Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/99c285f7-a037-43d0-851e-4463393aa1e0.roa
File:                     99c285f7-a037-43d0-851e-4463393aa1e0.roa (raw, json)
Hash identifier:          nN0OJ5vXm5uxg0+H/gh6hVj8bKwWwtHbF1q9n3f4J6A=
Subject key identifier:   86:F9:E9:43:19:50:47:1E:57:BA:E7:41:1D:F5:B2:92:4E:3A:A2:89
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       650850C68A810CC289E7C7EFFAF115B85B7A417D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/99c285f7-a037-43d0-851e-4463393aa1e0.roa
Signing time:             Sat 06 Jan 2024 00:00:00 +0000
ROA not before:           Sat 06 Jan 2024 00:00:00 +0000
ROA not after:            Sat 10 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:08:50:c6:8a:81:0c:c2:89:e7:c7:ef:fa:f1:15:b8:5b:7a:41:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan  6 00:00:00 2024 GMT
            Not After : Feb 10 23:59:59 2024 GMT
        Subject: serialNumber=50834dda688e560f554a97832250ab53c4187fb4398dc727c0e9dee45279e17a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:62:e3:c2:45:84:97:df:26:fc:dc:38:47:63:
                    4a:1f:53:41:4a:ca:be:41:8d:bf:6e:0f:34:5d:e0:
                    44:cc:79:20:3e:2e:cb:dc:6f:39:36:60:a7:d4:e9:
                    df:9d:af:76:b2:0b:a7:56:4e:1d:e3:29:9b:49:88:
                    6c:54:03:2d:72:90:4c:5b:16:38:c1:5b:f8:e8:9e:
                    8a:c0:77:ef:d3:12:8e:df:01:cc:af:d0:e7:2e:52:
                    ae:f4:09:cb:36:53:ed:56:2e:76:10:8e:49:e5:c7:
                    94:1e:f2:6d:e1:1b:73:1f:76:6b:0d:06:7e:3d:83:
                    ac:37:f0:8d:df:d1:07:4e:34:58:32:45:9e:e0:b4:
                    1f:c3:be:3a:ba:63:3a:7f:f1:6c:05:65:8d:3d:0e:
                    f0:45:af:e3:87:73:98:f0:dd:a2:2a:32:b2:7d:c4:
                    d8:c4:e2:86:57:c2:82:86:10:e5:f6:6a:47:b1:77:
                    33:ec:69:ad:b4:d2:c5:ec:af:6d:01:dc:b4:35:a4:
                    f2:52:a1:2b:3f:53:90:1a:f8:f0:38:1c:9a:15:ba:
                    60:13:23:e1:af:28:00:9e:fb:d7:2f:77:05:df:e7:
                    f7:40:8c:6a:34:63:92:4a:38:32:05:33:25:6c:8b:
                    cd:8c:6a:6d:c8:e8:09:f9:d3:4a:cc:72:b1:1e:3e:
                    10:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F9:E9:43:19:50:47:1E:57:BA:E7:41:1D:F5:B2:92:4E:3A:A2:89
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/99c285f7-a037-43d0-851e-4463393aa1e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:6b:4a:40:65:af:d4:92:51:74:d3:5c:e4:c7:76:35:f1:7e:
         70:f9:95:fd:6e:04:48:e0:a0:45:81:89:67:9c:89:6c:4c:25:
         4c:47:14:9d:4f:a7:c7:83:6b:ed:5d:39:05:97:de:67:78:f3:
         06:9d:1c:ed:17:c8:f1:a2:72:f4:87:c6:93:eb:ac:d1:b6:46:
         3e:56:60:b4:89:c6:fb:02:44:31:97:5a:22:15:19:00:cf:5d:
         b8:73:52:0c:2f:f5:73:d3:60:5c:bf:d3:3a:49:a7:90:8b:04:
         c2:ed:39:43:78:bf:79:57:d6:91:b4:41:25:6a:c7:f4:a8:ee:
         a7:0a:8e:18:54:23:a5:97:19:ed:bc:db:45:e6:3a:6b:39:15:
         d4:17:53:be:18:4f:d4:d0:cc:50:f5:24:47:9f:df:22:26:58:
         76:cc:d5:f9:56:60:3b:69:76:86:5f:8a:51:6f:5a:8a:fa:fd:
         69:5c:02:48:87:b1:0e:09:ea:24:e1:f0:04:bf:1c:fe:9c:a7:
         a4:d4:40:8c:4d:01:b7:1e:14:5d:b1:71:40:e5:5a:f8:2b:0c:
         00:44:1f:7b:53:68:01:c9:ed:e6:e3:30:db:57:cb:6a:cc:18:
         7a:8b:6f:69:9b:8f:f5:08:85:3e:30:25:0d:4e:fc:88:5e:74:
         8c:70:0b:4c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZQhQxoqBDMKJ58fv+vEVuFt6QX0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTA2MDAwMDAwWhcNMjQwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDgzNGRkYTY4OGU1NjBmNTU0YTk3ODMyMjUwYWI1M2M0
MTg3ZmI0Mzk4ZGM3MjdjMGU5ZGVlNDUyNzllMTdhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJYuPCRYSX3yb83DhHY0ofU0FKyr5Bjb9uDzRd4ETMeSA+
Lsvcbzk2YKfU6d+dr3ayC6dWTh3jKZtJiGxUAy1ykExbFjjBW/jonorAd+/TEo7f
Acyv0OcuUq70Ccs2U+1WLnYQjknlx5Qe8m3hG3MfdmsNBn49g6w38I3f0QdONFgy
RZ7gtB/Dvjq6Yzp/8WwFZY09DvBFr+OHc5jw3aIqMrJ9xNjE4oZXwoKGEOX2akex
dzPsaa200sXsr20B3LQ1pPJSoSs/U5Aa+PA4HJoVumATI+GvKACe+9cvdwXf5/dA
jGo0Y5JKODIFMyVsi82Mam3I6An500rMcrEePhDXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhvnpQxlQRx5XuudBHfWykk46ookwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk5YzI4NWY3LWEwMzctNDNkMC04NTFlLTQ0NjMzOTNhYTFlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACNrSkBlr9SSUXTTXOTHdjXxfnD5
lf1uBEjgoEWBiWeciWxMJUxHFJ1Pp8eDa+1dOQWX3md48wadHO0XyPGicvSHxpPr
rNG2Rj5WYLSJxvsCRDGXWiIVGQDPXbhzUgwv9XPTYFy/0zpJp5CLBMLtOUN4v3lX
1pG0QSVqx/So7qcKjhhUI6WXGe2820XmOms5FdQXU74YT9TQzFD1JEef3yImWHbM
1flWYDtpdoZfilFvWor6/WlcAkiHsQ4J6iTh8AS/HP6cp6TUQIxNAbceFF2xcUDl
WvgrDABEH3tTaAHJ7ebjMNtXy2rMGHqLb2mbj/UIhT4wJQ1O/IhedIxwC0w=
-----END CERTIFICATE-----