Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/504b24dc-821c-4340-8d57-77c907f7b54e.roa
File:                     504b24dc-821c-4340-8d57-77c907f7b54e.roa (raw, json)
Hash identifier:          KGxy3tOzb4Nkz26mGaI2h8fBZ93c7h8aIA3u07Xb3lg=
Subject key identifier:   D1:53:AD:94:C8:13:27:AA:CA:08:F0:A0:FF:B9:2D:72:3B:AF:14:6B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       05537E0B9B1E39043913D2819AD7EA7FC655B2E7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/504b24dc-821c-4340-8d57-77c907f7b54e.roa
Signing time:             Sat 25 Nov 2023 00:00:00 +0000
ROA not before:           Sat 25 Nov 2023 00:00:00 +0000
ROA not after:            Sat 30 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:53:7e:0b:9b:1e:39:04:39:13:d2:81:9a:d7:ea:7f:c6:55:b2:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 25 00:00:00 2023 GMT
            Not After : Dec 30 23:59:59 2023 GMT
        Subject: serialNumber=a18a6185259f65b565590fcbec1ac3e227f25117cd28cc5b908d1eb868d63c22, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f3:98:28:7a:60:3d:8e:ce:e1:93:09:1b:cf:
                    43:ed:b7:cd:b2:75:00:ef:26:44:a4:a1:ef:1d:f7:
                    90:f1:c4:06:a2:ca:5d:e5:ab:4c:eb:62:d1:bd:c6:
                    1a:a4:6f:c5:ed:b4:ff:9b:04:bb:d3:2e:28:e6:fa:
                    2e:ea:26:1a:b6:34:49:a1:55:69:29:77:56:15:37:
                    4c:a4:a1:1a:fe:d3:9c:a7:be:b0:15:ee:d7:ec:35:
                    dc:98:03:20:1f:9e:b4:7e:b0:fb:29:bd:c7:f3:2d:
                    7d:67:71:2a:f5:a0:ad:ca:43:70:42:66:96:10:8b:
                    fd:44:a1:15:86:e6:18:9f:4d:4b:9e:23:a4:1e:3a:
                    ee:77:0e:1e:17:92:58:c8:d3:4e:06:c1:6c:b5:59:
                    b6:8f:c8:c2:39:1a:5b:89:de:9a:42:0c:55:c0:0a:
                    a0:b1:21:a4:d1:f2:41:92:68:0f:46:55:38:11:76:
                    63:66:7f:34:f9:ef:09:7c:e1:ec:eb:b0:43:6f:98:
                    d2:d8:87:94:2d:1b:c0:49:0b:65:72:5f:ae:2b:f8:
                    8f:39:45:84:50:a3:81:08:6d:c0:d1:52:b9:ad:82:
                    3f:84:dc:d5:92:f5:d8:5f:88:54:4f:e8:a1:52:0b:
                    83:b2:19:54:f8:70:e7:7e:4f:e9:84:a7:20:fe:96:
                    af:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:53:AD:94:C8:13:27:AA:CA:08:F0:A0:FF:B9:2D:72:3B:AF:14:6B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/504b24dc-821c-4340-8d57-77c907f7b54e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:bd:46:95:d7:15:fc:e2:29:27:24:ac:d0:92:3f:ae:5c:b3:
         94:77:ed:1d:6c:6c:6c:41:7b:31:b3:b6:90:05:be:12:e8:d1:
         80:38:17:c7:d0:0d:6b:d7:56:f9:03:0d:f0:e3:ea:1d:4a:eb:
         69:30:13:0f:d4:ed:07:7e:67:bf:26:99:c4:73:d3:9f:b4:14:
         48:61:8f:9a:62:b2:f2:47:cb:53:65:af:91:21:d7:33:a2:94:
         e8:d4:99:be:b4:6a:54:de:43:d2:27:92:43:5d:c6:88:03:e7:
         30:c4:41:cc:e9:2b:a2:88:4b:b1:ce:f5:c0:a6:98:76:a7:a9:
         3b:c9:10:c2:d5:27:6c:3c:c6:92:48:d3:74:8c:7f:c4:8a:ae:
         7c:ce:d6:29:3a:02:0c:52:9f:ef:79:f0:93:15:9c:f5:a3:07:
         f6:8c:67:e4:10:0b:56:53:ba:73:1a:20:6e:24:ec:f5:5f:69:
         79:be:6e:c9:34:44:1e:85:71:58:1b:75:31:93:c6:55:2b:e2:
         61:3c:ae:9d:cf:d1:d4:16:63:3d:58:33:c5:d0:49:6c:57:59:
         b7:29:71:a7:fd:e3:3d:d9:74:0a:46:cd:4a:cc:6f:15:c5:e3:
         3c:bf:6a:57:0e:33:f4:78:4d:be:80:a1:4f:f5:35:d3:ec:bf:
         9f:62:94:2a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBVN+C5seOQQ5E9KBmtfqf8ZVsucwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTI1MDAwMDAwWhcNMjMxMjMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMThhNjE4NTI1OWY2NWI1NjU1OTBmY2JlYzFhYzNlMjI3
ZjI1MTE3Y2QyOGNjNWI5MDhkMWViODY4ZDYzYzIyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCp85goemA9js7hkwkbz0Ptt82ydQDvJkSkoe8d95DxxAai
yl3lq0zrYtG9xhqkb8XttP+bBLvTLijm+i7qJhq2NEmhVWkpd1YVN0ykoRr+05yn
vrAV7tfsNdyYAyAfnrR+sPspvcfzLX1ncSr1oK3KQ3BCZpYQi/1EoRWG5hifTUue
I6QeOu53Dh4XkljI004GwWy1WbaPyMI5GluJ3ppCDFXACqCxIaTR8kGSaA9GVTgR
dmNmfzT57wl84ezrsENvmNLYh5QtG8BJC2VyX64r+I85RYRQo4EIbcDRUrmtgj+E
3NWS9dhfiFRP6KFSC4OyGVT4cOd+T+mEpyD+lq8/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0VOtlMgTJ6rKCPCg/7ktcjuvFGswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUwNGIyNGRjLTgyMWMtNDM0MC04ZDU3LTc3YzkwN2Y3YjU0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFK9RpXXFfziKSckrNCSP65cs5R3
7R1sbGxBezGztpAFvhLo0YA4F8fQDWvXVvkDDfDj6h1K62kwEw/U7Qd+Z78mmcRz
05+0FEhhj5pisvJHy1Nlr5Eh1zOilOjUmb60alTeQ9InkkNdxogD5zDEQczpK6KI
S7HO9cCmmHanqTvJEMLVJ2w8xpJI03SMf8SKrnzO1ik6AgxSn+958JMVnPWjB/aM
Z+QQC1ZTunMaIG4k7PVfaXm+bsk0RB6FcVgbdTGTxlUr4mE8rp3P0dQWYz1YM8XQ
SWxXWbcpcaf94z3ZdApGzUrMbxXF4zy/alcOM/R4Tb6AoU/1NdPsv59ilCo=
-----END CERTIFICATE-----