Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/72f6cec2-7a34-4581-94fb-107c2331441d.roa
File:                     72f6cec2-7a34-4581-94fb-107c2331441d.roa (raw, json)
Hash identifier:          c1aKqfgSBtjdcM8EHGL8DIbaNFDEyZ1doVT0HzK/wDo=
Subject key identifier:   C4:AD:8C:89:23:20:2D:94:FD:22:79:00:7E:23:B1:80:17:C0:26:5A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       41D70D2F29EADBA03D054BB106B7F9D0D99FEEAF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/72f6cec2-7a34-4581-94fb-107c2331441d.roa
Signing time:             Sat 15 Jul 2023 00:00:00 +0000
ROA not before:           Sat 15 Jul 2023 00:00:00 +0000
ROA not after:            Sat 19 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:d7:0d:2f:29:ea:db:a0:3d:05:4b:b1:06:b7:f9:d0:d9:9f:ee:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 15 00:00:00 2023 GMT
            Not After : Aug 19 23:59:59 2023 GMT
        Subject: serialNumber=a7d6bf3f095c3f225236a90e428c99c831e6f2a99fc611d3dc0a8428e4b1d6df, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:26:95:a9:8f:6f:28:d4:54:c6:75:3f:96:75:
                    2d:5e:fc:54:38:cc:2c:0f:b1:64:0c:04:f9:e4:8b:
                    d1:76:37:9f:f3:52:38:b5:65:b9:1a:be:d1:09:53:
                    e9:18:7b:30:cc:a4:64:fb:0d:d9:b1:2d:a7:cc:80:
                    e9:2c:24:a9:36:b0:37:e1:49:91:e1:75:9b:e9:ab:
                    fc:ff:d6:11:03:50:f2:e4:c1:7f:4c:3b:a8:5b:0a:
                    69:47:85:72:5a:7b:e6:60:3f:17:b3:bc:80:b8:01:
                    f8:e6:58:88:80:30:11:16:e4:e4:54:5e:54:5f:00:
                    24:0c:5b:16:b4:af:e5:e6:16:41:cb:3e:0f:a2:0e:
                    f2:da:ec:dc:e4:e1:21:bd:ee:87:be:b2:c1:39:cd:
                    8c:2f:e6:e9:74:7a:d0:65:0e:a6:fa:db:ee:ee:2b:
                    fd:94:33:f2:a3:47:b1:11:f2:4c:9a:44:b5:64:61:
                    5a:ea:ac:a4:28:65:0a:11:28:23:37:18:bb:38:8b:
                    38:90:5e:5f:ca:44:a9:78:17:1f:4c:79:4d:f1:b1:
                    ee:cd:45:73:6e:79:f0:30:09:a1:4d:ff:a3:c4:89:
                    f6:82:50:48:c9:ee:46:a5:de:b6:7f:00:a1:a0:d4:
                    45:0d:e9:3b:54:ce:75:d0:ef:ab:aa:37:6d:25:a7:
                    67:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:AD:8C:89:23:20:2D:94:FD:22:79:00:7E:23:B1:80:17:C0:26:5A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/72f6cec2-7a34-4581-94fb-107c2331441d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:25:00:6c:db:d9:99:da:b9:5d:7d:ef:48:72:bb:4b:12:5d:
         ca:4e:09:fb:4b:55:b0:9a:2e:ff:d4:53:a8:37:ad:11:db:ed:
         ed:ec:37:71:d8:64:e3:33:1f:eb:2c:3b:e3:31:56:1c:22:c3:
         0b:66:d1:2d:bb:23:0a:02:b6:02:53:19:78:cf:56:50:c3:65:
         9a:60:ca:5f:0b:79:e0:0d:7d:7f:94:38:b2:0d:bb:7b:37:48:
         e7:24:bb:b9:d3:cc:46:aa:91:a7:91:64:8b:e0:9f:8d:51:55:
         3f:37:13:c5:09:7b:1a:16:a1:85:e3:12:8d:24:27:91:af:a5:
         15:be:76:f7:78:9b:50:f6:26:4e:72:3a:ff:42:96:a0:2d:81:
         25:e9:52:98:41:fd:fb:2e:2e:bf:b3:a3:6e:1d:ac:4c:35:8e:
         99:f0:90:a9:e7:d4:9d:43:f4:09:a3:e2:c7:77:84:66:4d:0e:
         57:30:66:5d:07:50:69:88:04:63:a1:e2:72:50:1b:7b:43:95:
         aa:71:91:77:e0:c4:ba:56:aa:b7:bb:b6:c7:10:6d:0a:41:c4:
         37:83:4c:cc:9e:18:54:f8:fb:10:68:c7:45:ff:b0:d4:5e:11:
         f9:c9:04:94:ce:6b:8c:3f:98:ba:0f:94:d6:d5:12:4f:8e:8e:
         72:4b:fa:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQdcNLynq26A9BUuxBrf50Nmf7q8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE1MDAwMDAwWhcNMjMwODE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhN2Q2YmYzZjA5NWMzZjIyNTIzNmE5MGU0MjhjOTljODMx
ZTZmMmE5OWZjNjExZDNkYzBhODQyOGU0YjFkNmRmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuJpWpj28o1FTGdT+WdS1e/FQ4zCwPsWQMBPnki9F2N5/z
Uji1ZbkavtEJU+kYezDMpGT7DdmxLafMgOksJKk2sDfhSZHhdZvpq/z/1hEDUPLk
wX9MO6hbCmlHhXJae+ZgPxezvIC4AfjmWIiAMBEW5ORUXlRfACQMWxa0r+XmFkHL
Pg+iDvLa7Nzk4SG97oe+ssE5zYwv5ul0etBlDqb62+7uK/2UM/KjR7ER8kyaRLVk
YVrqrKQoZQoRKCM3GLs4iziQXl/KRKl4Fx9MeU3xse7NRXNuefAwCaFN/6PEifaC
UEjJ7kal3rZ/AKGg1EUN6TtUznXQ76uqN20lp2evAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxK2MiSMgLZT9InkAfiOxgBfAJlowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcyZjZjZWMyLTdhMzQtNDU4MS05NGZiLTEwN2MyMzMxNDQxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH0lAGzb2ZnauV1970hyu0sSXcpO
CftLVbCaLv/UU6g3rRHb7e3sN3HYZOMzH+ssO+MxVhwiwwtm0S27IwoCtgJTGXjP
VlDDZZpgyl8LeeANfX+UOLINu3s3SOcku7nTzEaqkaeRZIvgn41RVT83E8UJexoW
oYXjEo0kJ5GvpRW+dvd4m1D2Jk5yOv9ClqAtgSXpUphB/fsuLr+zo24drEw1jpnw
kKnn1J1D9Amj4sd3hGZNDlcwZl0HUGmIBGOh4nJQG3tDlapxkXfgxLpWqre7tscQ
bQpBxDeDTMyeGFT4+xBox0X/sNReEfnJBJTOa4w/mLoPlNbVEk+OjnJL+k0=
-----END CERTIFICATE-----