Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8d40f436-2d40-4f34-8a01-c267855f8f23.roa
File:                     8d40f436-2d40-4f34-8a01-c267855f8f23.roa (raw, json)
Hash identifier:          40mAuAqTB8xK5zBdl3xpo0UOlSFK+8TDp2Dgbu9h4PE=
Subject key identifier:   ED:A0:FD:D8:0E:95:A7:67:AA:8E:D0:47:52:57:7F:BB:F5:7E:DD:3E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       43288E95C094B71256FFF2818D1A5CA8993DE9D5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8d40f436-2d40-4f34-8a01-c267855f8f23.roa
Signing time:             Wed 31 Jan 2024 00:00:00 +0000
ROA not before:           Wed 31 Jan 2024 00:00:00 +0000
ROA not after:            Wed 06 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:28:8e:95:c0:94:b7:12:56:ff:f2:81:8d:1a:5c:a8:99:3d:e9:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 31 00:00:00 2024 GMT
            Not After : Mar  6 23:59:59 2024 GMT
        Subject: serialNumber=a53adbaa533086f3f0dabda80130cecb158d4db2d7dcd12fa180a07ce4d2cddc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:42:7c:d9:a9:e9:a7:d4:74:31:60:ee:2e:31:
                    9e:b5:08:5d:9d:54:ad:7d:88:a9:18:be:91:b7:11:
                    79:39:e9:8c:97:46:c5:e7:13:70:66:3b:2a:94:01:
                    e0:38:f5:13:ac:30:df:e9:1e:0d:b9:c2:f4:4b:45:
                    5b:6d:05:31:56:aa:36:57:54:05:c1:43:a6:e4:53:
                    02:8f:b1:34:ce:aa:1c:27:13:df:0c:6d:1c:59:35:
                    bf:51:fd:44:13:b6:b3:4a:52:00:14:92:b1:5e:88:
                    13:ea:cc:af:c3:56:36:b0:87:7c:38:d4:2f:91:40:
                    12:8c:dd:72:fc:67:c6:4a:62:bd:f8:a7:62:21:dd:
                    83:e4:1b:62:19:51:85:bf:10:d6:a1:06:e5:06:49:
                    6b:73:45:8d:d6:5b:17:5a:08:44:40:7f:de:40:6d:
                    3b:74:7c:85:bf:97:bd:12:74:a5:12:65:71:40:e0:
                    cd:db:75:31:7e:b6:ab:d1:fb:1d:e3:2f:b3:c6:dd:
                    f1:e0:0b:0c:87:00:41:bb:d0:18:ce:ce:b8:ab:15:
                    9c:60:23:12:c5:ed:28:d1:4a:c8:fc:f8:b9:64:c0:
                    cb:a2:ab:5a:c4:14:17:8d:40:4d:a8:8c:9d:9c:c9:
                    38:fa:da:79:8b:bc:48:9b:34:3e:ac:2b:c7:8f:53:
                    fc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:A0:FD:D8:0E:95:A7:67:AA:8E:D0:47:52:57:7F:BB:F5:7E:DD:3E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8d40f436-2d40-4f34-8a01-c267855f8f23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:6a:a3:c6:fc:f0:d2:64:87:a1:57:ed:e9:69:1a:fb:0a:fc:
         0b:0d:99:58:18:4f:b1:62:50:1e:53:5d:45:a1:51:f2:fb:87:
         6d:43:81:d5:71:be:e6:e6:5c:9d:2b:6b:98:6c:78:9c:be:b9:
         0a:d8:64:3f:17:6a:8b:14:36:a1:f8:a5:72:0b:42:0e:a0:a9:
         bb:07:cd:75:4c:41:75:45:cb:f0:d2:20:b9:fe:9f:3e:e8:6a:
         c8:74:a2:17:39:19:99:bb:20:e5:f6:c5:f6:cd:75:3e:e0:a8:
         96:e9:d5:bc:e8:88:97:29:f1:91:36:69:d9:29:9e:50:43:dc:
         71:28:2d:f4:b1:fc:76:11:cd:5e:82:f9:7d:7c:43:ec:ca:14:
         ab:50:8d:f5:ff:0e:d3:fb:f7:61:58:80:52:27:99:ff:0c:e6:
         05:d7:6a:32:80:9a:0c:a3:0a:f2:67:5e:25:e2:96:2b:cf:3d:
         53:84:f9:c1:42:ee:b5:95:8a:df:6a:b7:11:8b:e8:7b:0f:99:
         3e:26:fd:5e:3f:90:c6:02:b9:d3:44:95:fc:0b:0f:05:18:6f:
         27:06:30:d0:1e:4d:a9:94:80:15:e1:bc:28:a2:6a:78:f0:1c:
         4f:3b:42:7e:ed:0d:fa:f9:23:11:91:07:37:8d:27:5c:19:78:
         e5:cd:5b:96
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQyiOlcCUtxJW//KBjRpcqJk96dUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTMxMDAwMDAwWhcNMjQwMzA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNTNhZGJhYTUzMzA4NmYzZjBkYWJkYTgwMTMwY2VjYjE1
OGQ0ZGIyZDdkY2QxMmZhMTgwYTA3Y2U0ZDJjZGRjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTQnzZqemn1HQxYO4uMZ61CF2dVK19iKkYvpG3EXk56YyX
RsXnE3BmOyqUAeA49ROsMN/pHg25wvRLRVttBTFWqjZXVAXBQ6bkUwKPsTTOqhwn
E98MbRxZNb9R/UQTtrNKUgAUkrFeiBPqzK/DVjawh3w41C+RQBKM3XL8Z8ZKYr34
p2Ih3YPkG2IZUYW/ENahBuUGSWtzRY3WWxdaCERAf95AbTt0fIW/l70SdKUSZXFA
4M3bdTF+tqvR+x3jL7PG3fHgCwyHAEG70BjOzrirFZxgIxLF7SjRSsj8+LlkwMui
q1rEFBeNQE2ojJ2cyTj62nmLvEibND6sK8ePU/zTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7aD92A6Vp2eqjtBHUld/u/V+3T4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhkNDBmNDM2LTJkNDAtNGYzNC04YTAxLWMyNjc4NTVmOGYyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJFqo8b88NJkh6FX7elpGvsK/AsN
mVgYT7FiUB5TXUWhUfL7h21DgdVxvubmXJ0ra5hseJy+uQrYZD8XaosUNqH4pXIL
Qg6gqbsHzXVMQXVFy/DSILn+nz7oash0ohc5GZm7IOX2xfbNdT7gqJbp1bzoiJcp
8ZE2adkpnlBD3HEoLfSx/HYRzV6C+X18Q+zKFKtQjfX/DtP792FYgFInmf8M5gXX
ajKAmgyjCvJnXiXilivPPVOE+cFC7rWVit9qtxGL6HsPmT4m/V4/kMYCudNElfwL
DwUYbycGMNAeTamUgBXhvCiianjwHE87Qn7tDfr5IxGRBzeNJ1wZeOXNW5Y=
-----END CERTIFICATE-----