Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/78b4efa2-c5fc-499b-9267-fb06835559c3.roa
File:                     78b4efa2-c5fc-499b-9267-fb06835559c3.roa (raw, json)
Hash identifier:          2XHGsUj/eLQmtzMtRUbXGqVwGHTkSyUeujMW1erxNs0=
Subject key identifier:   1E:4C:9C:D9:2C:55:BD:A6:40:BE:90:DC:77:BB:BE:30:F2:14:8D:03
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       395372ADCA8363DE9224BEA9ACCC9B237EF09B8B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/78b4efa2-c5fc-499b-9267-fb06835559c3.roa
Signing time:             Tue 07 Nov 2023 00:00:00 +0000
ROA not before:           Tue 07 Nov 2023 00:00:00 +0000
ROA not after:            Tue 12 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:53:72:ad:ca:83:63:de:92:24:be:a9:ac:cc:9b:23:7e:f0:9b:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  7 00:00:00 2023 GMT
            Not After : Dec 12 23:59:59 2023 GMT
        Subject: serialNumber=3bfe89adca77e046951ee42734139c71df6771815f53dd23391e8e0a82d5d6b9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:39:f7:22:4d:5c:e2:e4:0d:bc:f6:2c:d6:d9:
                    8a:20:60:e7:53:bf:94:ba:86:bf:d9:fe:93:e4:1b:
                    b1:46:5b:22:a9:b8:72:96:4d:80:90:c8:90:a9:6c:
                    17:84:69:77:49:8b:56:cf:17:c8:a3:14:fb:d1:bc:
                    5d:ca:c1:80:a1:92:65:d0:78:f1:f6:b6:6b:f1:56:
                    3f:98:c9:a3:1d:a0:6a:47:51:f8:b9:e9:f7:bb:29:
                    61:c9:39:e4:23:af:27:f4:b8:95:fb:e8:f9:01:1b:
                    69:0d:63:52:fe:8f:0d:4d:74:ac:f1:94:fd:65:14:
                    f1:55:fd:33:23:e6:7e:3d:f2:32:86:bf:34:32:56:
                    c1:63:5c:8c:cd:e8:ff:30:68:17:83:c4:a6:7b:83:
                    89:e3:d1:a5:53:30:95:82:10:47:5b:53:20:ff:c7:
                    ef:06:b3:6b:ff:3a:c0:fc:08:ed:98:26:8d:e9:45:
                    27:57:6b:6c:bd:3c:2c:db:66:40:93:2b:6b:3f:c9:
                    3d:fb:f2:30:06:e8:2f:69:4b:94:e3:30:50:6d:71:
                    31:09:6d:e2:40:4f:a3:f7:fd:c3:8f:89:3f:14:6f:
                    98:c5:c4:95:8b:19:b9:3e:77:56:84:59:0d:54:75:
                    66:e6:10:f3:99:be:b3:1a:5b:6d:e8:d1:cf:c3:f1:
                    31:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:4C:9C:D9:2C:55:BD:A6:40:BE:90:DC:77:BB:BE:30:F2:14:8D:03
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/78b4efa2-c5fc-499b-9267-fb06835559c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:37:55:70:72:96:2f:14:9f:b7:0e:5d:6d:01:20:bb:66:38:
         7f:60:9c:f8:53:46:e0:2b:b3:57:03:7f:59:6c:48:ed:37:33:
         ca:c3:36:c3:7e:82:9a:ba:ca:f9:02:1e:a9:a9:19:f6:64:ac:
         d0:cd:12:e8:8c:b6:96:47:96:22:50:6f:90:78:47:73:83:eb:
         01:bb:ff:75:a1:db:3e:bd:f5:f1:0f:8a:3c:56:9c:d4:98:bf:
         a1:69:8e:b5:ec:06:1c:c1:77:99:d3:f6:62:dd:37:1f:2f:04:
         47:e7:81:bc:0f:f4:c2:4d:42:3f:05:8c:ba:cb:8f:cd:47:31:
         5e:ae:0b:86:c7:c8:7d:d9:5e:56:eb:4c:ca:96:64:20:e8:9f:
         99:2e:66:00:f0:10:be:52:ec:06:cb:1f:08:9b:0f:07:b9:f3:
         d0:ed:eb:c0:d1:31:9d:94:a6:43:12:4f:4a:7d:5e:99:14:ae:
         29:95:cf:5a:55:52:6b:1b:79:e4:af:70:4b:d7:9d:07:cd:b7:
         fe:c0:76:e6:cd:9e:98:55:08:02:e8:2b:6d:40:ee:82:37:8a:
         33:a3:e6:2b:f2:78:3c:74:15:cd:39:3b:c6:73:e5:b7:37:80:
         d5:71:7a:de:91:0f:a6:31:4d:f2:d5:ee:ac:33:cc:b6:21:81:
         57:b2:52:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOVNyrcqDY96SJL6prMybI37wm4swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA3MDAwMDAwWhcNMjMxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmZlODlhZGNhNzdlMDQ2OTUxZWU0MjczNDEzOWM3MWRm
Njc3MTgxNWY1M2RkMjMzOTFlOGUwYTgyZDVkNmI5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeOfciTVzi5A289izW2YogYOdTv5S6hr/Z/pPkG7FGWyKp
uHKWTYCQyJCpbBeEaXdJi1bPF8ijFPvRvF3KwYChkmXQePH2tmvxVj+YyaMdoGpH
Ufi56fe7KWHJOeQjryf0uJX76PkBG2kNY1L+jw1NdKzxlP1lFPFV/TMj5n498jKG
vzQyVsFjXIzN6P8waBeDxKZ7g4nj0aVTMJWCEEdbUyD/x+8Gs2v/OsD8CO2YJo3p
RSdXa2y9PCzbZkCTK2s/yT378jAG6C9pS5TjMFBtcTEJbeJAT6P3/cOPiT8Ub5jF
xJWLGbk+d1aEWQ1UdWbmEPOZvrMaW23o0c/D8TFrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHkyc2SxVvaZAvpDcd7u+MPIUjQMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc4YjRlZmEyLWM1ZmMtNDk5Yi05MjY3LWZiMDY4MzU1NTljMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHM3VXByli8Un7cOXW0BILtmOH9g
nPhTRuArs1cDf1lsSO03M8rDNsN+gpq6yvkCHqmpGfZkrNDNEuiMtpZHliJQb5B4
R3OD6wG7/3Wh2z699fEPijxWnNSYv6FpjrXsBhzBd5nT9mLdNx8vBEfngbwP9MJN
Qj8FjLrLj81HMV6uC4bHyH3ZXlbrTMqWZCDon5kuZgDwEL5S7AbLHwibDwe589Dt
68DRMZ2UpkMST0p9XpkUrimVz1pVUmsbeeSvcEvXnQfNt/7AdubNnphVCALoK21A
7oI3ijOj5ivyeDx0Fc05O8Zz5bc3gNVxet6RD6YxTfLV7qwzzLYhgVeyUqg=
-----END CERTIFICATE-----