Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9c51cc59-3cc4-4c0a-ba04-1f49e357aa5b.roa
File:                     9c51cc59-3cc4-4c0a-ba04-1f49e357aa5b.roa (raw, json)
Hash identifier:          /HxJan8llFT2x4M9SmxYS3VOw8KF+nPwMU+XLnhJ9p8=
Subject key identifier:   7B:DE:20:9E:11:30:B8:3C:0B:91:5F:3B:C9:0C:AD:89:69:90:5C:78
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3ABCC58E582ACC243CD4DC99B27C441D0660A961
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9c51cc59-3cc4-4c0a-ba04-1f49e357aa5b.roa
Signing time:             Tue 19 Sep 2023 00:00:00 +0000
ROA not before:           Tue 19 Sep 2023 00:00:00 +0000
ROA not after:            Tue 24 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:bc:c5:8e:58:2a:cc:24:3c:d4:dc:99:b2:7c:44:1d:06:60:a9:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 19 00:00:00 2023 GMT
            Not After : Oct 24 23:59:59 2023 GMT
        Subject: serialNumber=b0c557001b9aa98f8c8cc82c7237f1e7b3c56a093de521f6d54592c446cac080, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:25:cd:48:55:de:dc:08:43:7d:61:a2:8f:d0:
                    0a:c4:a8:25:72:01:bf:ff:70:6c:6f:fd:9f:78:17:
                    cb:50:aa:69:1a:ff:28:a3:fd:12:bc:12:04:55:cb:
                    e9:74:e5:24:d2:ed:50:2a:24:a3:e6:6a:ac:30:82:
                    67:ad:0f:e8:60:11:e3:fb:10:49:ea:40:f0:6f:bc:
                    2d:82:69:77:52:77:de:c1:9b:03:a8:76:72:f3:c4:
                    aa:82:8b:0c:92:01:5f:4c:cb:2d:a9:48:51:0f:e6:
                    52:c0:84:04:a1:fa:12:22:4e:01:0a:1e:12:e2:56:
                    2a:4e:98:b7:e4:a7:f0:9c:79:b2:48:7b:15:e2:46:
                    69:dc:04:78:04:df:70:76:39:5c:e9:31:e9:a3:1c:
                    75:81:8a:59:1b:62:6b:12:74:d0:7c:77:13:40:66:
                    e0:98:cf:6f:7b:cf:dc:07:3f:d3:e0:6d:c4:f4:58:
                    51:82:2b:5c:15:f7:04:94:91:6a:04:51:17:08:47:
                    40:c1:06:1c:6d:21:f9:26:e9:63:4a:3d:16:86:1b:
                    a7:cf:39:ee:f0:da:b0:cf:69:e2:52:fc:d3:ab:39:
                    b2:f3:de:cd:32:a4:b9:a2:bd:70:65:91:a8:15:0b:
                    4f:33:f0:8c:01:f9:52:6e:68:d2:37:80:db:7e:09:
                    c3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:DE:20:9E:11:30:B8:3C:0B:91:5F:3B:C9:0C:AD:89:69:90:5C:78
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9c51cc59-3cc4-4c0a-ba04-1f49e357aa5b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:32:5a:57:b2:cd:7c:03:8f:e3:5b:a3:d1:26:1e:2c:33:81:
         1b:39:77:65:f1:51:f5:0e:4f:2b:e4:99:4e:3b:d2:80:78:87:
         78:65:71:80:db:12:9b:98:40:b6:1d:c0:52:dc:bc:7a:98:07:
         e6:d5:71:db:6d:0a:a8:ef:b2:1c:24:27:9d:e6:c1:c1:0f:a9:
         23:19:82:ee:ce:95:38:df:82:c9:bf:ff:59:cc:78:c3:14:b5:
         4d:ba:e3:c5:c7:88:70:c4:54:4f:24:09:71:b5:93:8f:30:0c:
         71:fb:e4:2c:da:96:0a:a7:2b:d4:e6:b9:f9:89:a6:77:6c:08:
         30:af:e7:16:87:ee:46:41:0c:52:9a:19:ac:b7:26:dc:1a:e0:
         34:6e:c5:bc:e1:ad:a1:dc:98:c3:06:9f:b0:42:64:c4:6c:86:
         2c:82:8e:f0:f8:f4:5c:30:0b:5e:8c:a2:0c:73:13:87:dd:a8:
         c2:ad:7e:03:f4:82:96:6c:5b:4f:77:08:df:18:b6:a7:65:8c:
         cd:64:8c:87:41:53:07:0b:c7:b0:1f:20:4f:b6:c8:7d:0e:95:
         b0:c4:4c:2e:1a:ca:b0:98:6f:43:fc:5a:d5:4a:92:47:e9:80:
         18:5c:87:28:fa:10:29:ab:8d:80:37:11:88:24:7d:36:1b:4d:
         85:ed:07:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOrzFjlgqzCQ81NyZsnxEHQZgqWEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE5MDAwMDAwWhcNMjMxMDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMGM1NTcwMDFiOWFhOThmOGM4Y2M4MmM3MjM3ZjFlN2Iz
YzU2YTA5M2RlNTIxZjZkNTQ1OTJjNDQ2Y2FjMDgwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvJc1IVd7cCEN9YaKP0ArEqCVyAb//cGxv/Z94F8tQqmka
/yij/RK8EgRVy+l05STS7VAqJKPmaqwwgmetD+hgEeP7EEnqQPBvvC2CaXdSd97B
mwOodnLzxKqCiwySAV9Myy2pSFEP5lLAhASh+hIiTgEKHhLiVipOmLfkp/CcebJI
exXiRmncBHgE33B2OVzpMemjHHWBilkbYmsSdNB8dxNAZuCYz297z9wHP9PgbcT0
WFGCK1wV9wSUkWoEURcIR0DBBhxtIfkm6WNKPRaGG6fPOe7w2rDPaeJS/NOrObLz
3s0ypLmivXBlkagVC08z8IwB+VJuaNI3gNt+CcPjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUe94gnhEwuDwLkV87yQytiWmQXHgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzljNTFjYzU5LTNjYzQtNGMwYS1iYTA0LTFmNDllMzU3YWE1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIMyWleyzXwDj+Nbo9EmHiwzgRs5
d2XxUfUOTyvkmU470oB4h3hlcYDbEpuYQLYdwFLcvHqYB+bVcdttCqjvshwkJ53m
wcEPqSMZgu7OlTjfgsm//1nMeMMUtU2648XHiHDEVE8kCXG1k48wDHH75Czalgqn
K9TmufmJpndsCDCv5xaH7kZBDFKaGay3Jtwa4DRuxbzhraHcmMMGn7BCZMRshiyC
jvD49FwwC16MogxzE4fdqMKtfgP0gpZsW093CN8YtqdljM1kjIdBUwcLx7AfIE+2
yH0OlbDETC4ayrCYb0P8WtVKkkfpgBhchyj6ECmrjYA3EYgkfTYbTYXtB0g=
-----END CERTIFICATE-----