Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6a4ed688-32a9-4172-a477-ad2af7365e2c.roa
File:                     6a4ed688-32a9-4172-a477-ad2af7365e2c.roa (raw, json)
Hash identifier:          vJb59QBr/516LUW0F0+YYWfkGufnSTJeOGksFhl0cIQ=
Subject key identifier:   D7:E8:80:8F:3B:E0:C7:CF:CB:BB:3F:93:12:AD:23:E1:18:DE:01:F0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       472E0016410D05407C44EC444F868D941664713E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6a4ed688-32a9-4172-a477-ad2af7365e2c.roa
Signing time:             Fri 22 Dec 2023 00:00:00 +0000
ROA not before:           Fri 22 Dec 2023 00:00:00 +0000
ROA not after:            Fri 26 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:2e:00:16:41:0d:05:40:7c:44:ec:44:4f:86:8d:94:16:64:71:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 22 00:00:00 2023 GMT
            Not After : Jan 26 23:59:59 2024 GMT
        Subject: serialNumber=faed159b7972adfec20387974bed87977152b7e05697313e70e9e67690afef01, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6f:ea:1b:ca:48:5c:2b:fd:3e:8b:d3:16:17:
                    c4:48:b8:61:42:d1:2c:15:c3:4b:ff:53:85:f7:b1:
                    be:dd:1d:22:05:1d:4f:21:a7:d0:fb:bc:5d:3d:05:
                    5b:d6:24:e1:c1:c3:53:a6:26:0e:b2:ff:d0:09:41:
                    8e:4e:a6:92:41:da:6d:b0:22:9d:85:b4:6d:17:4c:
                    5a:10:09:fa:98:88:7a:81:31:b8:95:0f:39:25:91:
                    47:87:8e:98:8e:01:63:f9:78:5e:b0:1e:54:e0:bb:
                    50:f7:f5:f8:32:f5:e6:be:ab:5b:34:e8:2c:d2:24:
                    b8:c7:e5:fe:03:a6:4b:4e:76:fa:21:21:59:55:34:
                    f8:a0:b3:4c:4c:23:10:0a:1f:17:44:ed:f4:d5:43:
                    63:82:fb:6f:89:67:1f:38:3d:a1:14:9e:94:fb:21:
                    fb:93:f9:90:8b:76:53:c4:bc:d4:d3:e2:4b:5d:70:
                    38:2c:1f:dd:0a:bc:97:b2:85:fb:44:92:a3:ee:3c:
                    22:65:bb:4f:03:be:80:9f:fe:70:d1:4d:b1:9f:92:
                    a8:75:73:ba:b8:e0:ff:cd:9e:98:39:61:f0:41:48:
                    84:cb:a6:2c:93:aa:74:b3:6a:e9:b8:0c:59:19:68:
                    86:a1:98:47:21:32:20:f6:b8:47:1c:c2:e6:2c:b9:
                    78:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E8:80:8F:3B:E0:C7:CF:CB:BB:3F:93:12:AD:23:E1:18:DE:01:F0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6a4ed688-32a9-4172-a477-ad2af7365e2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:d5:a5:8b:04:d6:4b:af:1e:bf:dc:e8:ed:2d:07:ff:4b:45:
         f4:32:1f:2f:9f:0a:fd:36:a9:64:2a:d7:8a:e1:b9:ca:98:54:
         c8:cf:80:36:bd:e4:a6:2e:1e:03:cd:cd:e1:be:f9:6f:b9:4d:
         db:2f:5d:f8:f5:44:f4:8d:61:3d:68:c3:c2:d4:16:3f:4b:a2:
         17:b6:0c:48:25:c5:d6:ab:ee:7a:88:31:e0:20:3a:55:d0:56:
         20:94:3b:ec:8b:2e:33:df:c4:bd:04:fd:73:48:33:4b:4e:da:
         04:b4:3d:4b:b9:86:27:c7:65:79:25:7c:bd:69:41:b9:50:dc:
         fb:eb:ed:d5:02:5f:46:2c:28:ad:35:37:c0:a2:3a:59:19:df:
         08:81:33:27:27:fe:d3:41:0b:07:8f:bc:69:3b:72:ca:ac:c3:
         b8:64:51:fb:3a:97:ed:79:b5:29:30:ec:a2:12:d0:bb:90:3d:
         15:fd:25:c2:14:f8:c0:6d:5f:76:59:12:a7:21:d5:e8:db:c0:
         06:b3:71:55:02:6a:22:74:6b:30:63:94:03:6e:ce:22:6c:ef:
         8b:77:b7:98:c3:79:f7:bf:7f:ea:9e:af:71:57:74:34:e4:7f:
         8b:7c:e5:79:f3:0e:3f:6a:12:8a:7b:85:fa:bb:21:5a:d5:a3:
         b7:3d:c9:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURy4AFkENBUB8ROxET4aNlBZkcT4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjIyMDAwMDAwWhcNMjQwMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYWVkMTU5Yjc5NzJhZGZlYzIwMzg3OTc0YmVkODc5Nzcx
NTJiN2UwNTY5NzMxM2U3MGU5ZTY3NjkwYWZlZjAxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6b+obykhcK/0+i9MWF8RIuGFC0SwVw0v/U4X3sb7dHSIF
HU8hp9D7vF09BVvWJOHBw1OmJg6y/9AJQY5OppJB2m2wIp2FtG0XTFoQCfqYiHqB
MbiVDzklkUeHjpiOAWP5eF6wHlTgu1D39fgy9ea+q1s06CzSJLjH5f4DpktOdvoh
IVlVNPigs0xMIxAKHxdE7fTVQ2OC+2+JZx84PaEUnpT7IfuT+ZCLdlPEvNTT4ktd
cDgsH90KvJeyhftEkqPuPCJlu08DvoCf/nDRTbGfkqh1c7q44P/Nnpg5YfBBSITL
piyTqnSzaum4DFkZaIahmEchMiD2uEccwuYsuXjtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1+iAjzvgx8/Luz+TEq0j4RjeAfAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzZhNGVkNjg4LTMyYTktNDE3Mi1hNDc3LWFkMmFmNzM2NWUyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJnVpYsE1kuvHr/c6O0tB/9LRfQy
Hy+fCv02qWQq14rhucqYVMjPgDa95KYuHgPNzeG++W+5TdsvXfj1RPSNYT1ow8LU
Fj9Lohe2DEglxdar7nqIMeAgOlXQViCUO+yLLjPfxL0E/XNIM0tO2gS0PUu5hifH
ZXklfL1pQblQ3Pvr7dUCX0YsKK01N8CiOlkZ3wiBMycn/tNBCwePvGk7csqsw7hk
Ufs6l+15tSkw7KIS0LuQPRX9JcIU+MBtX3ZZEqch1ejbwAazcVUCaiJ0azBjlANu
ziJs74t3t5jDefe/f+qer3FXdDTkf4t85XnzDj9qEop7hfq7IVrVo7c9yd0=
-----END CERTIFICATE-----