Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8a92a31e-01c3-48d8-bf3a-b176f9c35a83.roa
File:                     8a92a31e-01c3-48d8-bf3a-b176f9c35a83.roa (raw, json)
Hash identifier:          zHNcc7zRDZ9djvE/ju1XDY2q8j9OfkdFPaQ6QaFVOKE=
Subject key identifier:   50:3E:D8:46:B1:5E:02:22:FE:E0:47:A9:E8:04:A6:97:85:55:92:A9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2BD6D74F1ADE9B1466C3151C3808C2B011EA4A4B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8a92a31e-01c3-48d8-bf3a-b176f9c35a83.roa
Signing time:             Thu 15 Jun 2023 00:00:00 +0000
ROA not before:           Thu 15 Jun 2023 00:00:00 +0000
ROA not after:            Thu 20 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:d6:d7:4f:1a:de:9b:14:66:c3:15:1c:38:08:c2:b0:11:ea:4a:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 15 00:00:00 2023 GMT
            Not After : Jul 20 23:59:59 2023 GMT
        Subject: serialNumber=914dd8a5365865b1e2e24603efeef6fa9d817f8cce0296a39be49d115de2e494, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ea:56:35:59:97:c3:02:39:b9:c6:2e:61:a9:
                    d0:3a:10:c2:42:4d:b8:ac:19:44:c6:98:51:49:67:
                    e5:9e:16:65:13:d4:64:3f:4d:9f:44:11:88:c3:17:
                    b2:17:85:f7:32:dd:5d:66:4c:94:1a:cb:24:53:ed:
                    b5:bc:0a:c3:18:1b:ba:69:6b:a4:1f:48:86:ac:67:
                    98:86:7d:a5:67:21:b0:61:3c:e1:3f:95:61:af:b2:
                    b8:7f:3c:29:c6:45:84:4b:39:ca:61:ad:f8:3e:e8:
                    b8:4a:72:ca:76:68:10:b1:1b:90:84:27:f3:b4:95:
                    ee:18:2a:b6:de:fc:2f:06:21:c4:a5:01:8c:b8:5d:
                    df:e3:02:92:7d:a5:da:64:21:e0:a7:96:6e:3a:bc:
                    e7:45:ce:98:d3:78:ca:c1:f6:98:bd:62:6c:c3:60:
                    13:fb:f5:05:24:d9:eb:53:66:4f:40:15:62:9c:27:
                    18:9f:99:50:09:94:bd:11:20:d3:7f:73:83:ce:c1:
                    81:3d:0a:be:08:7c:88:ef:15:56:76:a2:b3:82:f4:
                    ec:cb:18:74:55:26:48:92:a8:3e:01:e4:59:46:63:
                    18:88:19:73:55:7a:d1:ae:ce:69:8f:d9:d9:5e:4c:
                    3d:49:d6:d3:f6:d2:bb:de:80:0f:9b:5a:b4:94:7e:
                    ee:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:3E:D8:46:B1:5E:02:22:FE:E0:47:A9:E8:04:A6:97:85:55:92:A9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8a92a31e-01c3-48d8-bf3a-b176f9c35a83.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:61:72:d8:97:e4:3c:d0:45:3f:68:c7:1b:ff:39:61:60:e8:
         5e:94:50:bd:f3:d7:0b:31:ca:27:bb:80:2f:b3:36:fa:99:72:
         4f:5d:ae:dd:52:e1:48:46:21:8e:55:c8:1d:c5:44:fe:7a:f9:
         0f:dd:b0:14:de:01:c4:98:34:d3:46:84:bf:5b:72:3d:e2:ff:
         6f:4b:c6:82:4d:f2:3c:8f:84:15:06:54:1c:62:0e:22:24:a8:
         d0:d6:08:b9:ab:22:d3:87:8a:02:a4:0a:9d:44:98:3f:7e:25:
         02:d8:96:99:4a:02:ad:90:b5:7d:3f:5e:a1:96:ca:23:17:c7:
         57:03:4e:f8:ce:45:d3:5c:23:e0:19:f8:b0:0e:eb:eb:f0:4e:
         a3:ea:95:a3:87:f8:d7:ed:03:c5:bd:0a:1f:84:fd:cf:93:89:
         ae:cb:1b:71:81:a4:93:a1:13:46:7e:3b:cb:54:27:c5:3e:95:
         1c:4d:4e:a4:4a:9b:4d:ae:86:8e:02:6d:39:b2:76:23:83:e7:
         c0:cb:cf:3d:1c:52:c7:5e:dd:78:c8:f0:24:9e:b0:ec:7d:e8:
         62:71:cc:6d:30:c2:01:82:3a:49:41:85:f8:21:29:2f:ba:3d:
         5f:26:f2:46:c3:c2:79:62:53:65:fc:cc:49:c1:28:a3:a1:df:
         2d:33:0e:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK9bXTxremxRmwxUcOAjCsBHqSkswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjE1MDAwMDAwWhcNMjMwNzIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MTRkZDhhNTM2NTg2NWIxZTJlMjQ2MDNlZmVlZjZmYTlk
ODE3ZjhjY2UwMjk2YTM5YmU0OWQxMTVkZTJlNDk0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCI6lY1WZfDAjm5xi5hqdA6EMJCTbisGUTGmFFJZ+WeFmUT
1GQ/TZ9EEYjDF7IXhfcy3V1mTJQayyRT7bW8CsMYG7ppa6QfSIasZ5iGfaVnIbBh
POE/lWGvsrh/PCnGRYRLOcphrfg+6LhKcsp2aBCxG5CEJ/O0le4YKrbe/C8GIcSl
AYy4Xd/jApJ9pdpkIeCnlm46vOdFzpjTeMrB9pi9YmzDYBP79QUk2etTZk9AFWKc
JxifmVAJlL0RINN/c4POwYE9Cr4IfIjvFVZ2orOC9OzLGHRVJkiSqD4B5FlGYxiI
GXNVetGuzmmP2dleTD1J1tP20rvegA+bWrSUfu6BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUD7YRrFeAiL+4Eep6ASml4VVkqkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhhOTJhMzFlLTAxYzMtNDhkOC1iZjNhLWIxNzZmOWMzNWE4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFBhctiX5DzQRT9oxxv/OWFg6F6U
UL3z1wsxyie7gC+zNvqZck9drt1S4UhGIY5VyB3FRP56+Q/dsBTeAcSYNNNGhL9b
cj3i/29LxoJN8jyPhBUGVBxiDiIkqNDWCLmrItOHigKkCp1EmD9+JQLYlplKAq2Q
tX0/XqGWyiMXx1cDTvjORdNcI+AZ+LAO6+vwTqPqlaOH+NftA8W9Ch+E/c+Tia7L
G3GBpJOhE0Z+O8tUJ8U+lRxNTqRKm02uho4CbTmydiOD58DLzz0cUsde3XjI8CSe
sOx96GJxzG0wwgGCOklBhfghKS+6PV8m8kbDwnliU2X8zEnBKKOh3y0zDlo=
-----END CERTIFICATE-----