Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3b30cada-b950-4536-8b6b-a301df5550b1.roa
File:                     3b30cada-b950-4536-8b6b-a301df5550b1.roa (raw, json)
Hash identifier:          34uRvG9ahAzSc7VB+FAH4an3PAS+lI1a0g0ihX28mCM=
Subject key identifier:   43:58:E6:FA:AB:AA:DB:EE:BF:50:45:D6:07:53:E9:6E:45:FE:C0:AD
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0BEADEA232AAA184203773A633D2D811F406C81E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3b30cada-b950-4536-8b6b-a301df5550b1.roa
Signing time:             Sat 06 Jan 2024 00:00:00 +0000
ROA not before:           Sat 06 Jan 2024 00:00:00 +0000
ROA not after:            Sat 10 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:ea:de:a2:32:aa:a1:84:20:37:73:a6:33:d2:d8:11:f4:06:c8:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan  6 00:00:00 2024 GMT
            Not After : Feb 10 23:59:59 2024 GMT
        Subject: serialNumber=e26e03775bd275b03c32223b192278adf704adc080317a1f182741991a6e880b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e1:1f:1c:43:22:38:da:15:ce:46:79:cd:24:
                    b2:d0:f4:04:54:7e:34:79:bd:7d:60:31:1c:2f:ec:
                    56:f3:8e:9c:7c:94:bb:64:a0:d4:87:a6:e1:2a:bc:
                    08:f9:dd:a1:6d:08:9a:9b:97:8e:d8:20:3c:b1:01:
                    21:cd:0f:c4:19:96:78:c3:35:b0:76:28:08:00:65:
                    4e:45:b0:38:69:d2:72:f0:d6:4e:ad:8e:c6:30:52:
                    b5:8d:27:66:79:65:3f:03:57:9f:a5:7d:23:82:a1:
                    b3:7c:68:0c:37:07:94:32:5a:65:20:ca:6c:3e:af:
                    db:33:6d:1f:bf:7e:2d:c6:51:87:03:aa:63:45:af:
                    e9:4e:d9:e6:17:5b:32:7d:d2:ea:ce:93:d4:5f:69:
                    78:f5:15:e6:67:f8:01:0d:8c:60:11:f1:a4:10:cc:
                    b6:e6:1b:e6:fd:ec:2c:80:da:f6:5c:94:f8:db:ba:
                    3c:53:50:07:6b:63:c1:a5:99:b4:7c:16:fd:bb:39:
                    48:9b:1d:20:80:eb:06:97:36:1d:61:e2:90:d1:4d:
                    95:e6:74:fb:b6:58:ea:19:be:ca:c1:f5:8d:ab:80:
                    60:ec:b1:29:27:ad:5f:af:46:b8:7f:4e:3c:1e:85:
                    79:34:7d:2e:56:7d:37:33:96:7a:00:ba:48:4c:35:
                    fc:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:58:E6:FA:AB:AA:DB:EE:BF:50:45:D6:07:53:E9:6E:45:FE:C0:AD
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3b30cada-b950-4536-8b6b-a301df5550b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:73:53:49:c8:20:16:a5:db:99:bc:1a:15:7e:58:9e:ca:6e:
         c0:72:2f:f2:4d:aa:10:21:bb:b3:62:d5:90:0b:b6:0a:83:5f:
         99:d9:79:1d:2b:41:2e:dd:93:92:9d:d1:06:02:de:42:69:f6:
         01:21:e2:48:49:45:95:87:af:43:12:cb:ea:63:76:9f:c3:9f:
         75:71:91:d0:74:d3:69:99:83:3f:40:08:05:67:fa:55:cf:42:
         4d:e1:52:1e:4f:53:b4:fd:af:32:38:32:75:7f:6d:e0:f9:e5:
         7d:94:06:c1:28:a4:11:99:df:c8:5d:6b:ea:1e:a4:88:a4:c6:
         b7:03:80:78:80:03:2c:f2:7b:d3:95:c4:54:bb:cf:51:bc:df:
         03:42:3e:2a:62:a4:80:11:2b:76:c9:c4:a8:2e:1b:e8:0e:7f:
         91:f2:ef:97:1a:d6:e5:98:f5:0f:04:2b:3e:23:1f:21:7c:5e:
         ba:31:f9:84:18:db:29:eb:b7:0e:a7:c6:9d:a0:c0:8b:c4:ad:
         0a:99:d8:17:7b:58:59:d2:41:9d:fa:98:b9:81:c8:73:89:d0:
         02:7d:1e:65:fc:52:38:49:cc:f8:e2:27:c3:54:42:09:b3:51:
         b1:a6:d1:ff:8c:33:f5:0e:8e:25:4d:9b:fa:4a:78:51:b5:95:
         1b:b7:25:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC+reojKqoYQgN3OmM9LYEfQGyB4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTA2MDAwMDAwWhcNMjQwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMjZlMDM3NzViZDI3NWIwM2MzMjIyM2IxOTIyNzhhZGY3
MDRhZGMwODAzMTdhMWYxODI3NDE5OTFhNmU4ODBiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd4R8cQyI42hXORnnNJLLQ9ARUfjR5vX1gMRwv7Fbzjpx8
lLtkoNSHpuEqvAj53aFtCJqbl47YIDyxASHND8QZlnjDNbB2KAgAZU5FsDhp0nLw
1k6tjsYwUrWNJ2Z5ZT8DV5+lfSOCobN8aAw3B5QyWmUgymw+r9szbR+/fi3GUYcD
qmNFr+lO2eYXWzJ90urOk9RfaXj1FeZn+AENjGAR8aQQzLbmG+b97CyA2vZclPjb
ujxTUAdrY8GlmbR8Fv27OUibHSCA6waXNh1h4pDRTZXmdPu2WOoZvsrB9Y2rgGDs
sSknrV+vRrh/TjwehXk0fS5WfTczlnoAukhMNfwDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQ1jm+quq2+6/UEXWB1PpbkX+wK0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNiMzBjYWRhLWI5NTAtNDUzNi04YjZiLWEzMDFkZjU1NTBiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALFzU0nIIBal25m8GhV+WJ7KbsBy
L/JNqhAhu7Ni1ZALtgqDX5nZeR0rQS7dk5Kd0QYC3kJp9gEh4khJRZWHr0MSy+pj
dp/Dn3VxkdB002mZgz9ACAVn+lXPQk3hUh5PU7T9rzI4MnV/beD55X2UBsEopBGZ
38hda+oepIikxrcDgHiAAyzye9OVxFS7z1G83wNCPipipIARK3bJxKguG+gOf5Hy
75ca1uWY9Q8EKz4jHyF8Xrox+YQY2ynrtw6nxp2gwIvErQqZ2Bd7WFnSQZ36mLmB
yHOJ0AJ9HmX8UjhJzPjiJ8NUQgmzUbGm0f+MM/UOjiVNm/pKeFG1lRu3Jf8=
-----END CERTIFICATE-----