Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9ff55c8c-2c5d-4bbc-abb7-34a00c760641.roa
File:                     9ff55c8c-2c5d-4bbc-abb7-34a00c760641.roa (raw, json)
Hash identifier:          qokgrMvj4AlC/5R9H1634djnnJmNzPTZ/dh0/k5zxGQ=
Subject key identifier:   21:CC:5F:85:5C:40:92:17:16:7B:90:BB:16:7B:24:37:27:0D:26:6C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4E4BF5C725764719E246207D332EA4915BBD5CBB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9ff55c8c-2c5d-4bbc-abb7-34a00c760641.roa
Signing time:             Sat 07 Oct 2023 00:00:00 +0000
ROA not before:           Sat 07 Oct 2023 00:00:00 +0000
ROA not after:            Sat 11 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:4b:f5:c7:25:76:47:19:e2:46:20:7d:33:2e:a4:91:5b:bd:5c:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  7 00:00:00 2023 GMT
            Not After : Nov 11 23:59:59 2023 GMT
        Subject: serialNumber=edf533886e3537f713f4e4f0bcd08f7b32635b08f53b2a9a79520133b561fbc4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4a:0d:f8:18:9d:c3:c3:a8:3c:1c:46:8b:2a:
                    5d:6c:0d:05:9a:c9:5e:5d:20:1e:8d:18:8e:51:5d:
                    89:82:6e:79:c8:f0:37:35:cd:ec:09:c5:9c:85:b2:
                    d9:f3:d4:e2:12:fd:84:a9:e8:76:e6:a3:7c:a6:a7:
                    9d:47:c4:12:ee:e2:06:c9:af:5a:8e:8b:89:83:93:
                    8f:87:5b:cc:40:3a:e1:2b:62:01:8b:6d:86:34:06:
                    81:0b:ee:ad:76:fb:19:e0:20:2a:48:3d:a3:65:ba:
                    84:d5:31:01:51:07:4a:f3:d6:e7:8d:8c:b1:c0:e7:
                    d1:74:b4:37:bf:dc:07:25:71:73:78:20:aa:ae:66:
                    17:b9:a9:56:ae:6c:59:67:53:9f:89:64:18:ec:a2:
                    d5:36:32:20:6f:39:cb:d7:36:5d:97:72:5e:8c:20:
                    1b:06:47:00:bd:e6:39:0c:3b:30:f1:b8:26:15:a6:
                    38:24:21:3a:88:e0:78:3f:42:04:be:1d:64:f5:d1:
                    57:11:b5:3a:a6:d5:5f:c3:1a:a3:15:86:54:82:b7:
                    0c:ca:94:4c:66:b6:63:73:07:5d:71:8f:3b:87:7c:
                    36:8e:0b:6d:b4:5f:d7:cf:d5:c7:2a:27:40:68:ce:
                    a7:f7:bc:bb:26:81:54:7f:5c:11:42:34:03:c1:84:
                    3b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:CC:5F:85:5C:40:92:17:16:7B:90:BB:16:7B:24:37:27:0D:26:6C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9ff55c8c-2c5d-4bbc-abb7-34a00c760641.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:0e:67:0a:52:63:9d:13:86:bc:54:14:f3:0a:2d:7b:db:10:
         13:3e:3a:cc:95:52:85:1e:71:0c:a6:52:8f:d8:8d:c2:4f:60:
         19:96:f9:5c:f8:48:0c:4c:b3:7c:7d:97:e4:59:e7:0f:34:b1:
         b2:ce:ab:43:24:ba:a6:b6:fc:02:95:cf:3b:03:3a:42:a8:ba:
         e4:91:43:5c:e1:3a:9e:73:a4:2b:8f:cf:e2:2c:01:7d:e9:96:
         4a:47:16:ee:30:98:21:5c:ad:44:6c:8c:63:da:a2:06:1b:5d:
         15:10:0e:30:af:85:09:90:df:60:7c:80:2f:ab:be:87:33:ad:
         64:27:4a:69:af:d9:4b:10:f7:d0:23:20:72:f6:ab:a6:bc:c7:
         aa:65:7b:02:52:fe:14:df:bc:99:ce:fa:43:3b:12:6c:72:e7:
         ae:13:97:f7:24:7e:64:c5:c0:c4:84:b2:d5:b2:b3:ad:51:28:
         56:b7:b1:58:3e:35:f7:e0:4e:7d:7a:0e:21:70:fa:62:8c:6a:
         b9:49:c7:64:c3:f6:96:c0:60:1c:cf:e5:af:25:e4:d0:9c:0f:
         6e:e3:fc:e9:af:54:ef:ef:74:b7:db:c6:19:16:76:bf:0d:49:
         49:76:17:16:54:80:af:b5:8c:b1:98:e3:1f:03:62:d4:2e:2b:
         9a:84:2f:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTkv1xyV2RxniRiB9My6kkVu9XLswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDA3MDAwMDAwWhcNMjMxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZGY1MzM4ODZlMzUzN2Y3MTNmNGU0ZjBiY2QwOGY3YjMy
NjM1YjA4ZjUzYjJhOWE3OTUyMDEzM2I1NjFmYmM0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLSg34GJ3Dw6g8HEaLKl1sDQWayV5dIB6NGI5RXYmCbnnI
8Dc1zewJxZyFstnz1OIS/YSp6Hbmo3ymp51HxBLu4gbJr1qOi4mDk4+HW8xAOuEr
YgGLbYY0BoEL7q12+xngICpIPaNluoTVMQFRB0rz1ueNjLHA59F0tDe/3AclcXN4
IKquZhe5qVaubFlnU5+JZBjsotU2MiBvOcvXNl2Xcl6MIBsGRwC95jkMOzDxuCYV
pjgkITqI4Hg/QgS+HWT10VcRtTqm1V/DGqMVhlSCtwzKlExmtmNzB11xjzuHfDaO
C220X9fP1ccqJ0Bozqf3vLsmgVR/XBFCNAPBhDsnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIcxfhVxAkhcWe5C7FnskNycNJmwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlmZjU1YzhjLTJjNWQtNGJiYy1hYmI3LTM0YTAwYzc2MDY0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGUOZwpSY50ThrxUFPMKLXvbEBM+
OsyVUoUecQymUo/YjcJPYBmW+Vz4SAxMs3x9l+RZ5w80sbLOq0Mkuqa2/AKVzzsD
OkKouuSRQ1zhOp5zpCuPz+IsAX3plkpHFu4wmCFcrURsjGPaogYbXRUQDjCvhQmQ
32B8gC+rvoczrWQnSmmv2UsQ99AjIHL2q6a8x6plewJS/hTfvJnO+kM7Emxy564T
l/ckfmTFwMSEstWys61RKFa3sVg+NffgTn16DiFw+mKMarlJx2TD9pbAYBzP5a8l
5NCcD27j/OmvVO/vdLfbxhkWdr8NSUl2FxZUgK+1jLGY4x8DYtQuK5qEL9E=
-----END CERTIFICATE-----