Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/74ec8281-2179-4b0e-b049-3222eca6fe06.roa
File:                     74ec8281-2179-4b0e-b049-3222eca6fe06.roa (raw, json)
Hash identifier:          Ov3vFMGt6S1xTUEi/kjZYnu1lFhrsDPffSirTF6QmJQ=
Subject key identifier:   63:E2:54:3B:93:42:8C:61:AD:3B:B6:8B:82:8C:2D:6D:B1:F7:85:13
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       485DCCBB6B21C20ED568F0927B9679CD72946EAC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/74ec8281-2179-4b0e-b049-3222eca6fe06.roa
Signing time:             Thu 12 Oct 2023 00:00:00 +0000
ROA not before:           Thu 12 Oct 2023 00:00:00 +0000
ROA not after:            Thu 16 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:5d:cc:bb:6b:21:c2:0e:d5:68:f0:92:7b:96:79:cd:72:94:6e:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 12 00:00:00 2023 GMT
            Not After : Nov 16 23:59:59 2023 GMT
        Subject: serialNumber=c8b936f0a39c64de9d13133394c8c5ecd0c475d083ed13ca18c6f97d2c76e3e7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b4:e3:7a:31:bd:54:52:58:41:79:0c:e7:1f:
                    1b:31:0d:5b:cf:6e:e8:c3:ef:48:aa:8e:e9:f8:68:
                    8e:9a:a7:68:cc:89:50:8d:0f:3f:71:f0:d4:93:20:
                    d3:2d:fc:e6:d0:b9:cf:cb:d2:f0:47:a2:5e:07:fc:
                    95:72:d6:05:76:c0:45:69:af:18:8a:76:a2:d0:12:
                    c8:ab:fb:31:e3:bc:fb:5c:51:9b:24:57:93:c9:9a:
                    4b:29:f5:24:e9:24:12:b6:e7:6e:a6:f9:99:20:dd:
                    2c:ac:6b:39:d0:fe:35:cb:c4:92:aa:db:d9:42:62:
                    e5:4c:f8:cf:45:70:60:d0:73:b3:25:3c:2c:9d:ba:
                    9a:42:f1:a7:1e:d8:e8:01:62:53:9d:ab:6d:d3:8d:
                    de:e8:15:4d:a0:95:ef:4f:39:26:e4:f7:64:59:27:
                    23:80:3a:6a:d9:79:34:49:a4:26:66:41:dc:76:24:
                    c5:09:6c:24:14:e9:e6:62:86:e3:4f:12:d0:38:0c:
                    22:0a:ac:1b:6a:13:00:30:dd:09:09:8f:73:7d:49:
                    2a:69:82:e7:43:45:0f:4c:39:f3:8f:56:43:52:f4:
                    f4:73:ea:59:2f:32:23:4c:46:17:11:90:0a:16:d6:
                    a9:09:2b:ae:74:41:7f:33:5a:e4:80:f1:d3:47:a1:
                    8b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:E2:54:3B:93:42:8C:61:AD:3B:B6:8B:82:8C:2D:6D:B1:F7:85:13
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/74ec8281-2179-4b0e-b049-3222eca6fe06.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:89:27:77:3d:2a:6d:e0:9f:af:f4:41:ff:b7:6d:6b:2a:4d:
         af:ae:3d:87:3a:c2:dd:84:97:4e:81:93:7b:24:9f:bd:31:b8:
         41:c7:33:7a:6f:44:44:d4:60:0a:c9:1c:ad:0b:59:c9:24:a9:
         12:77:42:db:ce:60:ce:72:ad:78:c7:e8:0f:50:0a:22:52:07:
         b1:c5:95:b0:c6:5a:55:0e:82:28:68:10:dc:3d:8f:22:26:25:
         7f:fa:2d:71:5c:3c:2f:8d:9e:d5:b5:87:f9:64:4d:46:7c:c7:
         9a:62:8c:cd:22:be:98:56:81:7c:28:9d:f2:3a:ee:4a:ad:4f:
         72:97:7d:f9:2b:f4:d6:3d:cc:6f:89:43:8d:aa:74:29:e4:9d:
         c1:c3:92:7a:e6:7e:6f:3a:a2:b1:72:51:8f:a8:78:92:90:c3:
         47:7b:0f:56:b1:13:43:1a:46:4f:43:63:7e:d7:07:b3:19:8e:
         fe:2b:fa:c8:14:cb:65:8e:34:52:3a:80:69:d0:a1:d3:ad:3d:
         f4:54:fb:c5:6d:d2:ae:b7:72:25:b6:1d:f2:e5:0f:2b:48:c5:
         a6:30:f6:51:bd:6f:43:5f:7e:15:94:ce:99:cd:75:1c:b1:7f:
         be:10:8d:db:50:71:3b:2e:a7:d4:03:55:fd:2e:c3:8a:ef:64:
         a9:8f:23:3c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSF3Mu2shwg7VaPCSe5Z5zXKUbqwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDEyMDAwMDAwWhcNMjMxMTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOGI5MzZmMGEzOWM2NGRlOWQxMzEzMzM5NGM4YzVlY2Qw
YzQ3NWQwODNlZDEzY2ExOGM2Zjk3ZDJjNzZlM2U3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCStON6Mb1UUlhBeQznHxsxDVvPbujD70iqjun4aI6ap2jM
iVCNDz9x8NSTINMt/ObQuc/L0vBHol4H/JVy1gV2wEVprxiKdqLQEsir+zHjvPtc
UZskV5PJmksp9STpJBK2526m+Zkg3SysaznQ/jXLxJKq29lCYuVM+M9FcGDQc7Ml
PCyduppC8ace2OgBYlOdq23Tjd7oFU2gle9POSbk92RZJyOAOmrZeTRJpCZmQdx2
JMUJbCQU6eZihuNPEtA4DCIKrBtqEwAw3QkJj3N9SSppgudDRQ9MOfOPVkNS9PRz
6lkvMiNMRhcRkAoW1qkJK650QX8zWuSA8dNHoYsHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY+JUO5NCjGGtO7aLgowtbbH3hRMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc0ZWM4MjgxLTIxNzktNGIwZS1iMDQ5LTMyMjJlY2E2ZmUwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI+JJ3c9Km3gn6/0Qf+3bWsqTa+u
PYc6wt2El06Bk3skn70xuEHHM3pvRETUYArJHK0LWckkqRJ3QtvOYM5yrXjH6A9Q
CiJSB7HFlbDGWlUOgihoENw9jyImJX/6LXFcPC+NntW1h/lkTUZ8x5pijM0ivphW
gXwonfI67kqtT3KXffkr9NY9zG+JQ42qdCnkncHDknrmfm86orFyUY+oeJKQw0d7
D1axE0MaRk9DY37XB7MZjv4r+sgUy2WONFI6gGnQodOtPfRU+8Vt0q63ciW2HfLl
DytIxaYw9lG9b0NffhWUzpnNdRyxf74QjdtQcTsup9QDVf0uw4rvZKmPIzw=
-----END CERTIFICATE-----