Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3bd5aef5-8306-462f-8c6e-79ed2f535a4f.roa
File:                     3bd5aef5-8306-462f-8c6e-79ed2f535a4f.roa (raw, json)
Hash identifier:          4a50n25bdPei02UxuoJP8vzi7Z1cgI5PO8o/kqlfTb4=
Subject key identifier:   8B:15:EC:D3:7C:DD:4E:B3:0A:08:BE:30:C9:D7:60:55:78:00:71:47
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3A9C586CA7CEC8989D3837C2B4DA23FC4DDACE75
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3bd5aef5-8306-462f-8c6e-79ed2f535a4f.roa
Signing time:             Wed 09 Aug 2023 00:00:00 +0000
ROA not before:           Wed 09 Aug 2023 00:00:00 +0000
ROA not after:            Wed 13 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:9c:58:6c:a7:ce:c8:98:9d:38:37:c2:b4:da:23:fc:4d:da:ce:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  9 00:00:00 2023 GMT
            Not After : Sep 13 23:59:59 2023 GMT
        Subject: serialNumber=9adec3392a986a21e32a5cdd7660cd563112ef4b0df5235a83ef8bddcda9f56b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6f:b3:46:1b:42:67:0f:32:04:c7:b6:90:f9:
                    47:8f:66:5f:fd:26:ff:b2:4d:06:01:a0:34:03:73:
                    da:67:8e:44:29:81:09:48:51:62:50:88:73:f4:0c:
                    a7:bc:4f:14:8b:1e:ce:e9:96:16:39:cb:66:59:f2:
                    69:81:0e:c4:6f:e7:f6:75:64:f1:66:78:0a:df:2f:
                    4c:50:53:78:e0:d7:08:0b:e9:0e:ca:31:d6:b9:dc:
                    98:f9:34:41:d7:a8:08:29:1d:d7:5d:17:93:a8:7e:
                    7d:d2:23:ed:7f:33:c3:a0:b7:2f:29:ab:dd:d4:c5:
                    34:89:aa:78:30:14:b4:92:48:f2:ae:96:32:2f:c5:
                    e8:71:e6:9a:71:5b:32:0c:85:1e:b3:70:04:b3:8b:
                    9f:02:ed:30:3e:a4:9d:08:55:64:3f:d9:09:1f:a8:
                    78:0c:f1:f5:60:62:5a:8d:8a:b5:90:7b:22:b3:fd:
                    09:7c:09:85:fd:ab:9d:23:17:40:fd:30:6a:67:99:
                    36:66:b1:1b:c1:6d:f8:e6:e7:d9:60:6f:13:ef:f6:
                    7a:fc:df:ab:cb:8e:2c:05:a3:e6:97:9c:2f:7e:34:
                    56:f5:b4:64:02:e4:39:48:71:ff:d6:58:f8:c7:bd:
                    9f:67:bf:3c:c6:9a:75:ff:15:d5:d2:8d:b4:f5:14:
                    5a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:15:EC:D3:7C:DD:4E:B3:0A:08:BE:30:C9:D7:60:55:78:00:71:47
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3bd5aef5-8306-462f-8c6e-79ed2f535a4f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:e0:50:5c:c2:a9:a5:1c:4a:99:b0:98:34:9b:f6:ae:b7:4c:
         76:6a:5d:f1:e7:ac:1c:01:66:c0:25:f4:ed:8e:1e:6c:e0:73:
         aa:a9:e8:f7:d5:4b:9d:1b:7b:c5:df:cc:50:44:1c:b0:97:ea:
         ba:0e:e1:f9:0a:46:82:e0:a6:a5:78:3e:11:0e:8a:d9:9e:b3:
         53:2e:5e:be:74:a9:41:26:07:12:81:3e:8e:7b:7f:a4:14:85:
         e7:ac:9e:86:1e:a0:f7:a9:70:b2:4c:94:3b:b5:22:94:f6:1f:
         f5:c5:21:16:63:4f:63:c6:c8:51:4f:32:ef:a9:07:51:b8:3f:
         fc:f7:f2:e0:f1:e9:ca:9f:33:de:0b:c3:8a:af:87:98:25:e3:
         9e:2d:88:8e:3f:b1:37:14:40:1f:2e:0e:84:0d:8d:55:fd:24:
         d1:32:6e:de:3d:ab:39:fb:91:a6:02:64:47:49:96:ef:35:bb:
         c6:f6:d9:88:f7:80:15:cf:38:11:fd:21:02:be:fc:df:fa:40:
         47:52:d7:43:a2:2d:19:22:9c:62:5f:68:a7:40:84:e8:c3:d8:
         e7:0b:58:07:7b:28:51:08:1d:23:2e:67:da:ed:fd:64:70:a4:
         7a:36:2b:13:86:99:ed:fc:a1:57:65:7c:20:1a:19:35:1b:52:
         0c:3f:cc:60
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOpxYbKfOyJidODfCtNoj/E3aznUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODA5MDAwMDAwWhcNMjMwOTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YWRlYzMzOTJhOTg2YTIxZTMyYTVjZGQ3NjYwY2Q1NjMx
MTJlZjRiMGRmNTIzNWE4M2VmOGJkZGNkYTlmNTZiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAb7NGG0JnDzIEx7aQ+UePZl/9Jv+yTQYBoDQDc9pnjkQp
gQlIUWJQiHP0DKe8TxSLHs7plhY5y2ZZ8mmBDsRv5/Z1ZPFmeArfL0xQU3jg1wgL
6Q7KMda53Jj5NEHXqAgpHdddF5Oofn3SI+1/M8Ogty8pq93UxTSJqngwFLSSSPKu
ljIvxehx5ppxWzIMhR6zcASzi58C7TA+pJ0IVWQ/2QkfqHgM8fVgYlqNirWQeyKz
/Ql8CYX9q50jF0D9MGpnmTZmsRvBbfjm59lgbxPv9nr836vLjiwFo+aXnC9+NFb1
tGQC5DlIcf/WWPjHvZ9nvzzGmnX/FdXSjbT1FFqDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUixXs03zdTrMKCL4wyddgVXgAcUcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNiZDVhZWY1LTgzMDYtNDYyZi04YzZlLTc5ZWQyZjUzNWE0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB7gUFzCqaUcSpmwmDSb9q63THZq
XfHnrBwBZsAl9O2OHmzgc6qp6PfVS50be8XfzFBEHLCX6roO4fkKRoLgpqV4PhEO
itmes1MuXr50qUEmBxKBPo57f6QUheesnoYeoPepcLJMlDu1IpT2H/XFIRZjT2PG
yFFPMu+pB1G4P/z38uDx6cqfM94Lw4qvh5gl454tiI4/sTcUQB8uDoQNjVX9JNEy
bt49qzn7kaYCZEdJlu81u8b22Yj3gBXPOBH9IQK+/N/6QEdS10OiLRkinGJfaKdA
hOjD2OcLWAd7KFEIHSMuZ9rt/WRwpHo2KxOGme38oVdlfCAaGTUbUgw/zGA=
-----END CERTIFICATE-----