Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/70c10191-5dd9-4d56-9778-dfc3a06a59dc.roa
File:                     70c10191-5dd9-4d56-9778-dfc3a06a59dc.roa (raw, json)
Hash identifier:          QJQiy8w9GrnNj79YjAncu34XiXiGdD9UqJ3ZucPpQ3g=
Subject key identifier:   9F:46:17:48:E1:AC:DC:71:B9:B5:5B:F5:89:DE:27:C1:0F:61:97:56
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       01EF599746F5879613279D4D51356211DB043E27
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/70c10191-5dd9-4d56-9778-dfc3a06a59dc.roa
Signing time:             Wed 15 Nov 2023 00:00:00 +0000
ROA not before:           Wed 15 Nov 2023 00:00:00 +0000
ROA not after:            Wed 20 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:ef:59:97:46:f5:87:96:13:27:9d:4d:51:35:62:11:db:04:3e:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 15 00:00:00 2023 GMT
            Not After : Dec 20 23:59:59 2023 GMT
        Subject: serialNumber=613cb98195602b1a7592c94da51383669950e29bf8aca4a2bbca63c124eb611c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ba:ef:fa:73:e8:ae:3a:ff:e6:6d:de:eb:77:
                    08:a9:18:43:cf:39:ad:f8:96:bc:0d:1e:88:f6:9b:
                    14:6c:b8:16:ee:32:cd:5b:19:6b:b8:f2:d6:bc:eb:
                    48:63:ad:74:56:bd:e7:b9:f1:92:d3:0b:69:e1:e8:
                    ea:71:11:63:95:d1:69:c8:b3:b1:24:bd:1e:52:a8:
                    68:8e:f7:23:d5:ec:29:53:6e:89:21:1e:35:df:f5:
                    af:c3:47:a7:bb:42:e6:31:d1:ae:9a:84:f1:32:a1:
                    51:07:ce:9c:95:b0:6e:82:6e:c2:ae:4a:12:38:c1:
                    a8:c4:54:c6:bb:74:1f:37:b4:35:e3:a7:09:0f:38:
                    be:10:34:16:52:a0:44:35:81:03:25:cc:1d:be:b3:
                    39:db:09:26:e3:9b:93:ae:8c:fd:2b:04:f2:54:7f:
                    80:9a:82:32:e9:b3:48:60:66:2f:1e:ba:b8:50:43:
                    7b:96:dc:d2:e3:54:9e:36:26:75:77:e3:30:e7:29:
                    e4:93:5d:cf:16:1f:0a:aa:3b:35:3c:ac:0b:03:7c:
                    49:8d:1c:e2:2a:b6:c1:78:8d:0e:4a:f9:5d:ce:8b:
                    5e:8e:4b:a4:12:54:85:1f:66:78:b9:95:63:c1:8f:
                    8e:cb:f4:fb:ca:b0:e4:2a:f9:39:b5:c7:fc:32:9e:
                    26:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:46:17:48:E1:AC:DC:71:B9:B5:5B:F5:89:DE:27:C1:0F:61:97:56
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/70c10191-5dd9-4d56-9778-dfc3a06a59dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:f5:a9:d1:dc:f0:6a:53:5c:6e:7a:c4:42:3f:ed:62:4a:de:
         49:38:22:0d:0e:52:03:2b:f2:b5:9e:4d:81:0c:ed:ba:d8:3f:
         86:3b:1d:dc:5b:ee:f6:f6:44:b4:b8:5b:6d:07:8f:e2:c0:fc:
         0a:b8:91:a2:98:3a:60:1a:ce:1d:52:af:e7:1a:1e:37:6d:c3:
         db:e3:fc:5a:da:eb:ff:a7:0b:4c:7f:33:69:30:bb:c9:5e:1b:
         79:a7:21:5b:21:7f:a0:52:00:1e:86:03:57:d7:82:1a:5f:2e:
         13:db:12:d8:ea:f6:74:76:e7:ff:fa:89:37:23:0c:44:fa:f9:
         ea:b9:16:38:7d:fc:a3:a0:81:96:91:e7:87:af:68:ec:e3:93:
         ad:77:ac:c2:f6:74:e1:f8:41:93:c0:67:6f:99:e1:d2:db:1d:
         eb:af:7e:08:a7:61:69:f3:34:dc:00:ce:bc:cf:59:47:e8:69:
         03:4d:fc:17:b5:48:a3:39:65:2c:40:22:42:5a:db:c2:0a:da:
         58:64:ff:48:23:54:55:51:92:0b:ea:40:02:97:55:03:97:ca:
         02:79:71:36:22:1a:8e:74:14:21:1b:bb:1e:a9:bf:0f:ff:b8:
         85:e8:7f:c2:c8:2f:1b:2b:bf:2b:d6:12:ce:a4:95:56:0e:58:
         3d:d3:41:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAe9Zl0b1h5YTJ51NUTViEdsEPicwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE1MDAwMDAwWhcNMjMxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTNjYjk4MTk1NjAyYjFhNzU5MmM5NGRhNTEzODM2Njk5
NTBlMjliZjhhY2E0YTJiYmNhNjNjMTI0ZWI2MTFjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUuu/6c+iuOv/mbd7rdwipGEPPOa34lrwNHoj2mxRsuBbu
Ms1bGWu48ta860hjrXRWvee58ZLTC2nh6OpxEWOV0WnIs7EkvR5SqGiO9yPV7ClT
bokhHjXf9a/DR6e7QuYx0a6ahPEyoVEHzpyVsG6CbsKuShI4wajEVMa7dB83tDXj
pwkPOL4QNBZSoEQ1gQMlzB2+sznbCSbjm5OujP0rBPJUf4CagjLps0hgZi8eurhQ
Q3uW3NLjVJ42JnV34zDnKeSTXc8WHwqqOzU8rAsDfEmNHOIqtsF4jQ5K+V3Oi16O
S6QSVIUfZni5lWPBj47L9PvKsOQq+Tm1x/wyniY3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUn0YXSOGs3HG5tVv1id4nwQ9hl1YwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcwYzEwMTkxLTVkZDktNGQ1Ni05Nzc4LWRmYzNhMDZhNTlkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADf1qdHc8GpTXG56xEI/7WJK3kk4
Ig0OUgMr8rWeTYEM7brYP4Y7Hdxb7vb2RLS4W20Hj+LA/Aq4kaKYOmAazh1Sr+ca
Hjdtw9vj/Fra6/+nC0x/M2kwu8leG3mnIVshf6BSAB6GA1fXghpfLhPbEtjq9nR2
5//6iTcjDET6+eq5Fjh9/KOggZaR54evaOzjk613rML2dOH4QZPAZ2+Z4dLbHeuv
fginYWnzNNwAzrzPWUfoaQNN/Be1SKM5ZSxAIkJa28IK2lhk/0gjVFVRkgvqQAKX
VQOXygJ5cTYiGo50FCEbux6pvw//uIXof8LILxsrvyvWEs6klVYOWD3TQUY=
-----END CERTIFICATE-----