Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9c999f2b-89df-4589-86c8-de2bf74d8177.roa
File:                     9c999f2b-89df-4589-86c8-de2bf74d8177.roa (raw, json)
Hash identifier:          Km939CCPkFsNkeP85e5lZCmWavpEBHXVdEnJ232nCHM=
Subject key identifier:   43:14:54:40:2F:EF:4A:78:3F:27:9C:95:B1:A3:83:24:18:85:E5:EF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1B023333789AA3844DA1B7474C367E67FDC202E0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9c999f2b-89df-4589-86c8-de2bf74d8177.roa
Signing time:             Tue 24 Oct 2023 00:00:00 +0000
ROA not before:           Tue 24 Oct 2023 00:00:00 +0000
ROA not after:            Tue 28 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:02:33:33:78:9a:a3:84:4d:a1:b7:47:4c:36:7e:67:fd:c2:02:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 24 00:00:00 2023 GMT
            Not After : Nov 28 23:59:59 2023 GMT
        Subject: serialNumber=a2013e6554887cd41d82945a2cbb2928bbe875110a1affe39432a8dbbe40951e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ba:26:0d:f6:e6:2d:3c:33:2a:87:e0:9b:7b:
                    5a:c0:b5:9d:8e:19:8e:48:2b:62:0e:57:97:9a:af:
                    41:59:f8:89:6f:7b:c2:4b:57:42:0d:c1:ca:bd:51:
                    fe:4f:b8:6c:66:c5:a1:66:68:84:ae:70:61:67:db:
                    27:27:a0:df:18:da:80:fe:0c:a4:da:54:16:24:01:
                    78:be:e4:3f:dc:ff:8b:30:75:e9:5e:d2:a4:3f:9e:
                    ea:49:aa:3d:0e:d6:1b:86:f4:9e:11:d7:62:c5:58:
                    67:15:45:af:92:f8:ee:c6:4b:94:ba:5d:f7:b4:5e:
                    ba:3a:69:32:d5:ec:da:05:02:82:18:79:5b:e9:8b:
                    bd:81:a1:4a:3f:9d:a5:a4:0d:49:29:bf:4f:ad:12:
                    c5:1b:99:bd:d2:22:04:0b:bc:3f:bc:35:c5:c7:08:
                    02:de:ff:fa:65:c8:aa:02:73:8e:90:fc:2d:62:71:
                    1d:e6:b7:24:5a:00:e8:96:05:bb:6a:e5:f1:b5:18:
                    6d:a1:32:0c:57:11:10:ea:6b:e1:c6:d3:8e:e5:e2:
                    6d:fd:76:bd:df:37:63:f5:c9:78:95:04:ce:48:ca:
                    1d:32:b6:f7:1d:ce:c0:95:ab:d2:6d:2e:b2:1b:fc:
                    a7:dd:38:13:d8:87:51:86:56:d2:ce:7b:e3:09:95:
                    20:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:14:54:40:2F:EF:4A:78:3F:27:9C:95:B1:A3:83:24:18:85:E5:EF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9c999f2b-89df-4589-86c8-de2bf74d8177.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:a5:20:dc:4c:84:c3:e2:64:14:56:ee:79:e7:69:00:a9:f0:
         3f:13:92:b0:3c:45:cb:5b:34:91:aa:8d:94:9b:40:86:3e:25:
         ce:51:c5:85:3d:07:25:c9:42:7f:2a:5c:07:d0:9e:29:4e:83:
         7e:8a:82:37:37:a6:ae:57:3f:c7:4f:f0:16:d8:b9:32:fd:4e:
         19:e6:eb:f9:b4:d4:59:37:fc:89:39:da:d8:be:3c:a0:43:60:
         e3:57:a6:4d:7c:d3:1b:af:41:28:b3:38:b2:16:c6:19:ba:f6:
         ab:79:34:8f:85:f1:c7:3c:c2:57:d2:23:2b:87:32:64:bf:e8:
         ea:94:f7:b8:92:f5:c2:67:e4:5d:5a:5f:bd:59:a6:a2:d9:e9:
         fb:71:a8:cf:eb:ae:6c:fe:82:df:fa:a0:ef:3d:31:3e:c8:51:
         cb:67:fb:89:e4:e0:52:6f:9c:c2:90:32:46:dd:d3:6f:52:b3:
         1c:c5:ce:35:9b:f1:38:bc:e3:d1:af:d7:8a:d7:cf:ff:1a:3a:
         3a:25:39:ca:5c:f7:e1:60:2b:a7:6e:21:58:9a:78:c1:87:2e:
         8d:4e:53:c5:02:d4:c3:e5:e5:47:27:d1:01:3e:79:b5:33:12:
         89:d0:1d:62:46:70:c2:f4:eb:11:07:95:e6:4a:59:e3:14:04:
         7a:4b:0d:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGwIzM3iao4RNobdHTDZ+Z/3CAuAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI0MDAwMDAwWhcNMjMxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjAxM2U2NTU0ODg3Y2Q0MWQ4Mjk0NWEyY2JiMjkyOGJi
ZTg3NTExMGExYWZmZTM5NDMyYThkYmJlNDA5NTFlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8uiYN9uYtPDMqh+Cbe1rAtZ2OGY5IK2IOV5ear0FZ+Ilv
e8JLV0INwcq9Uf5PuGxmxaFmaISucGFn2ycnoN8Y2oD+DKTaVBYkAXi+5D/c/4sw
dele0qQ/nupJqj0O1huG9J4R12LFWGcVRa+S+O7GS5S6Xfe0Xro6aTLV7NoFAoIY
eVvpi72BoUo/naWkDUkpv0+tEsUbmb3SIgQLvD+8NcXHCALe//plyKoCc46Q/C1i
cR3mtyRaAOiWBbtq5fG1GG2hMgxXERDqa+HG047l4m39dr3fN2P1yXiVBM5Iyh0y
tvcdzsCVq9JtLrIb/KfdOBPYh1GGVtLOe+MJlSDTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQxRUQC/vSng/J5yVsaODJBiF5e8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzljOTk5ZjJiLTg5ZGYtNDU4OS04NmM4LWRlMmJmNzRkODE3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKGlINxMhMPiZBRW7nnnaQCp8D8T
krA8RctbNJGqjZSbQIY+Jc5RxYU9ByXJQn8qXAfQnilOg36Kgjc3pq5XP8dP8BbY
uTL9Thnm6/m01Fk3/Ik52ti+PKBDYONXpk180xuvQSizOLIWxhm69qt5NI+F8cc8
wlfSIyuHMmS/6OqU97iS9cJn5F1aX71ZpqLZ6ftxqM/rrmz+gt/6oO89MT7IUctn
+4nk4FJvnMKQMkbd029SsxzFzjWb8Ti849Gv14rXz/8aOjolOcpc9+FgK6duIVia
eMGHLo1OU8UC1MPl5Ucn0QE+ebUzEonQHWJGcML06xEHleZKWeMUBHpLDdM=
-----END CERTIFICATE-----