Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/384ee705-5341-4331-bf66-f52c1dc9ce30.roa
File:                     384ee705-5341-4331-bf66-f52c1dc9ce30.roa (raw, json)
Hash identifier:          rRtVzpgpUNnpuvVPU0bKnECyx5nR1fRogIXU9+xtuh4=
Subject key identifier:   94:9C:9D:33:0F:12:7B:8E:AF:BD:01:10:3F:77:06:C0:77:25:66:C3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       112949357155EE51B5CFF4256F140DC01773FC4D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/384ee705-5341-4331-bf66-f52c1dc9ce30.roa
Signing time:             Wed 27 Sep 2023 00:00:00 +0000
ROA not before:           Wed 27 Sep 2023 00:00:00 +0000
ROA not after:            Wed 01 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:29:49:35:71:55:ee:51:b5:cf:f4:25:6f:14:0d:c0:17:73:fc:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 27 00:00:00 2023 GMT
            Not After : Nov  1 23:59:59 2023 GMT
        Subject: serialNumber=f5a9ab21326ca5dd17bf69eae3555e9598f43541ac8907ebea476bac1e08a535, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:4f:cc:4a:dd:4f:63:3b:3b:c7:5e:68:4c:91:
                    3c:37:59:d7:68:2b:09:6f:51:ac:a4:3d:fa:60:03:
                    6e:dd:74:4e:74:96:55:42:59:7f:6e:eb:ae:7d:7f:
                    5c:19:24:b7:31:09:50:a6:e2:e6:f2:7f:d6:81:ac:
                    37:5e:3b:20:21:24:a4:d3:5f:2e:e4:b1:5e:21:3e:
                    aa:5e:44:d5:1a:a7:11:c4:dc:b3:39:7f:4c:ae:6d:
                    fe:b0:c7:45:b5:b9:c2:4e:2d:e7:2f:3c:61:4d:6a:
                    6a:84:18:f6:27:0c:13:9f:96:4e:b5:ff:d1:7f:69:
                    53:ba:43:f7:83:4b:3c:9a:2c:ca:d4:ee:62:9f:78:
                    48:ef:bd:43:a6:4b:75:21:ce:b4:e4:f9:62:59:c1:
                    4f:e3:5e:d0:29:11:cb:b6:20:3d:02:e6:90:03:81:
                    c0:b2:27:79:11:8e:7d:29:68:d3:ee:ca:79:43:b6:
                    f5:86:c5:ea:60:55:4d:74:12:a7:7f:12:b3:2f:ac:
                    19:32:fe:10:55:e3:41:42:4d:65:90:3a:e0:c1:ce:
                    ce:2e:7f:77:e5:46:ed:28:82:96:9b:2a:1e:c4:d6:
                    4d:c7:85:5e:80:b1:df:30:83:a2:d5:88:a8:66:ec:
                    dc:33:02:80:fe:b8:f2:c7:4f:b1:e8:12:3c:cf:e3:
                    0a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:9C:9D:33:0F:12:7B:8E:AF:BD:01:10:3F:77:06:C0:77:25:66:C3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/384ee705-5341-4331-bf66-f52c1dc9ce30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:d1:d8:15:cb:4e:61:7e:49:bb:00:63:f7:de:19:cb:1b:ae:
         8c:64:4f:dd:2e:f5:ac:8e:36:10:01:f5:01:28:d5:c7:e1:e9:
         7a:a0:a3:0d:5e:f4:e6:9a:1f:cc:b7:4a:5c:05:c8:04:be:a1:
         9b:27:a7:1c:cd:a9:91:c2:3c:97:19:7f:66:a2:92:dc:a9:46:
         7e:d3:fd:a3:bb:b6:e0:05:d0:45:53:61:1c:c7:8e:14:82:61:
         9b:de:8f:af:d7:d3:2d:2e:c5:e9:88:73:3e:2d:b4:4f:01:13:
         50:1d:a7:76:b3:85:42:2b:c9:90:c9:b3:5b:11:9e:5e:bc:34:
         20:c6:ec:ca:ef:4f:c4:18:df:58:d9:37:96:76:67:5c:cc:27:
         09:02:2c:99:f4:ec:0a:96:e3:c4:b5:a5:72:9a:76:e7:c5:52:
         5a:eb:65:d1:7c:3b:9a:e8:10:ae:18:70:71:2f:70:2a:4f:36:
         9a:5e:08:59:2d:11:db:e9:61:db:6f:8a:96:ac:63:4f:e6:7c:
         3e:c8:3b:a3:77:ee:3f:4b:26:22:0e:37:ba:63:00:cb:6f:3e:
         48:0b:4d:c7:e9:23:26:f7:26:8b:10:cf:b2:10:c7:f1:f2:00:
         64:6c:78:80:9a:a3:a2:27:16:3a:b0:a3:d3:1a:f5:4c:14:71:
         be:9a:95:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUESlJNXFV7lG1z/QlbxQNwBdz/E0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI3MDAwMDAwWhcNMjMxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNWE5YWIyMTMyNmNhNWRkMTdiZjY5ZWFlMzU1NWU5NTk4
ZjQzNTQxYWM4OTA3ZWJlYTQ3NmJhYzFlMDhhNTM1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdT8xK3U9jOzvHXmhMkTw3WddoKwlvUaykPfpgA27ddE50
llVCWX9u6659f1wZJLcxCVCm4ubyf9aBrDdeOyAhJKTTXy7ksV4hPqpeRNUapxHE
3LM5f0yubf6wx0W1ucJOLecvPGFNamqEGPYnDBOflk61/9F/aVO6Q/eDSzyaLMrU
7mKfeEjvvUOmS3UhzrTk+WJZwU/jXtApEcu2ID0C5pADgcCyJ3kRjn0paNPuynlD
tvWGxepgVU10Eqd/ErMvrBky/hBV40FCTWWQOuDBzs4uf3flRu0ogpabKh7E1k3H
hV6Asd8wg6LViKhm7NwzAoD+uPLHT7HoEjzP4woJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlJydMw8Se46vvQEQP3cGwHclZsMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM4NGVlNzA1LTUzNDEtNDMzMS1iZjY2LWY1MmMxZGM5Y2UzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHfR2BXLTmF+SbsAY/feGcsbroxk
T90u9ayONhAB9QEo1cfh6Xqgow1e9OaaH8y3SlwFyAS+oZsnpxzNqZHCPJcZf2ai
ktypRn7T/aO7tuAF0EVTYRzHjhSCYZvej6/X0y0uxemIcz4ttE8BE1Adp3azhUIr
yZDJs1sRnl68NCDG7MrvT8QY31jZN5Z2Z1zMJwkCLJn07AqW48S1pXKadufFUlrr
ZdF8O5roEK4YcHEvcCpPNppeCFktEdvpYdtvipasY0/mfD7IO6N37j9LJiION7pj
AMtvPkgLTcfpIyb3JosQz7IQx/HyAGRseICao6InFjqwo9Ma9UwUcb6alfg=
-----END CERTIFICATE-----