Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dd0ec29-1eef-4d97-a734-933f8ca67f42.roa
File:                     7dd0ec29-1eef-4d97-a734-933f8ca67f42.roa (raw, json)
Hash identifier:          4V5JHas6sW/I/00iYguawRnmbZSELq9Mgll2D1UOnYw=
Subject key identifier:   2B:61:8F:63:2F:93:D1:19:B9:3A:8E:8E:B0:50:A4:AB:45:1F:C7:C3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       70549CB367047D14D2AE82601E86A78D5D2D2ECB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dd0ec29-1eef-4d97-a734-933f8ca67f42.roa
Signing time:             Thu 02 Nov 2023 00:00:00 +0000
ROA not before:           Thu 02 Nov 2023 00:00:00 +0000
ROA not after:            Thu 07 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:54:9c:b3:67:04:7d:14:d2:ae:82:60:1e:86:a7:8d:5d:2d:2e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  2 00:00:00 2023 GMT
            Not After : Dec  7 23:59:59 2023 GMT
        Subject: serialNumber=1bf4f6a7876152186655ab042585b9a49fabd84acba39ed45633eecd29f592c9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:7a:4f:a5:e7:62:c8:0f:38:86:7e:8d:a4:3a:
                    33:b2:ae:da:59:c4:ab:ee:61:10:8b:28:53:0b:94:
                    b1:c9:92:86:a6:8b:17:61:a8:96:5d:77:16:b2:63:
                    06:f6:1b:02:8e:b0:bb:a5:1c:1c:a4:fb:bd:a9:ce:
                    39:93:46:78:46:6d:c9:f1:1c:52:0f:3d:2d:76:17:
                    b7:fa:fb:03:19:22:be:01:46:de:cc:08:46:f1:93:
                    58:31:49:0e:c4:d1:65:a8:5e:e4:f0:7d:00:29:ac:
                    1f:ae:23:4a:cf:6a:10:31:08:7d:ae:b4:8e:c4:6e:
                    01:2c:9c:72:24:50:35:cc:84:0e:b2:48:94:cb:15:
                    8b:42:48:8e:09:b0:fe:b2:75:8c:59:97:f4:c3:f4:
                    1a:7d:99:0c:b1:02:f2:de:e1:8d:2c:43:41:43:ed:
                    2b:88:0c:bd:9c:52:d9:24:7e:1e:b9:71:3f:23:d6:
                    e0:5e:ff:35:bf:55:52:b4:39:a9:13:ba:09:99:e0:
                    43:22:c2:6d:b1:64:f9:d5:8d:0c:7f:a8:b8:a0:c4:
                    d5:2a:08:96:34:ad:f3:9f:b9:54:fb:d4:79:1b:03:
                    02:ec:b8:fa:4a:4f:ad:f2:9c:bb:36:93:00:e2:5d:
                    0f:2b:03:02:e0:13:1a:f2:f8:7c:b8:0f:4a:f9:b7:
                    4c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:61:8F:63:2F:93:D1:19:B9:3A:8E:8E:B0:50:A4:AB:45:1F:C7:C3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dd0ec29-1eef-4d97-a734-933f8ca67f42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:91:11:8a:f9:98:6a:68:5e:6a:6f:12:e2:09:aa:0a:3e:5b:
         91:2a:3f:ab:f0:1e:de:64:7a:80:32:47:87:45:8d:f1:a2:f1:
         ac:2b:90:33:0f:fa:2e:f8:48:8f:70:5e:59:31:81:b6:74:ce:
         2c:df:21:f0:5e:7f:a4:95:a8:a1:a2:ea:e0:14:c9:83:56:55:
         a1:1a:a3:63:8f:1d:e6:1b:73:53:b5:c3:0c:53:70:3d:20:4c:
         ac:93:5f:da:de:5f:f4:cb:79:c5:94:cc:97:f2:7e:f7:b3:22:
         c4:4a:0d:72:16:f3:1b:42:7b:d2:08:95:cc:2b:96:89:2f:28:
         ad:63:60:d9:08:ef:5e:bb:82:a7:0a:89:2c:d1:f2:bc:ed:56:
         1d:88:e9:f1:cf:ba:57:b5:cb:4b:be:9b:e3:1e:9a:96:b8:b4:
         58:ff:af:0c:39:0a:1d:e0:72:42:2b:d8:cb:4c:39:76:cb:d7:
         dd:0a:48:a8:1b:72:07:1d:ea:a4:e2:45:7f:d0:68:ca:ec:83:
         26:75:f0:46:53:ab:91:d3:2e:41:e2:e0:f6:a9:2c:67:0d:68:
         c1:e3:a9:d2:3a:41:b6:37:62:29:bd:10:dd:70:1e:38:28:f9:
         89:7f:71:5d:e2:a4:9a:9f:f3:cb:86:17:a0:94:ea:b1:f5:b6:
         57:68:f1:75
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcFScs2cEfRTSroJgHoanjV0tLsswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTAyMDAwMDAwWhcNMjMxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYmY0ZjZhNzg3NjE1MjE4NjY1NWFiMDQyNTg1YjlhNDlm
YWJkODRhY2JhMzllZDQ1NjMzZWVjZDI5ZjU5MmM5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD5ek+l52LIDziGfo2kOjOyrtpZxKvuYRCLKFMLlLHJkoam
ixdhqJZddxayYwb2GwKOsLulHByk+72pzjmTRnhGbcnxHFIPPS12F7f6+wMZIr4B
Rt7MCEbxk1gxSQ7E0WWoXuTwfQAprB+uI0rPahAxCH2utI7EbgEsnHIkUDXMhA6y
SJTLFYtCSI4JsP6ydYxZl/TD9Bp9mQyxAvLe4Y0sQ0FD7SuIDL2cUtkkfh65cT8j
1uBe/zW/VVK0OakTugmZ4EMiwm2xZPnVjQx/qLigxNUqCJY0rfOfuVT71HkbAwLs
uPpKT63ynLs2kwDiXQ8rAwLgExry+Hy4D0r5t0zLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK2GPYy+T0Rm5Oo6OsFCkq0Ufx8MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdkZDBlYzI5LTFlZWYtNGQ5Ny1hNzM0LTkzM2Y4Y2E2N2Y0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGmREYr5mGpoXmpvEuIJqgo+W5Eq
P6vwHt5keoAyR4dFjfGi8awrkDMP+i74SI9wXlkxgbZ0zizfIfBef6SVqKGi6uAU
yYNWVaEao2OPHeYbc1O1wwxTcD0gTKyTX9reX/TLecWUzJfyfvezIsRKDXIW8xtC
e9IIlcwrlokvKK1jYNkI7167gqcKiSzR8rztVh2I6fHPule1y0u+m+Mempa4tFj/
rww5Ch3gckIr2MtMOXbL190KSKgbcgcd6qTiRX/QaMrsgyZ18EZTq5HTLkHi4Pap
LGcNaMHjqdI6QbY3Yim9EN1wHjgo+Yl/cV3ipJqf88uGF6CU6rH1tldo8XU=
-----END CERTIFICATE-----