Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8ba26b07-d820-4484-84c2-1b972a1bd01b.roa
File:                     8ba26b07-d820-4484-84c2-1b972a1bd01b.roa (raw, json)
Hash identifier:          gWpFCBC+MoGaurnuaIh2ZQEVQ2HvvkdSgGuNWaE+y0I=
Subject key identifier:   5A:FA:10:DC:AA:52:A0:B9:4F:DD:42:6A:A0:69:B0:13:3C:62:35:82
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       77698C1E89439E2DDAC72CB00103636C25232846
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8ba26b07-d820-4484-84c2-1b972a1bd01b.roa
Signing time:             Sun 13 Aug 2023 00:00:00 +0000
ROA not before:           Sun 13 Aug 2023 00:00:00 +0000
ROA not after:            Sun 17 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:69:8c:1e:89:43:9e:2d:da:c7:2c:b0:01:03:63:6c:25:23:28:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 13 00:00:00 2023 GMT
            Not After : Sep 17 23:59:59 2023 GMT
        Subject: serialNumber=478831ab08a08631730887e1dd13d951c6c4842b1cdaf0d7bbfc078677cea017, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:bc:3d:a5:23:fa:6c:c3:f5:37:81:cc:80:6b:
                    46:49:9b:af:71:94:9e:58:1b:d5:c3:50:b7:c1:c8:
                    86:42:dc:90:76:06:05:ad:94:08:f5:cc:d9:5d:95:
                    27:4b:16:07:9e:1d:c9:ee:f2:bb:fc:e3:e0:b0:e8:
                    65:39:76:e3:e8:43:54:9f:e2:17:df:88:90:1d:f1:
                    05:57:c0:b6:40:d8:a2:11:cd:69:0c:8d:2a:c2:05:
                    fa:35:1b:ea:60:93:96:3e:fc:f3:f4:88:30:58:f4:
                    26:71:8d:a5:d7:87:88:2e:e1:b4:ee:22:e3:97:9a:
                    2b:cf:9f:96:13:29:f8:5b:f7:66:50:52:b1:3b:9e:
                    d4:4d:33:77:49:74:55:2b:13:2f:9e:fa:f6:3d:77:
                    45:53:fc:f3:31:61:b3:2e:c8:9b:d4:13:d4:50:59:
                    f6:91:06:43:02:1e:08:a8:7f:f1:ed:9c:57:f2:d0:
                    c2:00:57:34:f8:1a:2a:15:0c:00:66:a1:6b:2d:33:
                    5d:60:7c:cb:5c:53:90:e4:2c:dd:76:ce:d7:b6:52:
                    cd:7d:b2:3d:0b:bf:e7:d4:8e:41:60:02:89:9d:8d:
                    ee:d0:ea:64:a0:41:6e:13:91:f0:7f:62:37:51:bb:
                    3a:43:0c:c3:f2:c2:70:62:89:1d:b6:13:91:15:c8:
                    80:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:FA:10:DC:AA:52:A0:B9:4F:DD:42:6A:A0:69:B0:13:3C:62:35:82
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8ba26b07-d820-4484-84c2-1b972a1bd01b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:15:26:90:37:00:24:e1:1f:5a:c8:22:e4:7a:4a:fe:1f:8b:
         65:46:52:c5:e8:10:3a:84:a0:b7:27:35:3e:a0:eb:56:1d:de:
         7d:c3:35:70:a2:39:59:1d:e9:9e:b2:06:7a:f6:00:b4:74:9c:
         c5:2e:03:ff:f0:a5:36:92:dd:1e:13:22:b2:c5:b6:db:81:9f:
         85:04:9b:1b:74:34:6b:9b:21:62:0e:4c:a2:b6:6e:28:e9:4d:
         42:61:ee:50:36:9c:63:52:52:eb:6f:28:4c:80:25:0f:24:67:
         4b:53:8e:f2:14:4e:5a:23:65:9c:46:e9:75:18:d7:ba:27:24:
         ca:77:fe:d2:7b:1d:b2:46:4f:d6:62:99:ec:f1:00:a8:95:88:
         07:60:cf:f6:ab:3b:76:01:ee:28:d8:b1:e5:45:dd:0f:a5:88:
         40:c2:31:bc:6d:7e:a3:60:b4:bc:5d:7c:7f:27:a9:73:b4:3c:
         de:37:b8:a2:28:a7:23:5c:e1:c9:29:0e:2f:9e:cb:23:bd:05:
         7b:c2:d5:9c:3e:5d:fb:95:b9:1f:41:51:08:14:c4:04:d1:67:
         b7:7d:13:97:7e:fe:54:63:b1:3b:14:de:f0:12:6d:bc:7f:55:
         10:71:ad:60:bd:6c:29:d4:d4:ba:f0:95:ab:46:42:37:33:63:
         6e:72:23:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd2mMHolDni3axyywAQNjbCUjKEYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODEzMDAwMDAwWhcNMjMwOTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Nzg4MzFhYjA4YTA4NjMxNzMwODg3ZTFkZDEzZDk1MWM2
YzQ4NDJiMWNkYWYwZDdiYmZjMDc4Njc3Y2VhMDE3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYvD2lI/psw/U3gcyAa0ZJm69xlJ5YG9XDULfByIZC3JB2
BgWtlAj1zNldlSdLFgeeHcnu8rv84+Cw6GU5duPoQ1Sf4hffiJAd8QVXwLZA2KIR
zWkMjSrCBfo1G+pgk5Y+/PP0iDBY9CZxjaXXh4gu4bTuIuOXmivPn5YTKfhb92ZQ
UrE7ntRNM3dJdFUrEy+e+vY9d0VT/PMxYbMuyJvUE9RQWfaRBkMCHgiof/HtnFfy
0MIAVzT4GioVDABmoWstM11gfMtcU5DkLN12zte2Us19sj0Lv+fUjkFgAomdje7Q
6mSgQW4TkfB/YjdRuzpDDMPywnBiiR22E5EVyIDJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWvoQ3KpSoLlP3UJqoGmwEzxiNYIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhiYTI2YjA3LWQ4MjAtNDQ4NC04NGMyLTFiOTcyYTFiZDAxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIYVJpA3ACThH1rIIuR6Sv4fi2VG
UsXoEDqEoLcnNT6g61Yd3n3DNXCiOVkd6Z6yBnr2ALR0nMUuA//wpTaS3R4TIrLF
ttuBn4UEmxt0NGubIWIOTKK2bijpTUJh7lA2nGNSUutvKEyAJQ8kZ0tTjvIUTloj
ZZxG6XUY17onJMp3/tJ7HbJGT9ZimezxAKiViAdgz/arO3YB7ijYseVF3Q+liEDC
MbxtfqNgtLxdfH8nqXO0PN43uKIopyNc4ckpDi+eyyO9BXvC1Zw+XfuVuR9BUQgU
xATRZ7d9E5d+/lRjsTsU3vASbbx/VRBxrWC9bCnU1LrwlatGQjczY25yIxk=
-----END CERTIFICATE-----