Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8196d683-4c2a-4470-a769-2425db920768.roa
File:                     8196d683-4c2a-4470-a769-2425db920768.roa (raw, json)
Hash identifier:          NDons6ZxVr9p7CSiQFpkFmwgjBudeCSNd5cny4EhVvM=
Subject key identifier:   B4:F9:2F:43:C7:BA:F8:64:4E:E5:C9:53:80:AF:73:1D:7F:FF:68:41
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3B94A0F8F5DBC60D376CB2A09121FE03B6E2796A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8196d683-4c2a-4470-a769-2425db920768.roa
Signing time:             Fri 08 Dec 2023 00:00:00 +0000
ROA not before:           Fri 08 Dec 2023 00:00:00 +0000
ROA not after:            Fri 12 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:94:a0:f8:f5:db:c6:0d:37:6c:b2:a0:91:21:fe:03:b6:e2:79:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  8 00:00:00 2023 GMT
            Not After : Jan 12 23:59:59 2024 GMT
        Subject: serialNumber=5777492f6b1afb689f68db6bcc8a8d9ad4dae74e3f82701348b4877f9ca9097f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:69:b5:65:69:9f:ec:39:56:87:b3:5b:45:a2:
                    b0:77:53:35:7a:ef:77:3f:45:12:f6:d6:3a:7a:64:
                    30:6f:b1:dd:bb:c1:c6:3f:e0:66:42:56:18:08:15:
                    57:88:cc:b3:d6:53:44:0c:0e:68:f0:d1:3c:08:af:
                    ea:74:44:ce:9e:3d:cb:eb:a2:ee:8d:84:21:8f:d5:
                    18:2a:fe:59:b3:48:b8:07:22:58:86:4e:7a:2b:eb:
                    fd:e7:db:4b:f6:aa:19:66:7b:92:5f:87:78:f0:6e:
                    55:26:18:e4:bb:28:0d:9d:00:1b:63:18:82:90:54:
                    36:69:a2:cb:65:84:f9:82:41:7c:64:d8:00:67:00:
                    65:b3:13:47:04:23:cb:e4:50:d3:8b:23:39:33:9f:
                    d9:f4:3d:df:41:89:8e:0d:23:a8:62:09:f8:6a:53:
                    11:61:b2:f3:f2:e2:c8:ec:b7:64:48:e1:65:4f:60:
                    75:a2:66:d7:10:d6:97:2d:9b:71:76:13:e3:d5:18:
                    43:fc:e0:04:5d:70:e3:20:36:7e:27:70:3e:7c:af:
                    8f:88:04:58:7a:28:29:6c:e8:fa:b8:d8:c1:de:6f:
                    28:e2:33:8e:4e:23:ff:0a:cc:f3:63:4f:d8:7f:e8:
                    d1:76:34:b1:b7:b8:ee:37:a8:56:51:48:c6:02:d9:
                    e5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F9:2F:43:C7:BA:F8:64:4E:E5:C9:53:80:AF:73:1D:7F:FF:68:41
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8196d683-4c2a-4470-a769-2425db920768.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:ba:53:6f:76:65:de:eb:78:49:30:94:30:4b:1f:a3:5d:fd:
         6f:1d:d8:32:7e:71:1e:2a:7f:d3:fa:27:a8:7c:e1:a0:f7:b4:
         d2:42:c1:21:83:cf:60:a4:cc:87:92:db:f6:3a:55:05:fa:83:
         d8:78:a0:09:da:36:c7:79:98:28:71:0d:9b:0b:bf:25:66:85:
         e7:87:ba:04:f9:b5:b8:cf:2a:d2:6a:22:26:55:83:ad:2c:eb:
         bf:4c:3f:e0:4f:92:0a:19:f0:6b:04:ce:74:23:e0:ea:e4:85:
         dd:84:ed:22:43:4a:58:32:16:76:4c:b1:56:9e:dc:fb:23:4b:
         de:5f:bb:5f:58:0c:a0:63:56:7b:c9:4c:5e:76:e8:9c:37:f5:
         8b:e3:f2:72:b6:2a:b6:d9:46:6c:0d:ed:85:34:7a:18:1e:12:
         d2:18:3e:6c:7a:62:f2:d2:62:80:0f:cc:56:ba:62:71:38:fd:
         cc:ea:66:7e:a3:02:b7:f2:c2:2f:66:73:eb:9e:07:a3:82:6a:
         7d:ce:c9:c0:61:b0:84:96:f9:62:9f:a5:81:93:90:10:fc:7a:
         b8:21:bb:50:f3:ef:a9:fc:23:cc:ee:a4:e6:d4:ee:86:20:31:
         48:17:eb:e4:21:f2:4c:60:c2:64:05:62:c3:d0:08:7d:43:ef:
         ae:a0:9e:2b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO5Sg+PXbxg03bLKgkSH+A7bieWowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjA4MDAwMDAwWhcNMjQwMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1Nzc3NDkyZjZiMWFmYjY4OWY2OGRiNmJjYzhhOGQ5YWQ0
ZGFlNzRlM2Y4MjcwMTM0OGI0ODc3ZjljYTkwOTdmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHabVlaZ/sOVaHs1tForB3UzV673c/RRL21jp6ZDBvsd27
wcY/4GZCVhgIFVeIzLPWU0QMDmjw0TwIr+p0RM6ePcvrou6NhCGP1Rgq/lmzSLgH
IliGTnor6/3n20v2qhlme5Jfh3jwblUmGOS7KA2dABtjGIKQVDZpostlhPmCQXxk
2ABnAGWzE0cEI8vkUNOLIzkzn9n0Pd9BiY4NI6hiCfhqUxFhsvPy4sjst2RI4WVP
YHWiZtcQ1pctm3F2E+PVGEP84ARdcOMgNn4ncD58r4+IBFh6KCls6Pq42MHebyji
M45OI/8KzPNjT9h/6NF2NLG3uO43qFZRSMYC2eUbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtPkvQ8e6+GRO5clTgK9zHX//aEEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgxOTZkNjgzLTRjMmEtNDQ3MC1hNzY5LTI0MjVkYjkyMDc2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADi6U292Zd7reEkwlDBLH6Nd/W8d
2DJ+cR4qf9P6J6h84aD3tNJCwSGDz2CkzIeS2/Y6VQX6g9h4oAnaNsd5mChxDZsL
vyVmheeHugT5tbjPKtJqIiZVg60s679MP+BPkgoZ8GsEznQj4Orkhd2E7SJDSlgy
FnZMsVae3PsjS95fu19YDKBjVnvJTF526Jw39Yvj8nK2KrbZRmwN7YU0ehgeEtIY
Pmx6YvLSYoAPzFa6YnE4/czqZn6jArfywi9mc+ueB6OCan3OycBhsISW+WKfpYGT
kBD8erghu1Dz76n8I8zupObU7oYgMUgX6+Qh8kxgwmQFYsPQCH1D766gnis=
-----END CERTIFICATE-----