Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a120aab9-220a-40dc-9421-0c431a14f0b6.roa
File:                     a120aab9-220a-40dc-9421-0c431a14f0b6.roa (raw, json)
Hash identifier:          sHq6K2vU+F/na/wxptkr8QNMmSpTJGTHN1RrHAxVC+o=
Subject key identifier:   62:80:D9:E5:4B:72:1D:12:7F:9A:F2:8D:B9:28:D9:13:12:4F:53:76
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5408F5EB5A897163B32446A51645F3AD47B2E5A5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a120aab9-220a-40dc-9421-0c431a14f0b6.roa
Signing time:             Wed 01 Nov 2023 00:00:00 +0000
ROA not before:           Wed 01 Nov 2023 00:00:00 +0000
ROA not after:            Wed 06 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:08:f5:eb:5a:89:71:63:b3:24:46:a5:16:45:f3:ad:47:b2:e5:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  1 00:00:00 2023 GMT
            Not After : Dec  6 23:59:59 2023 GMT
        Subject: serialNumber=d75c4b12934310f8236976c350e55b848abbfe13477c239db582cc3ef9171d0a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:66:e8:02:83:96:50:23:54:84:3e:a8:f1:5e:
                    e3:b3:7a:c8:71:52:90:6a:2d:9f:65:91:b4:f1:79:
                    7f:dd:89:6a:a5:1a:d7:09:e0:23:6d:df:c1:ec:ad:
                    32:54:e4:fc:5f:07:98:d9:c1:e4:41:dd:6b:20:51:
                    77:5c:f6:59:2b:38:8c:49:95:f3:c7:0a:21:09:3f:
                    d1:80:48:d6:dc:ca:7c:0d:f3:c0:28:ce:85:fd:27:
                    75:09:58:0f:3b:4a:c5:bc:5c:48:2d:10:1a:c1:1a:
                    71:98:eb:45:cd:f1:21:83:12:4f:6b:d1:e3:d2:1d:
                    98:ef:ee:9e:a1:57:f8:01:ad:e4:2c:58:00:a4:ae:
                    68:f2:81:60:39:da:c6:d8:91:33:1e:6b:ee:e3:c9:
                    67:98:84:bf:08:57:dc:ac:60:aa:00:85:eb:f8:ba:
                    c3:3d:8a:75:37:c5:00:1e:55:e3:d1:94:9c:11:6a:
                    14:4c:63:de:51:c3:7c:f2:ba:8f:b5:c7:f5:a1:4d:
                    d1:bc:d8:74:4a:45:47:0b:1a:cd:52:32:e4:42:76:
                    bf:93:ec:86:42:f5:03:55:73:3d:d8:5e:78:38:bb:
                    c5:d7:99:fc:95:2f:f5:e5:fd:1a:cb:60:86:8e:12:
                    5a:44:f0:e4:46:cc:83:99:96:3c:da:e3:fb:f3:2e:
                    be:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:80:D9:E5:4B:72:1D:12:7F:9A:F2:8D:B9:28:D9:13:12:4F:53:76
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a120aab9-220a-40dc-9421-0c431a14f0b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:7c:b5:37:d8:ad:24:fc:a9:f8:dc:ee:6a:d4:28:aa:88:bb:
         fd:f1:74:4c:6d:15:72:37:65:ee:a4:b4:18:32:64:94:02:76:
         37:2c:41:9c:fb:f7:f5:57:85:eb:fb:10:57:73:1d:0c:f8:ff:
         ae:ad:84:88:37:f6:85:b2:bd:e9:e4:2b:d5:be:90:7d:ee:1f:
         34:1a:50:df:6b:88:58:6e:84:f4:db:be:30:9a:86:a9:45:61:
         6c:d5:41:14:e1:80:bc:22:4b:06:0a:0b:d8:f4:6f:b2:49:4b:
         0a:e2:a7:42:ef:8d:08:77:d3:e9:5b:1f:8b:9a:85:6b:04:5d:
         f1:d2:60:3d:f3:3e:de:a5:fa:df:cb:87:00:f8:fb:70:db:0d:
         1f:cb:7e:f4:c5:4b:21:2c:fd:f1:5a:6c:5b:60:91:29:d8:e9:
         e5:1f:60:d1:59:7a:23:a6:34:00:e5:ca:81:c8:e0:5b:be:8a:
         40:04:c5:e4:fd:2d:72:26:0c:70:fa:13:b8:a3:0c:a1:3e:e4:
         39:9b:07:84:93:76:c8:6b:81:44:1b:da:d1:b7:1b:9a:f4:39:
         0b:51:57:6b:e5:26:91:c9:76:5e:bc:51:f0:4e:69:30:fb:6e:
         29:4d:b3:29:c2:98:8e:62:c1:89:19:ad:4c:df:d9:c6:27:66:
         7f:fc:41:b2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVAj161qJcWOzJEalFkXzrUey5aUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTAxMDAwMDAwWhcNMjMxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzVjNGIxMjkzNDMxMGY4MjM2OTc2YzM1MGU1NWI4NDhh
YmJmZTEzNDc3YzIzOWRiNTgyY2MzZWY5MTcxZDBhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmZugCg5ZQI1SEPqjxXuOzeshxUpBqLZ9lkbTxeX/diWql
GtcJ4CNt38HsrTJU5PxfB5jZweRB3WsgUXdc9lkrOIxJlfPHCiEJP9GASNbcynwN
88AozoX9J3UJWA87SsW8XEgtEBrBGnGY60XN8SGDEk9r0ePSHZjv7p6hV/gBreQs
WACkrmjygWA52sbYkTMea+7jyWeYhL8IV9ysYKoAhev4usM9inU3xQAeVePRlJwR
ahRMY95Rw3zyuo+1x/WhTdG82HRKRUcLGs1SMuRCdr+T7IZC9QNVcz3YXng4u8XX
mfyVL/Xl/RrLYIaOElpE8ORGzIOZljza4/vzLr7tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYoDZ5UtyHRJ/mvKNuSjZExJPU3YwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ExMjBhYWI5LTIyMGEtNDBkYy05NDIxLTBjNDMxYTE0ZjBiNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABN8tTfYrST8qfjc7mrUKKqIu/3x
dExtFXI3Ze6ktBgyZJQCdjcsQZz79/VXhev7EFdzHQz4/66thIg39oWyvenkK9W+
kH3uHzQaUN9riFhuhPTbvjCahqlFYWzVQRThgLwiSwYKC9j0b7JJSwrip0LvjQh3
0+lbH4uahWsEXfHSYD3zPt6l+t/LhwD4+3DbDR/LfvTFSyEs/fFabFtgkSnY6eUf
YNFZeiOmNADlyoHI4Fu+ikAExeT9LXImDHD6E7ijDKE+5DmbB4STdshrgUQb2tG3
G5r0OQtRV2vlJpHJdl68UfBOaTD7bilNsynCmI5iwYkZrUzf2cYnZn/8QbI=
-----END CERTIFICATE-----