Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dcdc438-f2b4-405b-940c-5b1c9ccaf15d.roa
File:                     7dcdc438-f2b4-405b-940c-5b1c9ccaf15d.roa (raw, json)
Hash identifier:          YmBVMjRKEciN+cc/q1dyq2tsNVtR4oLcmauHrOOXPlQ=
Subject key identifier:   9A:EB:28:BF:A9:B5:AE:A3:3C:79:D6:AF:1B:CC:61:F1:24:36:3D:2C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1174CB7100611E96A4CB34CCD669ADE361C693A7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dcdc438-f2b4-405b-940c-5b1c9ccaf15d.roa
Signing time:             Fri 25 Aug 2023 00:00:00 +0000
ROA not before:           Fri 25 Aug 2023 00:00:00 +0000
ROA not after:            Fri 29 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:74:cb:71:00:61:1e:96:a4:cb:34:cc:d6:69:ad:e3:61:c6:93:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 25 00:00:00 2023 GMT
            Not After : Sep 29 23:59:59 2023 GMT
        Subject: serialNumber=3d4b8a3a9364bc866a439e1a6f76282fb2bfbfb34794e8852de32bfd955159c3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2e:a8:73:49:63:af:64:e7:74:9e:37:08:ca:
                    6f:df:6d:1e:e3:34:d7:5e:23:ee:97:c4:af:f5:e6:
                    1e:23:8e:7a:35:c2:63:27:53:25:86:e9:b6:5f:57:
                    cc:dd:a9:7a:c7:ad:ae:da:7d:da:dd:8d:ad:20:d2:
                    f3:d3:43:50:47:19:40:2c:e6:95:e2:c8:52:60:f2:
                    0a:49:1c:60:11:72:bc:8d:90:71:fe:83:55:6a:7c:
                    b0:df:e3:2a:63:3f:65:77:6d:b7:30:3a:7b:26:db:
                    9a:fe:33:25:73:27:01:cd:d2:f5:85:d4:1f:fe:e5:
                    72:d2:db:b5:4b:bf:fd:b4:81:44:c0:e6:a8:8e:12:
                    36:ce:2a:20:68:2d:15:45:1c:9e:18:8b:eb:a4:be:
                    4f:36:f8:30:58:14:2a:94:2d:e0:48:e3:1f:99:2a:
                    0c:93:c7:c6:7d:67:2d:e8:8b:0e:dd:5e:31:b4:45:
                    ad:2c:c8:bc:30:84:35:2c:5b:c2:a7:66:1c:5e:71:
                    1c:1b:6b:34:5b:90:f1:f8:b3:99:cb:4e:d2:0d:a6:
                    4d:e6:8d:4f:07:0f:c3:06:80:4c:d8:9e:5c:fd:5e:
                    3c:21:e4:11:31:24:a4:86:82:9e:63:84:69:15:b7:
                    60:76:b2:81:fe:b0:d1:a3:d6:34:d0:73:94:23:78:
                    c5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:EB:28:BF:A9:B5:AE:A3:3C:79:D6:AF:1B:CC:61:F1:24:36:3D:2C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dcdc438-f2b4-405b-940c-5b1c9ccaf15d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ae:97:a2:24:4e:47:f9:c4:c4:a6:46:81:04:05:34:6d:f1:
         82:7b:f8:da:09:33:4c:46:b0:63:ac:e6:34:a7:ec:35:a0:26:
         63:6c:f3:6b:29:44:55:e7:9e:3e:9a:5b:f1:39:29:0f:71:9c:
         c8:03:d4:83:54:e5:82:6e:ae:aa:2a:46:b0:ae:16:8d:04:04:
         e7:48:37:19:43:a2:ec:58:2b:01:5e:eb:b3:b1:93:3a:37:d6:
         06:79:85:9c:00:01:09:44:86:94:64:72:01:c2:24:41:82:d5:
         97:87:22:8f:ad:80:ff:58:08:e0:ec:c4:34:df:30:8d:73:19:
         ab:fa:1a:89:ff:03:cc:7a:4d:83:60:8e:47:a0:8d:55:93:32:
         4a:4e:3b:43:b9:5d:dc:73:d0:67:e9:ea:24:52:d7:d6:f8:c0:
         1c:1e:5e:45:66:95:eb:ba:28:5c:50:c5:30:7f:3d:0e:a9:f4:
         c6:d5:a3:4a:9c:a9:0a:88:10:a7:6c:71:19:b4:9c:c4:1e:1c:
         4c:d8:4b:a4:f3:07:9d:1b:3a:ee:23:4e:ad:a9:81:32:60:16:
         c2:68:5e:7d:a0:f9:25:41:6b:0e:00:5e:d4:58:ac:e3:a8:e5:
         69:d4:38:59:1f:39:48:fe:9a:d9:be:47:a7:85:18:21:4d:9e:
         6d:57:07:49
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEXTLcQBhHpakyzTM1mmt42HGk6cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI1MDAwMDAwWhcNMjMwOTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZDRiOGEzYTkzNjRiYzg2NmE0MzllMWE2Zjc2MjgyZmIy
YmZiZmIzNDc5NGU4ODUyZGUzMmJmZDk1NTE1OWMzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCILqhzSWOvZOd0njcIym/fbR7jNNdeI+6XxK/15h4jjno1
wmMnUyWG6bZfV8zdqXrHra7afdrdja0g0vPTQ1BHGUAs5pXiyFJg8gpJHGARcryN
kHH+g1VqfLDf4ypjP2V3bbcwOnsm25r+MyVzJwHN0vWF1B/+5XLS27VLv/20gUTA
5qiOEjbOKiBoLRVFHJ4Yi+ukvk82+DBYFCqULeBI4x+ZKgyTx8Z9Zy3oiw7dXjG0
Ra0syLwwhDUsW8KnZhxecRwbazRbkPH4s5nLTtINpk3mjU8HD8MGgEzYnlz9Xjwh
5BExJKSGgp5jhGkVt2B2soH+sNGj1jTQc5QjeMVJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmusov6m1rqM8edavG8xh8SQ2PSwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdkY2RjNDM4LWYyYjQtNDA1Yi05NDBjLTViMWM5Y2NhZjE1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACqul6IkTkf5xMSmRoEEBTRt8YJ7
+NoJM0xGsGOs5jSn7DWgJmNs82spRFXnnj6aW/E5KQ9xnMgD1INU5YJurqoqRrCu
Fo0EBOdINxlDouxYKwFe67Oxkzo31gZ5hZwAAQlEhpRkcgHCJEGC1ZeHIo+tgP9Y
CODsxDTfMI1zGav6Gon/A8x6TYNgjkegjVWTMkpOO0O5Xdxz0Gfp6iRS19b4wBwe
XkVmleu6KFxQxTB/PQ6p9MbVo0qcqQqIEKdscRm0nMQeHEzYS6TzB50bOu4jTq2p
gTJgFsJoXn2g+SVBaw4AXtRYrOOo5WnUOFkfOUj+mtm+R6eFGCFNnm1XB0k=
-----END CERTIFICATE-----