Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9f51ab49-96ca-4c98-b3fb-b5f1cb23756c.roa
File:                     9f51ab49-96ca-4c98-b3fb-b5f1cb23756c.roa (raw, json)
Hash identifier:          yic1EGsfz0rZWP1aRepnMlLjvt8IkE5MfZjkrjEbykk=
Subject key identifier:   12:CE:89:1D:33:B9:83:4C:18:C5:B8:76:91:E4:19:DD:08:6C:A9:ED
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       63D8767BA41142781E867D92D961CD72B800F370
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9f51ab49-96ca-4c98-b3fb-b5f1cb23756c.roa
Signing time:             Tue 01 Aug 2023 00:00:00 +0000
ROA not before:           Tue 01 Aug 2023 00:00:00 +0000
ROA not after:            Tue 05 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:d8:76:7b:a4:11:42:78:1e:86:7d:92:d9:61:cd:72:b8:00:f3:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  1 00:00:00 2023 GMT
            Not After : Sep  5 23:59:59 2023 GMT
        Subject: serialNumber=1ae610bacf0e33de309e22495123fabb7d2c6242fa76ea9851d7f19ed668586e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6d:5c:c3:ea:e7:28:47:43:40:a7:ce:a9:3f:
                    cc:d9:2e:05:4e:41:db:99:23:43:98:09:67:03:22:
                    bd:40:c1:97:17:ff:85:97:76:43:2f:78:65:0f:79:
                    0e:fe:c6:16:03:86:82:b8:db:81:82:f0:3f:2f:7b:
                    c3:06:fe:eb:ba:81:c3:95:5b:4c:bf:00:44:09:08:
                    f3:e0:5f:81:7a:ec:ec:8d:31:f1:90:76:98:63:83:
                    b1:a5:9b:49:01:da:3b:0a:63:45:29:7a:87:f4:43:
                    83:56:a9:05:a3:4b:a5:d1:2b:3c:7c:d7:05:07:f1:
                    e0:24:2d:ab:9d:14:9b:32:f1:39:33:0a:75:44:df:
                    ec:81:6b:08:99:f1:b6:e7:6c:da:ee:02:ce:c6:98:
                    08:6e:49:0f:d7:39:71:68:88:7f:e9:f1:bd:b6:cd:
                    d3:fd:1d:63:14:dc:54:d0:dc:c5:6c:8c:a0:31:95:
                    00:be:32:d2:10:0f:23:1c:01:da:3b:e8:fe:f5:3c:
                    1d:b6:f4:cb:45:47:c8:e3:8e:c2:86:9c:c0:63:4a:
                    ad:93:e0:c6:1d:7d:b1:64:0d:3c:11:a8:77:e2:9b:
                    ec:e1:79:f2:75:c4:45:ec:d9:40:eb:91:9d:ea:7d:
                    77:16:a8:b5:f2:b7:b0:8a:c2:d6:e3:2d:1d:46:bf:
                    b9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:CE:89:1D:33:B9:83:4C:18:C5:B8:76:91:E4:19:DD:08:6C:A9:ED
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9f51ab49-96ca-4c98-b3fb-b5f1cb23756c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:16:1d:a3:d1:08:cd:ea:da:ae:60:e0:ce:aa:71:ab:9f:c6:
         7b:54:1e:15:a3:4a:c0:45:9f:c5:0d:b4:dc:6b:91:52:01:81:
         59:19:85:b3:de:47:dd:4b:18:58:7f:9b:36:b8:1b:e2:87:c7:
         62:5a:a1:dc:c1:9b:8a:ab:0b:8e:d5:2f:fd:78:9a:1a:bb:18:
         23:b8:06:a7:13:5b:0c:21:32:f2:70:d5:91:47:8b:0f:ba:c9:
         a3:54:b6:a1:58:6f:6a:1b:04:75:34:c6:a7:ee:b3:70:4e:23:
         5a:4c:68:23:26:c3:77:f3:48:73:bc:d6:fd:73:8b:2f:73:60:
         71:c5:1d:b6:b1:63:37:4c:c9:52:15:ec:77:36:3d:d1:4d:91:
         8a:38:61:19:c2:20:e0:c4:06:5b:06:b6:9a:69:a5:eb:ae:a3:
         6e:86:59:0d:f2:48:b2:15:2d:3b:1b:35:18:94:83:b7:0e:05:
         4a:fb:47:b6:1f:c0:cc:48:09:20:32:55:a4:8f:cf:2a:f9:6e:
         d4:4c:3d:34:79:7d:e7:74:ef:c8:f0:22:1b:aa:57:4b:b6:88:
         51:4e:e9:a6:d9:bd:55:53:18:3a:48:af:e2:ff:b7:11:34:21:
         af:aa:d1:0b:19:79:77:a0:12:b3:6f:58:e0:dc:fd:34:c1:00:
         a9:f2:c1:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY9h2e6QRQngehn2S2WHNcrgA83AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODAxMDAwMDAwWhcNMjMwOTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYWU2MTBiYWNmMGUzM2RlMzA5ZTIyNDk1MTIzZmFiYjdk
MmM2MjQyZmE3NmVhOTg1MWQ3ZjE5ZWQ2Njg1ODZlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxbVzD6ucoR0NAp86pP8zZLgVOQduZI0OYCWcDIr1AwZcX
/4WXdkMveGUPeQ7+xhYDhoK424GC8D8ve8MG/uu6gcOVW0y/AEQJCPPgX4F67OyN
MfGQdphjg7Glm0kB2jsKY0Upeof0Q4NWqQWjS6XRKzx81wUH8eAkLaudFJsy8Tkz
CnVE3+yBawiZ8bbnbNruAs7GmAhuSQ/XOXFoiH/p8b22zdP9HWMU3FTQ3MVsjKAx
lQC+MtIQDyMcAdo76P71PB229MtFR8jjjsKGnMBjSq2T4MYdfbFkDTwRqHfim+zh
efJ1xEXs2UDrkZ3qfXcWqLXyt7CKwtbjLR1Gv7lvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEs6JHTO5g0wYxbh2keQZ3Qhsqe0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlmNTFhYjQ5LTk2Y2EtNGM5OC1iM2ZiLWI1ZjFjYjIzNzU2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHIWHaPRCM3q2q5g4M6qcaufxntU
HhWjSsBFn8UNtNxrkVIBgVkZhbPeR91LGFh/mza4G+KHx2JaodzBm4qrC47VL/14
mhq7GCO4BqcTWwwhMvJw1ZFHiw+6yaNUtqFYb2obBHU0xqfus3BOI1pMaCMmw3fz
SHO81v1ziy9zYHHFHbaxYzdMyVIV7Hc2PdFNkYo4YRnCIODEBlsGtppppeuuo26G
WQ3ySLIVLTsbNRiUg7cOBUr7R7YfwMxICSAyVaSPzyr5btRMPTR5fed078jwIhuq
V0u2iFFO6abZvVVTGDpIr+L/txE0Ia+q0QsZeXegErNvWODc/TTBAKnywWE=
-----END CERTIFICATE-----