Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8de869d0-c479-4446-a747-8998509f022e.roa
File:                     8de869d0-c479-4446-a747-8998509f022e.roa (raw, json)
Hash identifier:          Q25xzZDYvL5M2hhCR2UyucdPNCVc/PM1SVfRH9cCcVw=
Subject key identifier:   F7:90:EE:CD:10:F9:81:22:6E:2D:AC:B4:70:A5:9B:CE:01:DD:96:94
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       73070D989A0EBF3EC7F6BB1794BF74C1A606C348
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8de869d0-c479-4446-a747-8998509f022e.roa
Signing time:             Wed 06 Dec 2023 00:00:00 +0000
ROA not before:           Wed 06 Dec 2023 00:00:00 +0000
ROA not after:            Wed 10 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:07:0d:98:9a:0e:bf:3e:c7:f6:bb:17:94:bf:74:c1:a6:06:c3:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  6 00:00:00 2023 GMT
            Not After : Jan 10 23:59:59 2024 GMT
        Subject: serialNumber=a9790214f456823394fbd90ddd76390c20175a90ab99873ed742e37827fb1680, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c1:1d:0d:e6:48:3b:56:0c:83:18:89:e9:34:
                    22:89:a0:11:28:89:84:1e:b1:34:79:c3:9a:80:8e:
                    a0:2c:0b:6d:30:0a:a8:69:d2:73:a1:cc:25:60:de:
                    d3:e9:98:d6:6d:1d:c6:35:45:45:74:60:d1:a9:f5:
                    19:52:d3:f8:ab:6f:e1:41:ee:48:c4:28:ba:c9:a0:
                    b6:26:45:b0:fd:9c:09:95:a0:56:09:cc:9c:f5:e5:
                    ca:d7:52:68:e0:43:c2:ed:7d:af:66:f2:06:69:29:
                    54:36:7c:12:d7:b0:a8:3a:40:1d:5b:97:57:14:fc:
                    d3:dd:1b:8f:bd:ab:e0:26:e1:81:22:42:ab:c9:85:
                    be:40:81:31:80:5b:22:fd:b0:16:3f:92:1d:21:a9:
                    70:7a:92:51:5d:ae:1a:c4:db:08:8f:31:51:85:56:
                    51:70:73:16:c0:3a:b5:ad:29:7c:13:71:cb:f8:eb:
                    9d:29:df:6d:ab:68:bc:a0:f9:f7:1e:70:66:96:2b:
                    e5:b4:de:8b:94:18:a2:91:93:f3:42:7e:cc:63:65:
                    84:31:ae:dc:56:56:93:d5:9c:02:f2:d0:4a:1d:06:
                    44:71:3d:7f:63:6e:fa:46:89:a0:2c:c1:ef:a2:86:
                    55:bb:ab:a0:39:3c:06:d1:11:57:2e:49:bb:79:29:
                    c1:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:90:EE:CD:10:F9:81:22:6E:2D:AC:B4:70:A5:9B:CE:01:DD:96:94
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8de869d0-c479-4446-a747-8998509f022e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:25:bc:e0:30:bd:33:4f:12:d5:51:6e:5c:b5:9b:ee:e2:10:
         53:ba:2a:ad:5c:15:a9:b0:b9:16:c2:af:da:6e:68:0c:e0:4c:
         2d:0f:e7:be:3e:8a:02:75:39:20:45:dd:47:ca:0a:09:3e:56:
         e1:d4:60:12:c6:be:e0:ff:47:4d:3a:3f:d0:b2:cf:7b:7d:c9:
         75:46:d8:f1:b1:0d:a9:c4:17:3e:2d:67:9c:ae:b3:fd:1a:52:
         06:ac:0f:c9:a6:b9:3b:d5:f7:d0:e1:04:76:50:e3:ed:d6:82:
         b2:35:27:07:20:1f:2a:06:1a:45:36:00:ce:3d:41:e8:a3:99:
         a6:bc:7c:d6:12:dc:f1:26:7e:bc:5e:73:37:03:61:fc:7e:87:
         0e:68:b0:a8:be:69:71:53:c8:05:ff:60:99:47:e0:4c:3c:47:
         03:f6:4b:72:d9:7c:89:90:cc:66:44:14:47:b4:d2:d4:7c:1c:
         e2:74:05:d5:ea:e2:6a:8f:18:8c:9b:ba:60:e7:fa:67:cf:f1:
         8d:b2:99:5b:1c:75:28:04:93:df:b2:f6:b2:27:b0:c4:a4:c0:
         b5:29:5c:83:bc:86:2f:af:2e:d6:90:ac:57:38:ab:5a:2f:b3:
         8e:20:5f:4e:e8:4e:d9:21:87:61:84:fe:11:ce:5b:e1:50:14:
         0e:1a:93:d2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcwcNmJoOvz7H9rsXlL90waYGw0gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjA2MDAwMDAwWhcNMjQwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTc5MDIxNGY0NTY4MjMzOTRmYmQ5MGRkZDc2MzkwYzIw
MTc1YTkwYWI5OTg3M2VkNzQyZTM3ODI3ZmIxNjgwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuwR0N5kg7VgyDGInpNCKJoBEoiYQesTR5w5qAjqAsC20w
Cqhp0nOhzCVg3tPpmNZtHcY1RUV0YNGp9RlS0/irb+FB7kjEKLrJoLYmRbD9nAmV
oFYJzJz15crXUmjgQ8Ltfa9m8gZpKVQ2fBLXsKg6QB1bl1cU/NPdG4+9q+Am4YEi
QqvJhb5AgTGAWyL9sBY/kh0hqXB6klFdrhrE2wiPMVGFVlFwcxbAOrWtKXwTccv4
650p322raLyg+fcecGaWK+W03ouUGKKRk/NCfsxjZYQxrtxWVpPVnALy0EodBkRx
PX9jbvpGiaAswe+ihlW7q6A5PAbREVcuSbt5KcHBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU95DuzRD5gSJuLay0cKWbzgHdlpQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhkZTg2OWQwLWM0NzktNDQ0Ni1hNzQ3LTg5OTg1MDlmMDIyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAQlvOAwvTNPEtVRbly1m+7iEFO6
Kq1cFamwuRbCr9puaAzgTC0P574+igJ1OSBF3UfKCgk+VuHUYBLGvuD/R006P9Cy
z3t9yXVG2PGxDanEFz4tZ5yus/0aUgasD8mmuTvV99DhBHZQ4+3WgrI1JwcgHyoG
GkU2AM49Qeijmaa8fNYS3PEmfrxeczcDYfx+hw5osKi+aXFTyAX/YJlH4Ew8RwP2
S3LZfImQzGZEFEe00tR8HOJ0BdXq4mqPGIybumDn+mfP8Y2ymVscdSgEk9+y9rIn
sMSkwLUpXIO8hi+vLtaQrFc4q1ovs44gX07oTtkhh2GE/hHOW+FQFA4ak9I=
-----END CERTIFICATE-----