Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/516c4550-8446-41b0-8335-9be67afd6eeb.roa
File:                     516c4550-8446-41b0-8335-9be67afd6eeb.roa (raw, json)
Hash identifier:          yS3nO/kOk9dJbw+2KMzqwQpXK0gaGhmvMork4VYtYnk=
Subject key identifier:   A0:16:2A:7F:25:98:84:0C:AD:4A:8B:B8:86:B8:34:B2:03:38:F3:0B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4E33D2A1329A6B59E3646BAE575556361BFE2E49
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/516c4550-8446-41b0-8335-9be67afd6eeb.roa
Signing time:             Sun 12 Nov 2023 00:00:00 +0000
ROA not before:           Sun 12 Nov 2023 00:00:00 +0000
ROA not after:            Sun 17 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:33:d2:a1:32:9a:6b:59:e3:64:6b:ae:57:55:56:36:1b:fe:2e:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 12 00:00:00 2023 GMT
            Not After : Dec 17 23:59:59 2023 GMT
        Subject: serialNumber=ef9a9896ed78c73b2c889c68aaf44cdafa422c362b025d5ed51adf3e22a8a563, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:87:aa:9e:ba:9c:32:aa:fb:82:1f:e2:ed:86:
                    6a:b6:03:5f:a2:90:ef:e5:88:a9:99:63:0f:54:86:
                    b5:71:d9:66:10:a2:0d:76:5a:19:be:d7:5d:c1:8b:
                    13:31:ac:5d:2d:e8:93:35:25:30:37:b0:c0:06:6e:
                    b6:b7:e3:b9:c3:09:20:c0:4a:62:00:82:30:57:6e:
                    4d:4c:97:ca:ff:5c:f8:dc:2d:9c:54:67:a7:5e:05:
                    e2:be:c4:08:58:07:01:19:32:2e:5f:55:6a:62:5b:
                    f3:4f:b3:ce:e4:8e:9b:8e:f0:5e:f3:e4:0b:ee:3f:
                    f5:84:7c:a0:6a:79:67:70:7a:38:ab:8b:7d:12:42:
                    71:e2:c4:ca:da:85:c0:45:d9:51:b8:dc:4a:c5:c4:
                    d0:6b:8c:0b:57:2a:9a:7f:bd:cb:5d:ab:33:90:82:
                    8a:c3:59:13:d8:25:46:f1:24:90:d9:35:44:73:cb:
                    88:b1:7f:53:bb:70:3a:88:4c:57:21:45:7f:d2:86:
                    e4:ad:48:8f:cf:ed:f3:a4:bb:2f:e1:bb:86:ed:73:
                    57:f4:66:e3:bc:53:e3:20:88:8f:eb:ff:d4:30:45:
                    e4:6e:1e:72:db:d4:f1:6a:83:eb:98:71:8d:f5:6e:
                    b3:75:78:89:4b:7f:a6:dc:5d:74:ef:e4:91:f0:86:
                    01:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:16:2A:7F:25:98:84:0C:AD:4A:8B:B8:86:B8:34:B2:03:38:F3:0B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/516c4550-8446-41b0-8335-9be67afd6eeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:e9:a0:39:d2:c9:81:14:d4:4d:91:7e:89:9c:1f:75:d4:c3:
         1f:fe:07:c5:df:e1:ff:4b:78:fb:e1:e1:2f:a2:4a:62:fe:71:
         c3:f1:2b:fe:3f:90:f5:83:d1:e9:b7:0e:77:d0:64:26:e2:1f:
         74:3b:3a:5f:2a:d0:b4:ee:e6:9c:71:d0:c6:2d:36:db:8a:df:
         31:a0:53:ae:ec:2c:1c:08:a8:88:48:01:83:25:18:57:ea:78:
         10:2e:eb:01:17:09:d0:8d:b1:32:d3:0d:ac:45:2e:88:a2:c8:
         89:4a:86:2c:1e:4d:90:8b:76:40:ab:c8:af:23:ea:cf:9d:f4:
         1b:3c:88:27:fa:2c:fd:5a:54:d8:0e:0a:b6:61:01:fc:e7:0d:
         a1:00:b0:e5:81:78:3a:ed:f3:b1:44:25:dd:a2:9f:8e:93:9f:
         4f:1f:79:20:10:5a:db:f7:0c:d3:a1:f9:05:fb:ea:58:e0:7b:
         22:ec:1a:9b:e4:8b:a9:58:6a:79:47:06:95:96:a8:af:60:41:
         36:26:17:a7:ab:5e:ae:dd:2d:07:34:69:8b:69:47:48:2a:7c:
         4e:f9:a6:1a:17:3a:cc:37:65:e3:30:18:67:d8:fb:ee:81:f5:
         fe:ad:20:73:95:fa:88:7d:e6:2e:e4:cc:9c:05:99:9d:7f:16:
         c4:78:5f:62
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTjPSoTKaa1njZGuuV1VWNhv+LkkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTEyMDAwMDAwWhcNMjMxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjlhOTg5NmVkNzhjNzNiMmM4ODljNjhhYWY0NGNkYWZh
NDIyYzM2MmIwMjVkNWVkNTFhZGYzZTIyYThhNTYzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLh6qeupwyqvuCH+Lthmq2A1+ikO/liKmZYw9UhrVx2WYQ
og12Whm+113BixMxrF0t6JM1JTA3sMAGbra347nDCSDASmIAgjBXbk1Ml8r/XPjc
LZxUZ6deBeK+xAhYBwEZMi5fVWpiW/NPs87kjpuO8F7z5AvuP/WEfKBqeWdwejir
i30SQnHixMrahcBF2VG43ErFxNBrjAtXKpp/vctdqzOQgorDWRPYJUbxJJDZNURz
y4ixf1O7cDqITFchRX/ShuStSI/P7fOkuy/hu4btc1f0ZuO8U+MgiI/r/9QwReRu
HnLb1PFqg+uYcY31brN1eIlLf6bcXXTv5JHwhgFLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoBYqfyWYhAytSou4hrg0sgM48wswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUxNmM0NTUwLTg0NDYtNDFiMC04MzM1LTliZTY3YWZkNmVlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJTpoDnSyYEU1E2RfomcH3XUwx/+
B8Xf4f9LePvh4S+iSmL+ccPxK/4/kPWD0em3DnfQZCbiH3Q7Ol8q0LTu5pxx0MYt
NtuK3zGgU67sLBwIqIhIAYMlGFfqeBAu6wEXCdCNsTLTDaxFLoiiyIlKhiweTZCL
dkCryK8j6s+d9Bs8iCf6LP1aVNgOCrZhAfznDaEAsOWBeDrt87FEJd2in46Tn08f
eSAQWtv3DNOh+QX76ljgeyLsGpvki6lYanlHBpWWqK9gQTYmF6erXq7dLQc0aYtp
R0gqfE75phoXOsw3ZeMwGGfY++6B9f6tIHOV+oh95i7kzJwFmZ1/FsR4X2I=
-----END CERTIFICATE-----