Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9b6630ad-23fa-479a-9225-d5f822f3a728.roa
File:                     9b6630ad-23fa-479a-9225-d5f822f3a728.roa (raw, json)
Hash identifier:          ULeUw7K2LSjQ2psGjpF3WB8CiShBOc+VtQwkgNo8/dc=
Subject key identifier:   99:0C:B2:3F:1A:D5:F6:BA:65:60:21:00:D0:0F:77:26:87:53:34:65
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3BB282E4C5A9B824DE6C7EC7B6D5CCEBB2B6F5CC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9b6630ad-23fa-479a-9225-d5f822f3a728.roa
Signing time:             Tue 10 Oct 2023 00:00:00 +0000
ROA not before:           Tue 10 Oct 2023 00:00:00 +0000
ROA not after:            Tue 14 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:b2:82:e4:c5:a9:b8:24:de:6c:7e:c7:b6:d5:cc:eb:b2:b6:f5:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 10 00:00:00 2023 GMT
            Not After : Nov 14 23:59:59 2023 GMT
        Subject: serialNumber=8b2d1f1ce169d8373b4bcd54dd4b3852113c8a2f65eb90bfb8261ddadf595fec, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:79:d2:91:83:f3:be:44:a0:28:1e:b2:6d:d8:
                    da:62:30:61:58:0a:34:0d:2d:0a:ed:f9:99:7f:fb:
                    36:ff:70:dd:fa:0a:e6:64:3c:7d:e6:5f:77:b7:55:
                    32:78:c0:83:76:5f:50:f8:b7:5d:5a:c3:32:92:72:
                    84:57:b0:49:f5:b7:6c:3f:89:f6:ad:e8:a6:b5:5b:
                    b3:1a:54:c5:83:3a:56:50:74:25:a4:ff:a0:bf:2f:
                    6f:16:b8:ab:45:7e:b1:06:4d:6d:52:a0:3c:63:af:
                    e3:77:ae:5d:68:eb:a2:92:1f:f4:68:08:dc:ec:63:
                    c8:14:62:5b:64:79:09:73:ed:8b:a8:e0:23:b8:3b:
                    a5:cf:76:6b:7d:af:16:ce:49:5c:7a:64:54:73:6a:
                    ed:9f:15:47:01:ce:70:4f:c8:03:c4:22:48:a5:43:
                    8c:b7:ad:c3:d4:92:88:e4:07:a8:31:2a:cc:79:75:
                    f6:40:e4:3e:8e:d2:12:1d:10:47:f0:59:d1:b8:25:
                    8e:21:04:cc:26:29:9e:63:bb:ed:e1:46:24:3c:ad:
                    52:94:2b:2e:e8:71:5f:df:f4:e6:d1:8d:93:15:33:
                    e3:82:d9:bd:c7:24:18:96:e9:31:cf:c1:96:63:67:
                    ee:15:d1:16:12:92:fe:cd:99:0b:16:11:7f:1f:83:
                    e8:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:0C:B2:3F:1A:D5:F6:BA:65:60:21:00:D0:0F:77:26:87:53:34:65
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9b6630ad-23fa-479a-9225-d5f822f3a728.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:ca:5a:e4:5d:23:93:7d:bb:0a:be:29:e4:7c:8c:8f:ef:b3:
         d3:2e:ce:c0:98:aa:48:0d:ad:90:f9:8e:c1:92:ba:cb:be:0c:
         5e:2d:3e:23:34:91:82:a4:90:2a:9d:c4:7d:41:97:e3:5f:d8:
         d7:b3:83:6e:f8:90:d0:60:0d:3c:7d:fd:04:c4:d0:5d:3a:dc:
         cc:06:62:78:56:35:c6:b2:4e:49:d3:86:ca:56:3c:61:dc:59:
         c3:87:f3:cb:b8:c1:ae:c9:aa:2d:85:90:08:df:9c:a7:73:db:
         b7:15:63:86:ad:a2:8d:bc:86:b3:cb:de:8e:c4:f0:19:a3:ff:
         fe:32:48:b3:e3:93:9b:73:d8:8d:31:da:d0:71:1c:82:3d:3c:
         86:8d:68:3c:10:84:dd:85:27:1b:60:5e:82:36:9e:38:a5:03:
         60:48:7f:61:f7:3f:d4:6f:84:15:08:3b:f5:c0:56:b5:07:2e:
         85:54:70:78:ad:2a:6a:71:fc:b5:17:27:6c:fe:e8:a9:2c:2f:
         b3:b0:ca:f1:8d:8d:41:f5:7c:2c:a8:f5:51:40:6c:92:75:27:
         91:29:39:0a:0a:12:85:08:fd:58:29:01:23:cf:a6:8d:4e:f0:
         2c:fa:55:30:e9:30:d8:1c:52:6b:a5:90:8d:ca:15:80:e0:04:
         da:df:b1:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO7KC5MWpuCTebH7HttXM67K29cwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDEwMDAwMDAwWhcNMjMxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjJkMWYxY2UxNjlkODM3M2I0YmNkNTRkZDRiMzg1MjEx
M2M4YTJmNjVlYjkwYmZiODI2MWRkYWRmNTk1ZmVjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeedKRg/O+RKAoHrJt2NpiMGFYCjQNLQrt+Zl/+zb/cN36
CuZkPH3mX3e3VTJ4wIN2X1D4t11awzKScoRXsEn1t2w/ifat6Ka1W7MaVMWDOlZQ
dCWk/6C/L28WuKtFfrEGTW1SoDxjr+N3rl1o66KSH/RoCNzsY8gUYltkeQlz7Yuo
4CO4O6XPdmt9rxbOSVx6ZFRzau2fFUcBznBPyAPEIkilQ4y3rcPUkojkB6gxKsx5
dfZA5D6O0hIdEEfwWdG4JY4hBMwmKZ5ju+3hRiQ8rVKUKy7ocV/f9ObRjZMVM+OC
2b3HJBiW6THPwZZjZ+4V0RYSkv7NmQsWEX8fg+idAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmQyyPxrV9rplYCEA0A93JodTNGUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzliNjYzMGFkLTIzZmEtNDc5YS05MjI1LWQ1ZjgyMmYzYTcyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADvKWuRdI5N9uwq+KeR8jI/vs9Mu
zsCYqkgNrZD5jsGSusu+DF4tPiM0kYKkkCqdxH1Bl+Nf2Nezg274kNBgDTx9/QTE
0F063MwGYnhWNcayTknThspWPGHcWcOH88u4wa7Jqi2FkAjfnKdz27cVY4atoo28
hrPL3o7E8Bmj//4ySLPjk5tz2I0x2tBxHII9PIaNaDwQhN2FJxtgXoI2njilA2BI
f2H3P9RvhBUIO/XAVrUHLoVUcHitKmpx/LUXJ2z+6KksL7OwyvGNjUH1fCyo9VFA
bJJ1J5EpOQoKEoUI/VgpASPPpo1O8Cz6VTDpMNgcUmulkI3KFYDgBNrfsfY=
-----END CERTIFICATE-----