Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e724591-e4be-4876-b33f-0ad5a02ed873.roa
File:                     8e724591-e4be-4876-b33f-0ad5a02ed873.roa (raw, json)
Hash identifier:          AGWrZs4B0X4qpEpSrtT5Z53QyAuYJjPM5guy+NXRnTk=
Subject key identifier:   FD:32:57:B0:10:2A:5C:32:B7:3D:24:C1:63:C0:F9:15:81:C3:93:F1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       582386D59002D522D63DF2D3AC4FC1D23C6AA32D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e724591-e4be-4876-b33f-0ad5a02ed873.roa
Signing time:             Thu 15 Jun 2023 00:00:00 +0000
ROA not before:           Thu 15 Jun 2023 00:00:00 +0000
ROA not after:            Thu 20 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:23:86:d5:90:02:d5:22:d6:3d:f2:d3:ac:4f:c1:d2:3c:6a:a3:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 15 00:00:00 2023 GMT
            Not After : Jul 20 23:59:59 2023 GMT
        Subject: serialNumber=940e730bd5fc5dc10c3a7d2523233a054d60ca0859dadd862f1dac518ee48787, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:77:82:fd:13:18:fa:86:8a:24:80:1c:5b:ff:
                    de:86:e2:74:f2:a2:a2:f8:f8:80:37:c2:3f:09:06:
                    72:72:40:69:4d:b7:55:c1:38:9f:a2:f7:e4:e6:ca:
                    f5:ba:8c:c9:c7:34:62:91:bb:d3:93:38:22:30:02:
                    a1:68:40:23:94:dc:6a:d7:17:94:d6:31:32:0a:62:
                    ae:0a:42:8f:40:56:0d:b8:64:2f:4e:6e:ed:15:e1:
                    a2:48:bb:47:1d:b7:50:38:9f:f0:cf:02:d6:08:37:
                    3c:eb:34:32:6a:06:ca:1c:39:5a:e7:5c:7e:d1:7d:
                    92:f8:da:53:95:24:9f:28:f6:e8:11:00:22:3f:4a:
                    da:af:d7:0b:08:cd:f3:c6:e1:a1:bd:ae:cc:8d:e1:
                    de:e8:81:e0:6a:9a:d9:be:76:cb:fe:d0:2a:4c:45:
                    68:6c:51:b1:7d:a6:9c:b7:64:37:58:01:0f:9d:84:
                    60:35:b7:47:9d:01:d8:8c:03:1c:16:ff:8d:ed:2b:
                    2b:fb:82:cc:af:98:fb:1b:2e:15:24:43:0e:b0:05:
                    58:7f:55:0d:e1:38:1c:fa:3a:db:28:fa:fc:88:60:
                    8e:7c:f5:4c:d9:28:e7:e0:b0:e6:cb:00:c2:c6:2f:
                    7a:e3:94:c5:44:ad:c7:48:b1:ed:75:2f:f2:3c:69:
                    57:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:32:57:B0:10:2A:5C:32:B7:3D:24:C1:63:C0:F9:15:81:C3:93:F1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e724591-e4be-4876-b33f-0ad5a02ed873.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:fa:0d:37:ef:cc:3a:60:cc:96:4a:c9:0f:12:2f:5c:06:d5:
         f8:2d:b1:a7:bd:7a:66:57:dd:3a:f1:6f:8d:7f:ea:a8:30:0c:
         c3:18:50:87:d5:ab:79:57:30:3e:c0:a8:4a:d2:05:d0:fc:ec:
         24:d4:5b:80:e6:29:23:ee:26:d7:d1:75:40:c3:3b:bb:1a:16:
         d1:27:de:8a:5b:50:81:e4:48:ec:bf:8a:2a:64:fa:b3:3b:af:
         d7:68:1c:3c:68:71:42:61:a3:f9:2a:72:db:91:63:89:29:98:
         e2:e9:b0:eb:15:b7:21:63:2c:07:44:42:ce:f2:7c:37:99:5b:
         8d:83:7a:27:ac:5d:dd:98:60:db:7f:4e:48:fb:09:e5:a7:8b:
         31:1b:9d:2d:58:26:f8:42:53:02:48:1b:18:7b:ed:ef:e5:c3:
         11:15:f6:19:95:6c:8a:db:a6:27:e3:f4:c8:f7:6c:0c:24:4e:
         9c:13:a0:e1:f7:0a:98:fb:b0:30:75:0b:9e:79:36:e7:02:98:
         59:34:37:99:f7:f4:18:83:10:79:7c:08:0d:3b:b3:34:bb:42:
         c0:35:41:69:d7:ac:c7:3c:57:a8:15:81:4a:c2:21:91:99:c9:
         f0:54:95:0d:68:fc:31:b4:bb:68:e6:6b:82:bb:32:6f:72:cb:
         6c:a3:fb:c1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWCOG1ZAC1SLWPfLTrE/B0jxqoy0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjE1MDAwMDAwWhcNMjMwNzIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDBlNzMwYmQ1ZmM1ZGMxMGMzYTdkMjUyMzIzM2EwNTRk
NjBjYTA4NTlkYWRkODYyZjFkYWM1MThlZTQ4Nzg3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/d4L9Exj6hookgBxb/96G4nTyoqL4+IA3wj8JBnJyQGlN
t1XBOJ+i9+TmyvW6jMnHNGKRu9OTOCIwAqFoQCOU3GrXF5TWMTIKYq4KQo9AVg24
ZC9Obu0V4aJIu0cdt1A4n/DPAtYINzzrNDJqBsocOVrnXH7RfZL42lOVJJ8o9ugR
ACI/Stqv1wsIzfPG4aG9rsyN4d7ogeBqmtm+dsv+0CpMRWhsUbF9ppy3ZDdYAQ+d
hGA1t0edAdiMAxwW/43tKyv7gsyvmPsbLhUkQw6wBVh/VQ3hOBz6Otso+vyIYI58
9UzZKOfgsObLAMLGL3rjlMVErcdIse11L/I8aVchAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/TJXsBAqXDK3PSTBY8D5FYHDk/EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhlNzI0NTkxLWU0YmUtNDg3Ni1iMzNmLTBhZDVhMDJlZDg3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAT6DTfvzDpgzJZKyQ8SL1wG1fgt
sae9emZX3Trxb41/6qgwDMMYUIfVq3lXMD7AqErSBdD87CTUW4DmKSPuJtfRdUDD
O7saFtEn3opbUIHkSOy/iipk+rM7r9doHDxocUJho/kqctuRY4kpmOLpsOsVtyFj
LAdEQs7yfDeZW42DeiesXd2YYNt/Tkj7CeWnizEbnS1YJvhCUwJIGxh77e/lwxEV
9hmVbIrbpifj9Mj3bAwkTpwToOH3Cpj7sDB1C555NucCmFk0N5n39BiDEHl8CA07
szS7QsA1QWnXrMc8V6gVgUrCIZGZyfBUlQ1o/DG0u2jma4K7Mm9yy2yj+8E=
-----END CERTIFICATE-----