Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/825960e8-49d1-4015-a7b4-7717052399aa.roa
File:                     825960e8-49d1-4015-a7b4-7717052399aa.roa (raw, json)
Hash identifier:          I5YvxHZJ+y2b6sVJxKaVuXv1omTm8AyaDzEGYf67SbM=
Subject key identifier:   A8:F8:77:0F:34:65:98:CE:6A:8D:EB:EC:CB:F1:45:27:EA:1C:FD:44
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       59BCE673FB6958BDD87FEC6C3551671585245DCE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/825960e8-49d1-4015-a7b4-7717052399aa.roa
Signing time:             Fri 11 Aug 2023 00:00:00 +0000
ROA not before:           Fri 11 Aug 2023 00:00:00 +0000
ROA not after:            Fri 15 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:bc:e6:73:fb:69:58:bd:d8:7f:ec:6c:35:51:67:15:85:24:5d:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 11 00:00:00 2023 GMT
            Not After : Sep 15 23:59:59 2023 GMT
        Subject: serialNumber=8970004783ce6d0eaf7c7555b16239d570f30748a0d22062950a58211037729a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7a:83:82:16:87:a8:77:e5:b2:f1:81:e1:3c:
                    0d:0e:ab:03:7a:2c:3e:c2:5c:1f:59:c7:c2:6f:62:
                    d5:b8:47:0a:d9:87:93:0d:24:6f:4c:08:b0:90:b6:
                    45:4a:02:79:0d:65:65:b9:90:9f:09:ac:60:93:71:
                    85:5c:22:e1:96:6c:d1:63:14:60:b1:10:a1:70:a6:
                    5a:5c:29:f0:8b:b3:04:1c:3a:13:f1:fd:52:27:5c:
                    de:c8:40:e4:c4:32:68:89:0e:64:3a:95:1e:e8:53:
                    cd:66:8d:34:5c:4d:80:27:2c:4e:be:75:bb:0b:f5:
                    57:e6:b6:7c:fc:34:29:4e:91:13:54:2a:0d:cc:11:
                    2b:5b:d0:33:f9:2b:6e:4e:ca:fa:47:0b:b0:1e:da:
                    ce:c7:bb:42:fb:05:58:af:0a:12:9a:40:3a:d5:f9:
                    aa:b8:c3:17:a4:86:d7:d7:e9:6d:2d:24:e3:4e:6a:
                    e0:8b:40:8f:8c:74:1a:3b:ac:85:17:e5:e1:5f:e1:
                    53:38:89:db:63:fa:19:4a:23:28:bd:9b:5a:c0:05:
                    9f:0c:52:25:65:a9:db:93:35:41:29:a4:fe:c0:a0:
                    9a:11:3f:97:a2:25:1b:4d:2f:4b:75:76:87:a3:4f:
                    aa:16:5d:ad:5a:dd:a0:61:30:be:5e:93:c5:0c:cf:
                    ae:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:F8:77:0F:34:65:98:CE:6A:8D:EB:EC:CB:F1:45:27:EA:1C:FD:44
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/825960e8-49d1-4015-a7b4-7717052399aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:96:38:9f:22:90:69:59:e7:6d:21:b5:c5:cd:7d:22:50:60:
         4c:6b:70:b7:80:66:d7:62:d4:fe:71:eb:31:51:a7:00:59:7f:
         b3:11:0b:48:e8:85:28:37:2b:f6:3a:08:c9:0f:c3:1a:40:7e:
         90:40:bf:bf:23:f6:f5:12:95:d6:3a:76:59:17:0c:52:38:81:
         f9:a6:17:0e:92:4d:27:10:6c:4d:17:54:22:cb:42:cc:ed:60:
         ad:18:40:28:83:e0:5b:ce:1e:ea:1a:99:d9:23:bb:33:1d:56:
         b1:1e:74:dd:66:40:8e:87:b4:b1:42:49:d9:4b:e4:e7:d0:51:
         29:55:c4:a0:a4:8a:97:01:5d:72:57:8c:6c:a7:54:8d:86:6d:
         64:80:9a:bd:96:27:c0:92:46:80:15:75:7a:aa:b0:e7:17:f9:
         50:51:dc:a5:9c:b6:6c:ec:c4:b7:f7:79:74:8a:45:86:19:b1:
         7b:d3:dd:51:ee:08:29:aa:0f:d9:00:29:c7:87:c8:87:f8:aa:
         57:9d:b3:3b:f7:10:fc:d4:cf:ec:c2:f7:25:ff:48:11:52:fc:
         38:cb:e5:d0:0c:0c:c5:90:10:ac:ed:62:fc:3a:ad:d5:11:4c:
         4b:1c:96:12:90:07:eb:ab:70:c1:eb:f7:d5:4b:2d:b0:be:cd:
         4f:df:67:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWbzmc/tpWL3Yf+xsNVFnFYUkXc4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODExMDAwMDAwWhcNMjMwOTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OTcwMDA0NzgzY2U2ZDBlYWY3Yzc1NTViMTYyMzlkNTcw
ZjMwNzQ4YTBkMjIwNjI5NTBhNTgyMTEwMzc3MjlhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdeoOCFoeod+Wy8YHhPA0OqwN6LD7CXB9Zx8JvYtW4RwrZ
h5MNJG9MCLCQtkVKAnkNZWW5kJ8JrGCTcYVcIuGWbNFjFGCxEKFwplpcKfCLswQc
OhPx/VInXN7IQOTEMmiJDmQ6lR7oU81mjTRcTYAnLE6+dbsL9Vfmtnz8NClOkRNU
Kg3MEStb0DP5K25OyvpHC7Ae2s7Hu0L7BVivChKaQDrV+aq4wxekhtfX6W0tJONO
auCLQI+MdBo7rIUX5eFf4VM4idtj+hlKIyi9m1rABZ8MUiVlqduTNUEppP7AoJoR
P5eiJRtNL0t1doejT6oWXa1a3aBhML5ek8UMz64RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqPh3DzRlmM5qjevsy/FFJ+oc/UQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyNTk2MGU4LTQ5ZDEtNDAxNS1hN2I0LTc3MTcwNTIzOTlhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKqWOJ8ikGlZ520htcXNfSJQYExr
cLeAZtdi1P5x6zFRpwBZf7MRC0johSg3K/Y6CMkPwxpAfpBAv78j9vUSldY6dlkX
DFI4gfmmFw6STScQbE0XVCLLQsztYK0YQCiD4FvOHuoamdkjuzMdVrEedN1mQI6H
tLFCSdlL5OfQUSlVxKCkipcBXXJXjGynVI2GbWSAmr2WJ8CSRoAVdXqqsOcX+VBR
3KWctmzsxLf3eXSKRYYZsXvT3VHuCCmqD9kAKceHyIf4qledszv3EPzUz+zC9yX/
SBFS/DjL5dAMDMWQEKztYvw6rdURTEsclhKQB+urcMHr99VLLbC+zU/fZ+o=
-----END CERTIFICATE-----