Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/807be8c9-5c24-40a1-b6d3-1cf2dda470ff.roa
File:                     807be8c9-5c24-40a1-b6d3-1cf2dda470ff.roa (raw, json)
Hash identifier:          LjBO/tj4y3l5oUbmqvGsDcYPvVR0q6AoOWShY81mbAs=
Subject key identifier:   9B:64:3F:F6:16:F5:13:7B:F2:30:96:E4:CB:A9:22:1C:09:76:D3:50
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       26FA5841BDF51AEA1C77A4B3158435469AAEEE86
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/807be8c9-5c24-40a1-b6d3-1cf2dda470ff.roa
Signing time:             Thu 02 Nov 2023 00:00:00 +0000
ROA not before:           Thu 02 Nov 2023 00:00:00 +0000
ROA not after:            Thu 07 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:fa:58:41:bd:f5:1a:ea:1c:77:a4:b3:15:84:35:46:9a:ae:ee:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  2 00:00:00 2023 GMT
            Not After : Dec  7 23:59:59 2023 GMT
        Subject: serialNumber=07324ee65e2bd7f79eb9c5234b2359ab5990c26786c91d3b6ddb7122e505d46c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:5e:45:d6:b9:0f:a1:aa:aa:7a:9a:57:8f:07:
                    72:e0:c7:3f:5b:54:13:9e:4e:ec:27:45:82:25:9c:
                    6c:19:20:34:f3:79:f0:26:d4:6e:3a:f7:1f:13:5b:
                    ad:5d:aa:95:27:ff:32:6a:75:2f:2a:aa:23:36:04:
                    40:21:c5:7c:95:ae:61:bb:ff:1f:bc:49:31:6f:09:
                    ad:04:fb:ad:6f:3a:9c:4a:94:5b:e3:d1:94:2b:e4:
                    4f:90:66:e6:72:1b:91:40:b3:14:48:6a:b9:06:cf:
                    dc:a5:56:20:8c:5e:7b:c5:de:6a:7c:60:7d:43:8c:
                    b8:56:59:e5:f4:e3:50:c1:c3:96:7b:35:74:6c:5f:
                    1d:ef:d3:95:33:0a:dd:f7:f2:45:8a:01:c5:e4:fb:
                    16:59:64:26:e8:5f:49:ac:99:76:5d:0c:1b:63:24:
                    51:5a:3b:ac:a0:54:0d:9c:8b:ba:46:19:7f:63:c7:
                    80:f4:cd:9a:dc:d6:87:e5:db:00:3d:a2:68:71:73:
                    2a:1e:d3:1e:41:9d:45:39:b3:b1:4a:f3:d3:d6:76:
                    ba:34:5b:61:57:d8:c6:30:47:72:8f:a1:dc:9f:cd:
                    dc:8b:af:19:86:90:eb:76:66:f8:32:cd:49:0e:cc:
                    c6:11:5a:44:e5:77:04:45:6a:04:91:ed:ea:84:5a:
                    bc:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:64:3F:F6:16:F5:13:7B:F2:30:96:E4:CB:A9:22:1C:09:76:D3:50
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/807be8c9-5c24-40a1-b6d3-1cf2dda470ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:1e:86:fc:68:bf:53:1a:f6:b0:2e:23:ff:f6:87:59:17:f3:
         7d:35:22:dc:49:ba:4d:48:df:20:03:39:dd:d0:fb:a5:18:1b:
         4e:9d:f1:eb:9e:b5:3f:89:dc:ea:fc:0e:b3:4c:6c:ba:60:28:
         35:86:3f:b6:2c:79:a1:55:0e:19:d6:10:25:cb:bb:38:2d:19:
         4f:77:98:b7:04:6e:fc:75:19:cb:8a:fd:ab:41:13:00:39:61:
         26:f3:86:07:f3:e3:78:dd:ba:15:3e:9a:ad:4c:39:61:da:10:
         fa:79:9d:a7:a4:8a:ee:a3:1f:c1:5e:d7:73:58:47:d2:ab:b1:
         b3:fb:28:c8:0f:7e:88:68:a4:91:15:8a:27:a0:4d:a6:c2:44:
         42:45:35:eb:c3:e1:b0:18:73:85:92:d6:11:06:bf:af:9e:c8:
         7c:6f:23:d4:4c:48:6a:1d:e2:0f:d1:ea:ee:99:20:79:68:e2:
         ef:5e:67:2d:49:c6:27:2a:a9:7b:ef:7b:e7:df:6c:ec:61:33:
         41:bc:96:b3:13:0c:0a:6e:7b:59:10:f5:e8:5c:a5:87:d7:19:
         d9:c6:98:2f:f9:ee:9b:c7:90:75:3a:2c:70:82:28:85:98:4b:
         82:eb:c0:79:fe:ac:f6:aa:3a:9b:fe:15:f5:3f:60:b7:aa:63:
         32:20:e2:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJvpYQb31Guocd6SzFYQ1Rpqu7oYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTAyMDAwMDAwWhcNMjMxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzMyNGVlNjVlMmJkN2Y3OWViOWM1MjM0YjIzNTlhYjU5
OTBjMjY3ODZjOTFkM2I2ZGRiNzEyMmU1MDVkNDZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQXkXWuQ+hqqp6mlePB3Lgxz9bVBOeTuwnRYIlnGwZIDTz
efAm1G469x8TW61dqpUn/zJqdS8qqiM2BEAhxXyVrmG7/x+8STFvCa0E+61vOpxK
lFvj0ZQr5E+QZuZyG5FAsxRIarkGz9ylViCMXnvF3mp8YH1DjLhWWeX041DBw5Z7
NXRsXx3v05UzCt338kWKAcXk+xZZZCboX0msmXZdDBtjJFFaO6ygVA2ci7pGGX9j
x4D0zZrc1ofl2wA9omhxcyoe0x5BnUU5s7FK89PWdro0W2FX2MYwR3KPodyfzdyL
rxmGkOt2ZvgyzUkOzMYRWkTldwRFagSR7eqEWrw7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUm2Q/9hb1E3vyMJbky6kiHAl201AwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgwN2JlOGM5LTVjMjQtNDBhMS1iNmQzLTFjZjJkZGE0NzBmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAYehvxov1Ma9rAuI//2h1kX8301
ItxJuk1I3yADOd3Q+6UYG06d8euetT+J3Or8DrNMbLpgKDWGP7YseaFVDhnWECXL
uzgtGU93mLcEbvx1GcuK/atBEwA5YSbzhgfz43jduhU+mq1MOWHaEPp5naekiu6j
H8Fe13NYR9KrsbP7KMgPfohopJEViiegTabCREJFNevD4bAYc4WS1hEGv6+eyHxv
I9RMSGod4g/R6u6ZIHlo4u9eZy1JxicqqXvve+ffbOxhM0G8lrMTDApue1kQ9ehc
pYfXGdnGmC/57pvHkHU6LHCCKIWYS4LrwHn+rPaqOpv+FfU/YLeqYzIg4sQ=
-----END CERTIFICATE-----