Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/491aecf2-9a93-4cc4-8a0f-65598a2a4361.roa
File:                     491aecf2-9a93-4cc4-8a0f-65598a2a4361.roa (raw, json)
Hash identifier:          XKEyvkl2zyjMarvYYbki4iYp6ZfB0UMgPMUlqhV93XU=
Subject key identifier:   4B:E4:F0:0E:7B:B2:E8:48:AC:18:B9:74:98:DA:32:93:3D:F9:99:FE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0E3121F3D3513DE16DEF384D96E18F6A14D22A8D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/491aecf2-9a93-4cc4-8a0f-65598a2a4361.roa
Signing time:             Wed 08 Nov 2023 00:00:00 +0000
ROA not before:           Wed 08 Nov 2023 00:00:00 +0000
ROA not after:            Wed 13 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:31:21:f3:d3:51:3d:e1:6d:ef:38:4d:96:e1:8f:6a:14:d2:2a:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  8 00:00:00 2023 GMT
            Not After : Dec 13 23:59:59 2023 GMT
        Subject: serialNumber=199da4aa55ae035221a0956b5007714e2a122ad171e9c785e52bd9951018eed5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:36:66:4b:1f:2c:7e:5c:93:90:4c:4c:57:b6:
                    c8:85:71:62:a1:22:93:f4:0e:91:b1:57:91:79:9f:
                    d0:4d:70:fa:18:c8:6e:98:aa:9b:c9:12:7a:90:62:
                    3d:c9:eb:a3:ce:37:0a:16:76:77:6e:8a:5e:47:74:
                    8e:55:b1:28:6f:53:a1:98:0b:bc:ca:6d:9b:bf:ca:
                    cf:68:e2:ab:2c:16:bc:e3:06:47:18:93:88:2e:72:
                    97:c0:d1:3c:d7:d6:ce:cf:e6:54:2a:e8:cd:28:24:
                    1e:fd:c9:6c:49:b5:4d:03:8f:bd:71:d2:be:18:32:
                    e0:da:a1:85:bf:46:6e:5c:8e:4d:20:45:81:6c:c4:
                    60:8c:e8:95:fc:21:a5:c7:65:21:15:b6:35:74:a3:
                    47:2f:20:2c:cd:87:ec:72:19:5b:7f:87:47:08:9d:
                    12:79:82:eb:db:ce:e8:4b:04:07:91:d0:0d:48:53:
                    cf:3b:78:9c:ca:be:8b:24:a5:f0:ff:68:ae:80:43:
                    44:8a:a2:4f:bc:90:4e:1d:05:9b:3d:95:7c:5b:77:
                    33:1f:8a:90:74:61:00:d8:2c:8f:b7:38:3f:14:ee:
                    15:7f:85:3f:98:ea:dc:33:b7:8a:c0:da:0f:49:46:
                    6a:17:14:b6:f0:ae:1d:c6:7b:45:f4:0d:f0:28:06:
                    83:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:E4:F0:0E:7B:B2:E8:48:AC:18:B9:74:98:DA:32:93:3D:F9:99:FE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/491aecf2-9a93-4cc4-8a0f-65598a2a4361.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:4a:27:1a:43:17:80:11:3d:e7:73:ef:8f:a0:19:35:c8:e5:
         fa:cb:fa:f1:ce:35:0c:d8:78:90:7d:33:a4:eb:97:cf:ec:e5:
         ca:9f:3e:98:f2:5e:98:cf:14:9e:9d:61:b2:41:81:38:69:da:
         07:09:41:e7:d4:55:77:07:1c:38:87:4b:86:e5:7a:14:09:de:
         99:d1:09:34:f0:73:ea:a6:03:43:91:e0:ce:fc:fd:ea:d0:23:
         b4:c1:13:e0:83:69:69:59:8f:65:8a:62:38:51:94:1f:e4:3c:
         fe:81:e9:59:f2:43:b6:bf:11:40:84:c6:d1:cd:0b:25:2e:d4:
         1e:0a:fc:5b:99:23:92:d2:48:fc:62:45:14:a9:64:2c:f6:20:
         c6:00:68:fc:c4:cd:2e:bf:2c:e8:af:41:16:78:f1:2d:2a:60:
         3f:81:bd:08:ff:22:ad:70:93:f6:cf:bc:77:11:69:18:e8:94:
         85:e9:ca:bf:28:ae:23:3d:ae:86:58:bf:f7:a1:ea:07:83:ca:
         9a:e4:57:aa:b0:3b:e3:9d:8d:e5:c6:d7:f4:51:49:f3:8b:5d:
         07:c8:ff:62:19:62:58:4b:f3:40:8a:c5:d4:66:8a:81:e6:f7:
         b3:79:25:98:11:45:ca:de:0e:0e:26:ad:b8:07:ee:85:ce:ba:
         3a:18:07:34
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDjEh89NRPeFt7zhNluGPahTSKo0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA4MDAwMDAwWhcNMjMxMjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxOTlkYTRhYTU1YWUwMzUyMjFhMDk1NmI1MDA3NzE0ZTJh
MTIyYWQxNzFlOWM3ODVlNTJiZDk5NTEwMThlZWQ1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVNmZLHyx+XJOQTExXtsiFcWKhIpP0DpGxV5F5n9BNcPoY
yG6YqpvJEnqQYj3J66PONwoWdnduil5HdI5VsShvU6GYC7zKbZu/ys9o4qssFrzj
BkcYk4gucpfA0TzX1s7P5lQq6M0oJB79yWxJtU0Dj71x0r4YMuDaoYW/Rm5cjk0g
RYFsxGCM6JX8IaXHZSEVtjV0o0cvICzNh+xyGVt/h0cInRJ5guvbzuhLBAeR0A1I
U887eJzKvoskpfD/aK6AQ0SKok+8kE4dBZs9lXxbdzMfipB0YQDYLI+3OD8U7hV/
hT+Y6twzt4rA2g9JRmoXFLbwrh3Ge0X0DfAoBoNlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUS+TwDnuy6EisGLl0mNoykz35mf4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ5MWFlY2YyLTlhOTMtNGNjNC04YTBmLTY1NTk4YTJhNDM2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIRKJxpDF4ARPedz74+gGTXI5frL
+vHONQzYeJB9M6Trl8/s5cqfPpjyXpjPFJ6dYbJBgThp2gcJQefUVXcHHDiHS4bl
ehQJ3pnRCTTwc+qmA0OR4M78/erQI7TBE+CDaWlZj2WKYjhRlB/kPP6B6VnyQ7a/
EUCExtHNCyUu1B4K/FuZI5LSSPxiRRSpZCz2IMYAaPzEzS6/LOivQRZ48S0qYD+B
vQj/Iq1wk/bPvHcRaRjolIXpyr8oriM9roZYv/eh6geDyprkV6qwO+OdjeXG1/RR
SfOLXQfI/2IZYlhL80CKxdRmioHm97N5JZgRRcreDg4mrbgH7oXOujoYBzQ=
-----END CERTIFICATE-----