Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/968fd406-f759-41d5-bda2-c82a2cf33058.roa
File:                     968fd406-f759-41d5-bda2-c82a2cf33058.roa (raw, json)
Hash identifier:          wZBvhEBDfvbFZsro1NZ0zt80rI+2B1CTgQa5Yul5L6g=
Subject key identifier:   14:1C:BF:FA:37:D9:FC:EE:9B:E1:0D:F1:3B:1D:A6:2F:7D:44:BF:18
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       50A4048FD68C305CE15D1D8F0837CA8B683BBB31
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/968fd406-f759-41d5-bda2-c82a2cf33058.roa
Signing time:             Sat 19 Aug 2023 00:00:00 +0000
ROA not before:           Sat 19 Aug 2023 00:00:00 +0000
ROA not after:            Sat 23 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:a4:04:8f:d6:8c:30:5c:e1:5d:1d:8f:08:37:ca:8b:68:3b:bb:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 19 00:00:00 2023 GMT
            Not After : Sep 23 23:59:59 2023 GMT
        Subject: serialNumber=1bf0b276fb2eea8ad0db91550c9bb2e3ec5b09b022fa3ccaaac3fb815f933190, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:f4:94:15:65:53:e4:71:10:9b:49:87:a2:56:
                    9d:b3:30:a9:bd:62:66:48:13:2f:15:ef:16:2c:03:
                    fb:ce:36:69:29:4d:2b:e3:6a:46:88:d2:1c:31:ae:
                    3a:40:a9:e4:9c:b7:52:24:36:23:9e:92:90:b7:7b:
                    d1:7b:a8:09:0f:35:c3:63:46:44:82:b0:5d:46:1b:
                    4f:32:39:f5:6c:b0:49:ef:2f:33:07:7e:30:39:3f:
                    d8:fb:6a:dd:2e:d7:c3:6b:6d:7b:fc:6c:df:f6:7f:
                    aa:93:9b:85:66:96:2a:14:1f:27:0a:e1:be:1b:f8:
                    2a:03:b5:27:42:ec:10:4e:2a:4f:51:ca:4c:5e:c8:
                    a5:37:fd:d2:6e:1a:b3:7b:f2:8d:3c:62:0d:fd:42:
                    66:3a:b5:16:e2:07:fc:e6:a9:52:19:2d:ce:04:b1:
                    2a:0f:da:54:bc:34:e4:4d:a1:1c:bd:61:48:e7:72:
                    24:a1:8e:a3:9d:1d:17:fa:70:71:44:c8:ed:87:c8:
                    d6:94:86:25:75:cc:c8:9e:39:87:86:33:2c:73:8c:
                    b2:de:a9:da:d0:25:da:f5:12:04:21:7c:b1:e2:be:
                    57:f4:64:94:f3:d0:95:aa:04:02:a2:21:97:8e:e2:
                    fd:00:06:a3:2f:c3:31:6c:27:a3:df:1b:09:c4:c6:
                    cc:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:1C:BF:FA:37:D9:FC:EE:9B:E1:0D:F1:3B:1D:A6:2F:7D:44:BF:18
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/968fd406-f759-41d5-bda2-c82a2cf33058.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:ef:aa:19:79:8f:3a:04:4a:dd:d2:f1:46:9b:49:b4:0e:d3:
         ff:69:a3:85:5f:b8:77:11:35:26:27:30:c8:c5:32:95:51:a2:
         e6:80:b6:f2:a2:59:40:7f:86:67:de:ad:e4:90:31:0a:e1:e3:
         49:11:ad:a6:fc:b5:09:bc:a7:27:5a:54:da:fa:f0:11:68:61:
         ba:80:76:00:52:fc:be:c0:e3:01:9b:ae:c9:40:0b:4e:ba:d1:
         ee:7b:36:78:ab:f9:2e:7a:32:fa:c4:4d:c7:85:36:92:a4:97:
         ab:76:bb:9e:6f:50:40:89:44:fd:de:d8:53:d3:53:68:f6:a6:
         69:e1:16:f8:08:e6:48:42:93:fd:8d:cd:d8:72:81:a4:ff:18:
         b1:a9:1b:13:02:f4:90:42:2d:50:ac:b4:27:14:90:6e:cc:86:
         b5:4f:e0:be:97:7e:8b:be:c9:a1:08:2f:ce:27:cd:b2:bd:c2:
         18:b6:b0:2a:c6:d8:47:0b:dd:31:63:6b:2e:23:f5:a3:06:be:
         d4:ed:51:7a:53:dc:7a:71:d2:61:5c:cc:bb:bf:f4:3e:30:5f:
         ac:f3:93:6c:64:e5:e5:97:26:af:27:6c:f6:e2:7c:16:47:23:
         74:5a:06:c9:5c:d6:04:c6:ae:e9:f2:03:d1:ac:36:a2:db:59:
         f9:a9:5e:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUKQEj9aMMFzhXR2PCDfKi2g7uzEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE5MDAwMDAwWhcNMjMwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYmYwYjI3NmZiMmVlYThhZDBkYjkxNTUwYzliYjJlM2Vj
NWIwOWIwMjJmYTNjY2FhYWMzZmI4MTVmOTMzMTkwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDS9JQVZVPkcRCbSYeiVp2zMKm9YmZIEy8V7xYsA/vONmkp
TSvjakaI0hwxrjpAqeSct1IkNiOekpC3e9F7qAkPNcNjRkSCsF1GG08yOfVssEnv
LzMHfjA5P9j7at0u18NrbXv8bN/2f6qTm4VmlioUHycK4b4b+CoDtSdC7BBOKk9R
ykxeyKU3/dJuGrN78o08Yg39QmY6tRbiB/zmqVIZLc4EsSoP2lS8NORNoRy9YUjn
ciShjqOdHRf6cHFEyO2HyNaUhiV1zMieOYeGMyxzjLLeqdrQJdr1EgQhfLHivlf0
ZJTz0JWqBAKiIZeO4v0ABqMvwzFsJ6PfGwnExszrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFBy/+jfZ/O6b4Q3xOx2mL31EvxgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk2OGZkNDA2LWY3NTktNDFkNS1iZGEyLWM4MmEyY2YzMzA1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABbvqhl5jzoESt3S8UabSbQO0/9p
o4VfuHcRNSYnMMjFMpVRouaAtvKiWUB/hmfereSQMQrh40kRrab8tQm8pydaVNr6
8BFoYbqAdgBS/L7A4wGbrslAC0660e57Nnir+S56MvrETceFNpKkl6t2u55vUECJ
RP3e2FPTU2j2pmnhFvgI5khCk/2NzdhygaT/GLGpGxMC9JBCLVCstCcUkG7MhrVP
4L6Xfou+yaEIL84nzbK9whi2sCrG2EcL3TFjay4j9aMGvtTtUXpT3Hpx0mFczLu/
9D4wX6zzk2xk5eWXJq8nbPbifBZHI3RaBslc1gTGrunyA9GsNqLbWfmpXhs=
-----END CERTIFICATE-----