Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3a884e9f-1008-4511-ad2a-b334a6c95bea.roa
File:                     3a884e9f-1008-4511-ad2a-b334a6c95bea.roa (raw, json)
Hash identifier:          zuSM7YwqSGe1fiA/ixblbYKidugFZ2INEmYJP8JSsp0=
Subject key identifier:   A4:4C:0A:5A:96:DD:69:D1:B5:2E:74:1D:5F:1B:F8:D1:C6:B9:7B:25
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0A9F182B63A68E7CA5C12C4501C846CA0EF15EFA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3a884e9f-1008-4511-ad2a-b334a6c95bea.roa
Signing time:             Thu 14 Sep 2023 00:00:00 +0000
ROA not before:           Thu 14 Sep 2023 00:00:00 +0000
ROA not after:            Thu 19 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:9f:18:2b:63:a6:8e:7c:a5:c1:2c:45:01:c8:46:ca:0e:f1:5e:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 14 00:00:00 2023 GMT
            Not After : Oct 19 23:59:59 2023 GMT
        Subject: serialNumber=bda48742639ffd39865b057a0ede527d226b9fc44435d896cee616fc058bdd8b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:96:52:92:23:8d:86:de:59:f5:dd:1e:70:60:
                    bb:dd:8c:84:0e:90:29:6e:da:a6:13:0e:92:89:a9:
                    08:97:5c:45:f0:d1:b1:f2:d3:3e:d9:09:78:25:68:
                    60:17:19:47:a4:d6:a2:61:20:8e:c3:57:42:24:11:
                    0e:a7:0b:3e:b3:b8:ff:d7:2c:96:f8:a0:28:ed:0c:
                    57:61:63:d0:8b:ef:6f:98:ee:80:1f:d5:e6:57:d3:
                    d7:b7:5e:4c:d0:0a:1f:4a:90:af:0d:59:92:40:af:
                    1f:c3:48:1f:ed:61:9a:46:f1:d7:67:d1:38:49:d0:
                    47:14:e7:7d:60:73:b2:a4:d5:46:f0:02:b8:1b:6d:
                    17:91:a4:34:68:b1:67:38:5a:d6:9e:3e:6d:33:6f:
                    ff:be:d8:ea:f1:66:40:03:47:b5:7a:c3:14:73:c1:
                    3e:02:c3:96:d6:77:9b:56:8e:3b:14:22:c9:bd:7c:
                    47:90:fa:76:13:f5:3e:ff:97:5b:eb:5d:c6:f3:6a:
                    39:83:df:4e:03:57:50:64:71:e5:1a:fe:88:3d:74:
                    17:67:06:10:b0:a4:13:eb:22:be:8f:bc:14:f4:1b:
                    8f:21:8b:79:dd:29:98:56:d8:41:ac:67:e6:cb:2f:
                    e9:01:cb:31:2d:37:4a:c4:65:3f:e3:a9:20:5e:88:
                    b2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:4C:0A:5A:96:DD:69:D1:B5:2E:74:1D:5F:1B:F8:D1:C6:B9:7B:25
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3a884e9f-1008-4511-ad2a-b334a6c95bea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ea:a8:36:d9:de:f1:a4:4a:8f:7b:20:41:d5:4d:5c:13:1b:
         ff:c3:34:30:e4:9f:3c:fb:0d:f5:c3:88:75:ce:e2:49:33:ee:
         7c:9e:a6:13:2c:df:76:0b:8f:5d:65:6b:da:7f:01:c2:41:60:
         e2:f3:16:c1:9b:48:3c:2c:dc:dd:e6:3f:1d:24:c3:70:28:38:
         c6:9b:7d:6c:80:a6:ef:a8:60:56:7f:76:fb:03:95:d7:64:b4:
         a0:29:c8:f5:87:81:86:d8:7c:e3:3d:09:30:94:b5:0a:5f:92:
         be:ac:50:d6:9b:26:0d:7f:77:0f:ca:2f:18:8b:01:68:c5:fe:
         34:94:56:cc:09:73:8e:1b:86:df:49:d8:69:f9:85:bb:73:bd:
         a6:2c:ae:18:7a:5b:85:ae:09:fb:c8:63:69:65:c6:dc:a5:b9:
         6b:63:d8:d9:b1:b9:6f:ae:34:c4:31:43:7d:7e:d5:02:b8:3e:
         ca:20:87:94:90:22:d6:69:dd:14:b5:dd:05:f8:7d:92:48:d8:
         fb:55:3f:f8:0d:da:23:ec:42:c9:a7:72:b8:a1:89:a5:43:8d:
         a0:5d:ae:97:16:fd:3b:ac:67:e5:02:bc:53:44:ea:d6:44:f0:
         0a:a2:e3:44:2a:43:b4:bb:12:14:67:c5:c0:e3:ed:19:28:39:
         76:b9:27:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCp8YK2OmjnylwSxFAchGyg7xXvowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE0MDAwMDAwWhcNMjMxMDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZGE0ODc0MjYzOWZmZDM5ODY1YjA1N2EwZWRlNTI3ZDIy
NmI5ZmM0NDQzNWQ4OTZjZWU2MTZmYzA1OGJkZDhiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSllKSI42G3ln13R5wYLvdjIQOkClu2qYTDpKJqQiXXEXw
0bHy0z7ZCXglaGAXGUek1qJhII7DV0IkEQ6nCz6zuP/XLJb4oCjtDFdhY9CL72+Y
7oAf1eZX09e3XkzQCh9KkK8NWZJArx/DSB/tYZpG8ddn0ThJ0EcU531gc7Kk1Ubw
ArgbbReRpDRosWc4WtaePm0zb/++2OrxZkADR7V6wxRzwT4Cw5bWd5tWjjsUIsm9
fEeQ+nYT9T7/l1vrXcbzajmD304DV1BkceUa/og9dBdnBhCwpBPrIr6PvBT0G48h
i3ndKZhW2EGsZ+bLL+kByzEtN0rEZT/jqSBeiLLbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpEwKWpbdadG1LnQdXxv40ca5eyUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNhODg0ZTlmLTEwMDgtNDUxMS1hZDJhLWIzMzRhNmM5NWJlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGvqqDbZ3vGkSo97IEHVTVwTG//D
NDDknzz7DfXDiHXO4kkz7nyephMs33YLj11la9p/AcJBYOLzFsGbSDws3N3mPx0k
w3AoOMabfWyApu+oYFZ/dvsDlddktKApyPWHgYbYfOM9CTCUtQpfkr6sUNabJg1/
dw/KLxiLAWjF/jSUVswJc44bht9J2Gn5hbtzvaYsrhh6W4WuCfvIY2llxtyluWtj
2NmxuW+uNMQxQ31+1QK4Psogh5SQItZp3RS13QX4fZJI2PtVP/gN2iPsQsmncrih
iaVDjaBdrpcW/TusZ+UCvFNE6tZE8Aqi40QqQ7S7EhRnxcDj7RkoOXa5J0A=
-----END CERTIFICATE-----