Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/91baeba1-95d1-4d4b-b49d-5f6279998ce1.roa
File:                     91baeba1-95d1-4d4b-b49d-5f6279998ce1.roa (raw, json)
Hash identifier:          ATOSRz1UmjgvqLvhpdl+6JsACz1tyu5QbBNvAneuFgQ=
Subject key identifier:   F4:D3:D9:11:9E:9E:DA:79:7E:D8:F2:5B:AE:8B:1B:A5:EC:37:F0:E0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       30DE0BE85B3E0033637BE60DEE75F32653B46C6A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/91baeba1-95d1-4d4b-b49d-5f6279998ce1.roa
Signing time:             Mon 04 Sep 2023 00:00:00 +0000
ROA not before:           Mon 04 Sep 2023 00:00:00 +0000
ROA not after:            Mon 09 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:de:0b:e8:5b:3e:00:33:63:7b:e6:0d:ee:75:f3:26:53:b4:6c:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  4 00:00:00 2023 GMT
            Not After : Oct  9 23:59:59 2023 GMT
        Subject: serialNumber=e4d02e638577906d1ee59ae52d4dda6b1d8bf3b32614ba5fabd3b07f2bdf02ed, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8d:91:f1:0b:75:ba:1c:97:ff:45:06:78:b9:
                    01:ba:a6:ad:a2:4e:a2:15:be:6c:28:4b:21:6b:f3:
                    2c:83:74:93:e5:e8:1f:62:49:b7:ee:69:8c:5b:c0:
                    07:91:60:26:5c:b3:f1:ed:fb:1d:15:21:9d:b3:14:
                    17:f4:64:81:96:98:21:18:0b:ee:7b:5f:ac:3d:c4:
                    2e:63:ba:a6:9d:7e:29:b7:15:36:1b:ef:10:e2:04:
                    27:76:21:bf:c4:fe:3f:24:bc:14:bd:4e:5a:75:8e:
                    17:ef:28:c8:9f:de:23:eb:1b:3a:d2:5d:22:83:3e:
                    65:a5:3e:b4:19:ee:eb:30:78:e3:6d:fa:93:5c:28:
                    3c:4c:96:ed:b9:0c:f6:07:7b:1e:ac:c9:c5:8f:08:
                    0d:21:6a:6b:b8:9e:04:80:48:af:8e:c6:5e:81:95:
                    58:d3:40:30:83:d0:51:65:6e:da:e2:e9:52:c7:71:
                    20:a0:c3:a1:4d:3f:0f:af:51:93:d3:6a:69:46:ae:
                    58:95:23:24:5d:fe:f6:c6:88:b8:12:b9:83:46:72:
                    21:7d:68:b3:db:08:19:f3:8c:c6:8e:19:fe:6d:8e:
                    e5:ae:20:9a:cb:b1:7e:3f:d5:61:5a:8e:9f:20:64:
                    09:fb:db:4f:4a:08:d8:4d:92:f9:f9:19:35:25:f8:
                    d8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D3:D9:11:9E:9E:DA:79:7E:D8:F2:5B:AE:8B:1B:A5:EC:37:F0:E0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/91baeba1-95d1-4d4b-b49d-5f6279998ce1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:c3:27:10:f8:18:3c:db:23:73:71:46:76:72:51:f6:e2:43:
         5b:5d:33:9b:59:ca:b3:31:81:68:b6:bb:97:99:92:01:5a:77:
         21:99:2c:7c:b5:71:f6:57:e2:f0:0c:b5:94:66:ea:d9:a5:1d:
         f9:21:ec:4f:09:8a:60:05:e2:a3:00:e6:e6:c2:86:df:c9:98:
         01:af:cc:b1:fb:43:68:fa:4e:12:7b:53:22:f4:56:eb:f6:75:
         12:a9:ae:2f:47:f6:18:f9:c6:43:91:3d:f7:c5:d3:94:77:6b:
         5a:3e:86:8c:48:45:16:12:7d:a0:57:74:68:1b:25:6c:40:c4:
         41:84:6d:2f:41:fc:df:e9:81:2e:17:34:6b:d7:d4:03:0d:02:
         72:77:4c:a0:54:4e:ae:49:d9:ca:d4:08:d2:82:a0:fd:f1:0c:
         a5:78:94:af:3f:f8:90:f7:53:98:a8:80:e2:de:4c:30:0f:9e:
         f2:b4:6f:c1:e0:c9:6a:d1:89:fd:f5:fb:8d:9c:dd:c0:e0:29:
         fc:35:b9:ce:bc:34:d7:95:66:b9:26:60:ac:42:24:d7:6a:ec:
         64:30:d6:f4:27:57:c1:93:d7:8c:1d:70:67:fa:f6:03:5c:5f:
         1b:ab:24:6e:9f:e1:7c:ec:cd:fa:d5:fd:b9:22:d1:6c:18:9a:
         2a:d4:27:ee
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMN4L6Fs+ADNje+YN7nXzJlO0bGowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA0MDAwMDAwWhcNMjMxMDA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNGQwMmU2Mzg1Nzc5MDZkMWVlNTlhZTUyZDRkZGE2YjFk
OGJmM2IzMjYxNGJhNWZhYmQzYjA3ZjJiZGYwMmVkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpjZHxC3W6HJf/RQZ4uQG6pq2iTqIVvmwoSyFr8yyDdJPl
6B9iSbfuaYxbwAeRYCZcs/Ht+x0VIZ2zFBf0ZIGWmCEYC+57X6w9xC5juqadfim3
FTYb7xDiBCd2Ib/E/j8kvBS9Tlp1jhfvKMif3iPrGzrSXSKDPmWlPrQZ7usweONt
+pNcKDxMlu25DPYHex6sycWPCA0hamu4ngSASK+Oxl6BlVjTQDCD0FFlbtri6VLH
cSCgw6FNPw+vUZPTamlGrliVIyRd/vbGiLgSuYNGciF9aLPbCBnzjMaOGf5tjuWu
IJrLsX4/1WFajp8gZAn7209KCNhNkvn5GTUl+NhNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9NPZEZ6e2nl+2PJbrosbpew38OAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzkxYmFlYmExLTk1ZDEtNGQ0Yi1iNDlkLTVmNjI3OTk5OGNlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAzDJxD4GDzbI3NxRnZyUfbiQ1td
M5tZyrMxgWi2u5eZkgFadyGZLHy1cfZX4vAMtZRm6tmlHfkh7E8JimAF4qMA5ubC
ht/JmAGvzLH7Q2j6ThJ7UyL0Vuv2dRKpri9H9hj5xkORPffF05R3a1o+hoxIRRYS
faBXdGgbJWxAxEGEbS9B/N/pgS4XNGvX1AMNAnJ3TKBUTq5J2crUCNKCoP3xDKV4
lK8/+JD3U5iogOLeTDAPnvK0b8HgyWrRif31+42c3cDgKfw1uc68NNeVZrkmYKxC
JNdq7GQw1vQnV8GT14wdcGf69gNcXxurJG6f4XzszfrV/bki0WwYmirUJ+4=
-----END CERTIFICATE-----