Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9526304d-e7a5-4c12-b94e-d54263c72182.roa
File:                     9526304d-e7a5-4c12-b94e-d54263c72182.roa (raw, json)
Hash identifier:          /oDqoGtVSsXGaz0Z+zsQEWDBkyN1zHsCRz++DjgnCFo=
Subject key identifier:   7B:5B:AF:1F:DD:AF:7D:1B:95:92:C7:DC:09:57:74:68:15:04:A8:89
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       76D1FE872EEA4ABAF0F8C98CFB6FC538D136305C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9526304d-e7a5-4c12-b94e-d54263c72182.roa
Signing time:             Tue 24 Oct 2023 00:00:00 +0000
ROA not before:           Tue 24 Oct 2023 00:00:00 +0000
ROA not after:            Tue 28 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:d1:fe:87:2e:ea:4a:ba:f0:f8:c9:8c:fb:6f:c5:38:d1:36:30:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 24 00:00:00 2023 GMT
            Not After : Nov 28 23:59:59 2023 GMT
        Subject: serialNumber=919e5b29ddf28f7565a6348877fab564300337e2929ad24e30be460405a8ef4c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5a:7a:ef:40:2c:e8:4f:10:98:bf:64:05:05:
                    81:9e:6d:f2:82:63:4f:e6:d5:68:24:56:c8:08:1c:
                    25:c8:12:94:76:1d:10:55:16:bc:9f:65:37:4b:31:
                    d4:44:80:d0:13:eb:88:2f:d2:bc:38:52:77:1f:90:
                    da:26:a7:5f:d3:2c:06:f7:6d:6d:ea:98:ee:13:40:
                    db:4e:45:91:37:3a:b8:da:c2:03:d7:8c:31:6b:b9:
                    ca:89:de:6c:53:f5:b5:49:24:68:8f:e1:03:a7:c5:
                    62:fa:1b:ce:6c:79:e7:d0:31:5d:4c:74:e7:69:df:
                    a3:51:84:3a:e9:a6:a0:c9:52:21:0f:67:39:a8:fc:
                    a5:56:04:22:ec:83:9b:63:55:d8:de:1d:e5:10:fe:
                    f5:e3:97:f3:f0:59:e8:92:40:06:ba:96:21:50:91:
                    87:71:01:f2:7b:50:c4:be:62:1e:19:f1:7e:54:9e:
                    66:ff:c5:8d:fc:ca:0f:81:5f:4c:3c:6b:90:07:ee:
                    b2:ac:92:0c:83:ef:8e:9f:75:c1:12:b6:37:56:b3:
                    01:13:4d:3e:15:9c:77:24:18:be:87:98:7b:21:2c:
                    b1:3c:74:03:8b:17:eb:48:8b:88:dd:4d:83:a2:f8:
                    6d:f0:c5:49:42:3a:e1:3a:70:a0:31:9f:bb:fa:2f:
                    14:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:5B:AF:1F:DD:AF:7D:1B:95:92:C7:DC:09:57:74:68:15:04:A8:89
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9526304d-e7a5-4c12-b94e-d54263c72182.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:68:0f:f9:61:e1:22:85:78:17:12:89:bf:82:13:f2:80:78:
         83:18:66:8f:58:a0:4b:b8:8a:c4:33:a1:ee:3c:ff:a5:e3:a2:
         a3:7f:38:91:96:33:86:1b:0b:ff:c6:f6:18:cf:85:3c:82:22:
         0f:fa:c0:a5:2c:4c:c0:9d:67:ba:21:8f:e1:98:13:fe:15:6c:
         72:f4:98:dc:d2:c2:8a:14:53:5c:6b:07:5f:6d:c5:74:ed:7f:
         5b:4d:b3:be:73:63:bc:60:71:93:da:1d:0e:11:a8:c3:40:91:
         10:61:c2:d1:31:cf:df:3d:22:a2:8e:55:55:b1:86:fc:e6:e3:
         3f:49:77:10:bb:e9:45:ef:68:50:dd:10:6f:ad:e0:b2:9a:35:
         41:e2:14:a1:72:b9:b0:41:a4:b4:56:c9:83:fb:c3:a0:f6:60:
         cc:f8:6b:0f:58:61:71:92:72:cb:ed:0c:2a:d7:d8:94:21:e6:
         9d:a4:d9:2f:89:3c:c7:ef:c9:05:28:7d:2b:cc:91:b7:e4:5e:
         50:28:ad:e7:06:74:ed:e7:12:64:96:04:16:27:0d:5d:f0:89:
         be:a6:7d:7f:29:d3:d9:bb:98:a7:fc:1e:43:aa:3f:88:46:c9:
         57:ba:e0:f0:aa:dd:5f:37:af:47:d6:46:69:7a:8f:a4:b6:28:
         93:cd:78:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdtH+hy7qSrrw+MmM+2/FONE2MFwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI0MDAwMDAwWhcNMjMxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MTllNWIyOWRkZjI4Zjc1NjVhNjM0ODg3N2ZhYjU2NDMw
MDMzN2UyOTI5YWQyNGUzMGJlNDYwNDA1YThlZjRjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDWnrvQCzoTxCYv2QFBYGebfKCY0/m1WgkVsgIHCXIEpR2
HRBVFryfZTdLMdREgNAT64gv0rw4UncfkNomp1/TLAb3bW3qmO4TQNtORZE3Orja
wgPXjDFrucqJ3mxT9bVJJGiP4QOnxWL6G85seefQMV1MdOdp36NRhDrppqDJUiEP
Zzmo/KVWBCLsg5tjVdjeHeUQ/vXjl/PwWeiSQAa6liFQkYdxAfJ7UMS+Yh4Z8X5U
nmb/xY38yg+BX0w8a5AH7rKskgyD746fdcEStjdWswETTT4VnHckGL6HmHshLLE8
dAOLF+tIi4jdTYOi+G3wxUlCOuE6cKAxn7v6LxRRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUe1uvH92vfRuVksfcCVd0aBUEqIkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk1MjYzMDRkLWU3YTUtNGMxMi1iOTRlLWQ1NDI2M2M3MjE4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG1oD/lh4SKFeBcSib+CE/KAeIMY
Zo9YoEu4isQzoe48/6XjoqN/OJGWM4YbC//G9hjPhTyCIg/6wKUsTMCdZ7ohj+GY
E/4VbHL0mNzSwooUU1xrB19txXTtf1tNs75zY7xgcZPaHQ4RqMNAkRBhwtExz989
IqKOVVWxhvzm4z9JdxC76UXvaFDdEG+t4LKaNUHiFKFyubBBpLRWyYP7w6D2YMz4
aw9YYXGScsvtDCrX2JQh5p2k2S+JPMfvyQUofSvMkbfkXlAorecGdO3nEmSWBBYn
DV3wib6mfX8p09m7mKf8HkOqP4hGyVe64PCq3V83r0fWRml6j6S2KJPNeNg=
-----END CERTIFICATE-----