Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a7e254b7-fe83-467e-a111-b7df3f3c35e4.roa
File:                     a7e254b7-fe83-467e-a111-b7df3f3c35e4.roa (raw, json)
Hash identifier:          FNTTBwoVf8w2wCJaP/qMp2JlbOaflDRuXniwOuV38HU=
Subject key identifier:   70:CF:26:EF:14:DF:12:57:CD:FB:E9:8C:D2:F8:9D:29:A0:4F:3C:73
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       028FF1EA97C4AE0E62BBAE34930CF295888DA8B3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a7e254b7-fe83-467e-a111-b7df3f3c35e4.roa
Signing time:             Mon 10 Jul 2023 00:00:00 +0000
ROA not before:           Mon 10 Jul 2023 00:00:00 +0000
ROA not after:            Mon 14 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:8f:f1:ea:97:c4:ae:0e:62:bb:ae:34:93:0c:f2:95:88:8d:a8:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 10 00:00:00 2023 GMT
            Not After : Aug 14 23:59:59 2023 GMT
        Subject: serialNumber=cc68d35b07077e6bc2bb6d8b9b64c5e960356be316a16bd4c2f50eb59c787694, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:49:82:9a:f3:ea:d3:a7:dd:33:dd:b9:84:f5:
                    02:c8:17:43:8b:66:34:b9:b5:ac:ea:33:c7:ac:4b:
                    2a:66:44:d7:81:67:f6:36:30:44:99:03:25:df:7a:
                    33:eb:0c:8f:f7:d0:bb:6f:f3:37:b5:3e:90:f1:0a:
                    e4:41:4d:fb:83:28:cd:e1:e3:da:6a:69:4a:10:2a:
                    ac:8f:fd:2c:88:e9:a1:b3:bd:cf:8a:4e:57:eb:94:
                    11:9b:5f:37:e1:64:1c:01:e0:bb:59:0b:0f:dc:60:
                    4e:0e:1d:2e:50:9d:af:76:bb:fb:2f:c4:1a:fd:1a:
                    5b:e0:4c:9a:d6:e9:f6:0d:9c:1b:a3:df:d6:30:4e:
                    2f:c1:30:10:7d:8e:fc:6f:3a:ba:b3:5a:09:18:e5:
                    3a:90:78:1c:eb:eb:78:9c:93:1c:7c:27:04:e0:d5:
                    fd:da:03:63:df:99:46:a5:ba:d4:5b:f2:71:d0:35:
                    9d:2e:8b:65:15:c4:c8:34:79:fc:f0:e2:b3:bc:3e:
                    0e:2f:fe:b2:eb:98:3d:c4:23:fb:81:14:b7:49:97:
                    23:98:26:d4:9c:65:f8:6b:93:7b:7d:e2:63:c9:16:
                    e7:65:8a:32:b7:f3:ae:ad:06:90:79:6b:5d:a8:79:
                    58:e4:83:e7:ac:cf:16:55:81:5e:24:25:99:48:28:
                    d6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:CF:26:EF:14:DF:12:57:CD:FB:E9:8C:D2:F8:9D:29:A0:4F:3C:73
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a7e254b7-fe83-467e-a111-b7df3f3c35e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:da:8f:1c:57:fa:f3:29:61:70:4f:ab:cb:aa:cb:2e:db:5e:
         40:65:b9:ef:d2:1b:1f:fb:64:fe:ce:bf:54:a3:7b:a7:ab:06:
         6c:ca:43:3b:91:b0:07:c1:12:0c:eb:b4:61:07:ad:a1:dd:1b:
         f7:69:d3:e5:9c:92:6c:a6:7f:b5:b7:75:8e:f9:73:75:27:e8:
         6c:c0:91:68:14:d5:a7:54:7b:fe:93:14:0e:94:d8:d2:46:e4:
         40:82:31:06:b4:dd:e9:c1:4d:dc:52:7a:95:6b:e6:de:2a:28:
         3d:9f:ff:f9:d1:00:ab:49:b0:b1:d2:4a:d3:7a:f5:43:fd:ad:
         3f:7c:5b:94:a1:cd:72:bf:ee:f2:28:62:b6:46:97:74:82:ed:
         00:13:a1:10:f3:dc:5d:30:f6:a3:15:5d:ee:0a:93:86:be:65:
         0a:13:96:65:63:f2:c3:a8:9f:d8:c3:1c:7f:9d:de:b4:5b:de:
         b5:d6:6e:62:cf:88:f8:41:21:14:73:39:4b:da:a2:de:cb:88:
         30:3c:b3:a0:73:46:4f:9b:92:96:82:70:e8:a9:af:ed:cc:57:
         4e:05:2d:fa:7d:ff:c4:ae:c7:75:4f:1f:59:91:28:2a:e0:07:
         28:28:18:58:10:b2:8e:79:9a:49:04:0f:b2:92:1d:20:97:15:
         1f:6e:21:02
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAo/x6pfErg5iu640kwzylYiNqLMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzEwMDAwMDAwWhcNMjMwODE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzY4ZDM1YjA3MDc3ZTZiYzJiYjZkOGI5YjY0YzVlOTYw
MzU2YmUzMTZhMTZiZDRjMmY1MGViNTljNzg3Njk0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdSYKa8+rTp90z3bmE9QLIF0OLZjS5tazqM8esSypmRNeB
Z/Y2MESZAyXfejPrDI/30Ltv8ze1PpDxCuRBTfuDKM3h49pqaUoQKqyP/SyI6aGz
vc+KTlfrlBGbXzfhZBwB4LtZCw/cYE4OHS5Qna92u/svxBr9GlvgTJrW6fYNnBuj
39YwTi/BMBB9jvxvOrqzWgkY5TqQeBzr63ickxx8JwTg1f3aA2PfmUalutRb8nHQ
NZ0ui2UVxMg0efzw4rO8Pg4v/rLrmD3EI/uBFLdJlyOYJtScZfhrk3t94mPJFudl
ijK3866tBpB5a12oeVjkg+eszxZVgV4kJZlIKNYfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcM8m7xTfElfN++mM0vidKaBPPHMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E3ZTI1NGI3LWZlODMtNDY3ZS1hMTExLWI3ZGYzZjNjMzVlNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGDajxxX+vMpYXBPq8uqyy7bXkBl
ue/SGx/7ZP7Ov1Sje6erBmzKQzuRsAfBEgzrtGEHraHdG/dp0+Wckmymf7W3dY75
c3Un6GzAkWgU1adUe/6TFA6U2NJG5ECCMQa03enBTdxSepVr5t4qKD2f//nRAKtJ
sLHSStN69UP9rT98W5ShzXK/7vIoYrZGl3SC7QAToRDz3F0w9qMVXe4Kk4a+ZQoT
lmVj8sOon9jDHH+d3rRb3rXWbmLPiPhBIRRzOUvaot7LiDA8s6BzRk+bkpaCcOip
r+3MV04FLfp9/8Sux3VPH1mRKCrgBygoGFgQso55mkkED7KSHSCXFR9uIQI=
-----END CERTIFICATE-----