Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/52df7b43-8864-40c5-ac0e-28ebf887e17c.roa
File:                     52df7b43-8864-40c5-ac0e-28ebf887e17c.roa (raw, json)
Hash identifier:          lbHjHeKUaIWfggzuSI1JQ4uJ/sclXehhcouqCOUAPS4=
Subject key identifier:   FA:6D:46:E0:C8:A1:45:24:50:B3:FE:5E:07:55:B2:AD:E1:E7:C0:8B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       41FF59701A358AEAE50016DC699EC967C5035703
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/52df7b43-8864-40c5-ac0e-28ebf887e17c.roa
Signing time:             Sat 14 Oct 2023 00:00:00 +0000
ROA not before:           Sat 14 Oct 2023 00:00:00 +0000
ROA not after:            Sat 18 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:ff:59:70:1a:35:8a:ea:e5:00:16:dc:69:9e:c9:67:c5:03:57:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 14 00:00:00 2023 GMT
            Not After : Nov 18 23:59:59 2023 GMT
        Subject: serialNumber=c0570a63d8068f40a521b456c7dff31354c63e2eee77ff6854e58f2038c498e6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:20:ac:a1:cc:ae:f2:ee:ad:df:d8:3f:b8:f0:
                    3a:3c:9f:52:c8:29:19:9d:1b:74:08:9c:50:dc:70:
                    82:02:db:c3:d7:c6:49:f5:e7:97:d1:c5:9d:a3:f5:
                    32:d1:21:58:84:d3:fd:4f:fa:33:e6:23:6f:63:78:
                    32:f3:d2:09:c1:6b:93:01:60:2d:2b:1d:d7:cb:c8:
                    57:59:ea:06:41:7b:10:95:f6:7d:f7:ea:3e:cb:61:
                    0a:69:d7:95:cf:43:5a:77:05:dc:64:4d:3e:33:47:
                    37:ca:66:99:5f:9a:25:59:3c:79:38:41:a0:59:c1:
                    36:8b:9a:10:e9:11:69:9b:57:f6:2b:c3:19:f1:8f:
                    7f:44:e5:c0:ff:a4:4b:64:5c:55:eb:01:c2:3c:d2:
                    87:a7:7c:48:65:f5:11:bb:4d:36:ef:69:da:ca:d0:
                    59:a1:65:4e:36:d9:f2:5e:f1:56:36:1d:ec:c2:2e:
                    03:fd:31:95:09:42:a5:23:92:61:27:5f:c4:47:6a:
                    5f:f0:b2:0f:84:da:b7:68:8c:78:29:a3:d6:c0:3e:
                    33:b7:ac:c5:04:e2:63:5f:63:01:8a:22:dd:fd:7f:
                    9e:96:c6:c0:71:bb:d1:41:34:f3:08:55:ec:af:4c:
                    ff:69:a1:e5:6d:54:38:e7:67:35:c8:ca:8b:b0:b8:
                    6c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:6D:46:E0:C8:A1:45:24:50:B3:FE:5E:07:55:B2:AD:E1:E7:C0:8B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/52df7b43-8864-40c5-ac0e-28ebf887e17c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:ca:35:59:09:9f:40:4f:f2:fe:36:9f:53:01:df:1e:23:24:
         32:7a:ec:06:4d:cc:6a:2c:ad:c7:e2:f5:41:56:f8:63:65:3f:
         11:d1:b4:80:e5:30:4b:1d:60:94:b5:76:25:28:ed:4e:2b:e9:
         76:f7:3b:21:31:ab:ab:9d:7b:cb:b1:91:17:85:d7:ee:58:5a:
         f9:f1:57:10:75:8e:2f:55:01:ed:88:61:d2:e7:97:6a:fc:c4:
         4b:b2:51:9b:f5:e9:42:6a:28:29:d6:d0:ed:3e:09:ce:7f:43:
         13:44:79:89:d6:83:ea:e7:33:b6:56:e6:89:84:4a:b5:70:01:
         c8:06:77:fc:37:c9:b7:5a:30:e8:25:49:0f:23:7e:a2:bf:a4:
         09:a0:e1:4c:42:f0:79:a6:c8:ec:ea:aa:bc:cd:d5:dd:fb:aa:
         6c:6b:af:0d:5b:ca:63:32:d4:97:3f:43:f7:55:c3:7f:6b:60:
         dc:0a:24:26:35:0f:a8:0b:6f:9f:70:2b:ef:d6:3a:55:88:d0:
         0f:7f:c5:16:11:29:0d:36:bd:91:a0:8f:82:e8:e8:82:0d:bc:
         21:09:6f:db:f7:6c:19:07:b9:4e:a2:fa:ef:8c:10:65:bf:a2:
         21:1f:1c:75:31:02:e8:7e:77:95:f0:af:56:53:5d:84:2b:db:
         90:6a:38:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQf9ZcBo1iurlABbcaZ7JZ8UDVwMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE0MDAwMDAwWhcNMjMxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMDU3MGE2M2Q4MDY4ZjQwYTUyMWI0NTZjN2RmZjMxMzU0
YzYzZTJlZWU3N2ZmNjg1NGU1OGYyMDM4YzQ5OGU2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWIKyhzK7y7q3f2D+48Do8n1LIKRmdG3QInFDccIIC28PX
xkn155fRxZ2j9TLRIViE0/1P+jPmI29jeDLz0gnBa5MBYC0rHdfLyFdZ6gZBexCV
9n336j7LYQpp15XPQ1p3BdxkTT4zRzfKZplfmiVZPHk4QaBZwTaLmhDpEWmbV/Yr
wxnxj39E5cD/pEtkXFXrAcI80oenfEhl9RG7TTbvadrK0FmhZU422fJe8VY2HezC
LgP9MZUJQqUjkmEnX8RHal/wsg+E2rdojHgpo9bAPjO3rMUE4mNfYwGKIt39f56W
xsBxu9FBNPMIVeyvTP9poeVtVDjnZzXIyouwuGxlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+m1G4MihRSRQs/5eB1WyreHnwIswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUyZGY3YjQzLTg4NjQtNDBjNS1hYzBlLTI4ZWJmODg3ZTE3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG/KNVkJn0BP8v42n1MB3x4jJDJ6
7AZNzGosrcfi9UFW+GNlPxHRtIDlMEsdYJS1diUo7U4r6Xb3OyExq6ude8uxkReF
1+5YWvnxVxB1ji9VAe2IYdLnl2r8xEuyUZv16UJqKCnW0O0+Cc5/QxNEeYnWg+rn
M7ZW5omESrVwAcgGd/w3ybdaMOglSQ8jfqK/pAmg4UxC8HmmyOzqqrzN1d37qmxr
rw1bymMy1Jc/Q/dVw39rYNwKJCY1D6gLb59wK+/WOlWI0A9/xRYRKQ02vZGgj4Lo
6IINvCEJb9v3bBkHuU6i+u+MEGW/oiEfHHUxAuh+d5Xwr1ZTXYQr25BqOPg=
-----END CERTIFICATE-----