Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84fe0113-8e51-4c5b-a506-4a984816f405.roa
File:                     84fe0113-8e51-4c5b-a506-4a984816f405.roa (raw, json)
Hash identifier:          JV5wKF6eVvfIlm90otr+93mOg8MutKvemtvZNz563+0=
Subject key identifier:   99:26:29:24:BE:0A:57:C7:97:5A:42:C2:EB:A3:1E:F5:C1:6C:D3:62
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       549783B181C6580B88300638B81A892D82BAEAA4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84fe0113-8e51-4c5b-a506-4a984816f405.roa
Signing time:             Wed 15 Nov 2023 00:00:00 +0000
ROA not before:           Wed 15 Nov 2023 00:00:00 +0000
ROA not after:            Wed 20 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:97:83:b1:81:c6:58:0b:88:30:06:38:b8:1a:89:2d:82:ba:ea:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 15 00:00:00 2023 GMT
            Not After : Dec 20 23:59:59 2023 GMT
        Subject: serialNumber=82ed1074c8b18a6ab9265d51e5d3386e430ac64ba1f916b40ff25bd701449c18, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c2:a8:eb:92:c9:b0:6a:cf:13:68:0a:31:77:
                    e5:4b:09:29:75:63:6a:76:64:a9:85:ea:d7:a0:e3:
                    03:a1:e9:51:67:99:b7:5d:68:37:2f:17:6a:55:9c:
                    ff:e7:e8:a4:2f:68:cf:20:bb:7c:ba:ac:d4:be:36:
                    49:de:53:63:87:b6:2e:fc:e4:ef:5b:a2:69:eb:29:
                    e9:22:d1:50:2c:bf:de:a4:b9:6f:79:07:9d:b5:f6:
                    de:7b:8a:7a:b1:12:20:e7:d1:83:45:39:15:50:2a:
                    30:b1:27:67:70:c0:59:33:a0:2c:ac:74:07:9b:26:
                    76:82:e6:e6:bf:3a:f5:60:6b:77:28:fa:ec:bc:50:
                    73:38:7a:17:d5:73:cb:be:8b:50:bc:57:a4:b6:19:
                    56:1a:f1:28:e3:5b:80:c3:ff:02:35:67:df:f3:23:
                    b0:dc:43:cd:18:a4:42:ba:96:4b:3a:0d:18:4f:eb:
                    59:50:db:c1:0b:d5:08:86:f5:0d:12:46:75:f7:39:
                    2a:f3:7c:9f:21:01:35:a3:84:54:ff:b0:52:a5:4c:
                    b6:b1:c9:90:d2:77:6b:d3:1a:f7:a5:e7:71:d3:7d:
                    6c:ad:41:f3:32:28:de:a0:5a:52:02:3f:53:d3:d1:
                    96:f4:a7:d6:ff:d3:f2:0a:96:28:ea:d6:aa:48:9b:
                    0d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:26:29:24:BE:0A:57:C7:97:5A:42:C2:EB:A3:1E:F5:C1:6C:D3:62
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84fe0113-8e51-4c5b-a506-4a984816f405.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:1f:c9:d6:64:a0:70:11:3a:e8:60:13:e4:fb:54:4c:32:16:
         12:c2:01:d9:eb:36:f7:64:87:17:da:be:83:89:67:1d:87:c8:
         51:02:f7:b7:7a:b8:82:4b:79:85:47:bf:fc:ed:5d:a8:bb:3b:
         66:24:01:b3:5e:5e:10:88:21:e2:02:ad:c1:91:48:7f:a2:38:
         ef:38:67:94:ec:ab:52:1d:17:a1:1c:3a:89:8f:35:50:fe:3b:
         9c:83:45:bf:81:69:f1:a5:a4:53:fd:a3:ce:22:15:82:62:b4:
         f0:4c:6b:cf:fb:44:16:6a:51:ad:31:98:67:9c:5c:82:c6:52:
         72:b5:78:48:d5:ed:95:4c:0a:02:3f:f4:f2:a9:31:f4:f3:97:
         4b:3d:09:6d:da:3e:89:3b:26:b2:d9:9d:38:ea:97:ea:dc:5b:
         61:b3:5a:66:f9:6e:ba:d2:a6:11:b4:b1:b0:e1:dd:8d:59:04:
         b0:34:7d:00:a6:d2:ab:18:93:3d:69:bb:9f:73:bf:86:14:1a:
         8c:f8:0e:56:89:e6:0c:08:ff:5b:09:af:a5:c6:3e:5c:83:5b:
         12:28:3c:b6:a7:ec:7c:04:99:99:6f:fd:d3:7d:6e:6d:46:06:
         d6:aa:4d:ca:45:2c:e1:e3:53:9b:b9:a2:25:90:cc:de:c9:6b:
         d2:fb:90:a5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVJeDsYHGWAuIMAY4uBqJLYK66qQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE1MDAwMDAwWhcNMjMxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MmVkMTA3NGM4YjE4YTZhYjkyNjVkNTFlNWQzMzg2ZTQz
MGFjNjRiYTFmOTE2YjQwZmYyNWJkNzAxNDQ5YzE4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClwqjrksmwas8TaAoxd+VLCSl1Y2p2ZKmF6teg4wOh6VFn
mbddaDcvF2pVnP/n6KQvaM8gu3y6rNS+NkneU2OHti785O9bomnrKeki0VAsv96k
uW95B5219t57inqxEiDn0YNFORVQKjCxJ2dwwFkzoCysdAebJnaC5ua/OvVga3co
+uy8UHM4ehfVc8u+i1C8V6S2GVYa8SjjW4DD/wI1Z9/zI7DcQ80YpEK6lks6DRhP
61lQ28EL1QiG9Q0SRnX3OSrzfJ8hATWjhFT/sFKlTLaxyZDSd2vTGvel53HTfWyt
QfMyKN6gWlICP1PT0Zb0p9b/0/IKlijq1qpImw0pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmSYpJL4KV8eXWkLC66Me9cFs02IwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg0ZmUwMTEzLThlNTEtNGM1Yi1hNTA2LTRhOTg0ODE2ZjQwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAE4fydZkoHAROuhgE+T7VEwyFhLC
AdnrNvdkhxfavoOJZx2HyFEC97d6uIJLeYVHv/ztXai7O2YkAbNeXhCIIeICrcGR
SH+iOO84Z5Tsq1IdF6EcOomPNVD+O5yDRb+BafGlpFP9o84iFYJitPBMa8/7RBZq
Ua0xmGecXILGUnK1eEjV7ZVMCgI/9PKpMfTzl0s9CW3aPok7JrLZnTjql+rcW2Gz
Wmb5brrSphG0sbDh3Y1ZBLA0fQCm0qsYkz1pu59zv4YUGoz4DlaJ5gwI/1sJr6XG
PlyDWxIoPLan7HwEmZlv/dN9bm1GBtaqTcpFLOHjU5u5oiWQzN7Ja9L7kKU=
-----END CERTIFICATE-----