Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/51e40cdf-d9be-4ac4-9b45-ba135c47be41.roa
File:                     51e40cdf-d9be-4ac4-9b45-ba135c47be41.roa (raw, json)
Hash identifier:          +mHVlMADVK8nmbhmQ8D2TRt+P+3UZ5BmavjxwXssE/Y=
Subject key identifier:   3D:AD:08:15:79:1F:36:86:CD:82:32:42:57:99:11:A2:FA:4A:72:1F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       302AC6025DE57E8B2CB69E8DCA760704FE559AF7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/51e40cdf-d9be-4ac4-9b45-ba135c47be41.roa
Signing time:             Sun 27 Aug 2023 00:00:00 +0000
ROA not before:           Sun 27 Aug 2023 00:00:00 +0000
ROA not after:            Sun 01 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:2a:c6:02:5d:e5:7e:8b:2c:b6:9e:8d:ca:76:07:04:fe:55:9a:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 27 00:00:00 2023 GMT
            Not After : Oct  1 23:59:59 2023 GMT
        Subject: serialNumber=7c0d5be22410308eb0ad5b98864e53b86c0a46cfbfbfdfb72bf4d02e7e146463, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:02:8b:45:c2:e8:c4:4d:1c:d9:a0:59:94:9a:
                    07:ef:b3:af:69:43:31:2f:33:da:0c:76:10:a5:9e:
                    b9:27:97:ce:5a:82:2b:ec:44:41:3f:09:08:1c:7a:
                    4d:a3:0b:70:30:de:d6:d2:0f:7e:82:eb:6e:2f:a3:
                    23:3d:a9:2d:aa:9d:c8:82:2a:68:d3:ea:e1:c2:81:
                    42:a4:53:d9:00:1a:aa:c4:df:11:35:b8:e6:d4:45:
                    e1:42:27:8d:d8:f4:5a:93:06:c0:c7:a8:a3:96:97:
                    4e:35:3d:7f:45:0e:05:cd:cb:50:2f:70:63:fc:95:
                    cc:7e:34:11:ac:de:76:b5:32:5e:f4:c2:87:06:46:
                    42:82:49:e1:8d:c4:5e:8b:68:68:37:40:a5:6b:f5:
                    0f:ed:2f:78:eb:19:82:48:67:72:f0:14:53:64:b9:
                    3b:1a:82:bf:d3:b2:be:6e:21:aa:76:18:c8:06:24:
                    b2:80:8b:0a:8d:e2:4a:94:4e:21:f2:fa:de:49:bf:
                    e2:2e:bf:79:a1:d9:9c:8c:4d:c6:7f:fd:40:c2:15:
                    3f:9b:d6:ae:9c:1e:16:2a:ae:63:e5:a4:ee:c9:e9:
                    8f:d9:59:de:c3:f1:57:15:78:26:6a:73:c1:1d:cf:
                    88:01:16:f9:90:01:0e:5f:bb:be:db:0c:ea:a3:5b:
                    b9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:AD:08:15:79:1F:36:86:CD:82:32:42:57:99:11:A2:FA:4A:72:1F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/51e40cdf-d9be-4ac4-9b45-ba135c47be41.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:eb:7a:de:74:2d:1a:bb:17:d1:21:d5:9d:e1:b8:44:8c:46:
         1d:dc:34:17:cf:f9:13:94:af:b7:4c:c0:e7:72:b7:4b:d8:d0:
         a7:a5:dc:6f:53:a3:9f:13:c2:f4:fa:45:0f:16:45:f8:4e:dd:
         e6:51:6a:cf:c4:70:f8:78:91:37:a7:5c:be:30:77:3f:89:e2:
         28:b8:b4:cf:ae:69:03:07:16:3d:68:fe:75:74:12:9b:57:1c:
         54:4c:80:fa:51:39:25:d7:bd:4b:0e:cf:27:18:5e:7a:07:8b:
         5d:5a:b2:da:b5:6b:38:5d:01:0a:40:6f:2f:07:1d:e7:6c:2c:
         ed:e2:32:51:59:74:b2:db:55:c1:9e:bd:14:f7:fa:76:bf:5d:
         92:b1:39:e9:95:95:95:ce:d0:ac:f2:fc:b5:8d:6d:f1:b4:98:
         96:88:c9:40:21:57:f4:ad:e9:d9:eb:cc:fd:7f:30:6b:d9:c9:
         33:95:3e:c7:7d:43:c3:cd:82:83:96:e4:27:cb:43:ed:58:30:
         a6:54:30:db:cd:d3:13:90:2d:25:75:1b:0d:1b:80:93:db:44:
         9e:46:60:32:ab:b6:42:12:69:38:8a:52:8a:1c:e2:a5:58:95:
         b9:31:3a:a0:6b:f8:2e:e0:da:12:d2:5c:f9:56:52:66:ef:51:
         d8:85:47:fd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMCrGAl3lfosstp6NynYHBP5VmvcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI3MDAwMDAwWhcNMjMxMDAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YzBkNWJlMjI0MTAzMDhlYjBhZDViOTg4NjRlNTNiODZj
MGE0NmNmYmZiZmRmYjcyYmY0ZDAyZTdlMTQ2NDYzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD8AotFwujETRzZoFmUmgfvs69pQzEvM9oMdhClnrknl85a
givsREE/CQgcek2jC3Aw3tbSD36C624voyM9qS2qnciCKmjT6uHCgUKkU9kAGqrE
3xE1uObUReFCJ43Y9FqTBsDHqKOWl041PX9FDgXNy1AvcGP8lcx+NBGs3na1Ml70
wocGRkKCSeGNxF6LaGg3QKVr9Q/tL3jrGYJIZ3LwFFNkuTsagr/Tsr5uIap2GMgG
JLKAiwqN4kqUTiHy+t5Jv+Iuv3mh2ZyMTcZ//UDCFT+b1q6cHhYqrmPlpO7J6Y/Z
Wd7D8VcVeCZqc8Edz4gBFvmQAQ5fu77bDOqjW7l1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPa0IFXkfNobNgjJCV5kRovpKch8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUxZTQwY2RmLWQ5YmUtNGFjNC05YjQ1LWJhMTM1YzQ3YmU0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHHret50LRq7F9Eh1Z3huESMRh3c
NBfP+ROUr7dMwOdyt0vY0Kel3G9To58TwvT6RQ8WRfhO3eZRas/EcPh4kTenXL4w
dz+J4ii4tM+uaQMHFj1o/nV0EptXHFRMgPpROSXXvUsOzycYXnoHi11astq1azhd
AQpAby8HHedsLO3iMlFZdLLbVcGevRT3+na/XZKxOemVlZXO0Kzy/LWNbfG0mJaI
yUAhV/St6dnrzP1/MGvZyTOVPsd9Q8PNgoOW5CfLQ+1YMKZUMNvN0xOQLSV1Gw0b
gJPbRJ5GYDKrtkISaTiKUooc4qVYlbkxOqBr+C7g2hLSXPlWUmbvUdiFR/0=
-----END CERTIFICATE-----