Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ad583cc5-525b-4678-ba2d-89fdcb81dd5b.roa
File:                     ad583cc5-525b-4678-ba2d-89fdcb81dd5b.roa (raw, json)
Hash identifier:          ggVYOew48BAaW5TmmIMGhMvDVWj7cP87UlSL0E3DJNA=
Subject key identifier:   33:71:FA:E1:6F:9E:88:43:33:27:E0:DF:03:57:D4:09:ED:5A:AC:1E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       760989BCE6CA171F4797653DE8F65750A311628C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ad583cc5-525b-4678-ba2d-89fdcb81dd5b.roa
Signing time:             Wed 11 Oct 2023 00:00:00 +0000
ROA not before:           Wed 11 Oct 2023 00:00:00 +0000
ROA not after:            Wed 15 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:09:89:bc:e6:ca:17:1f:47:97:65:3d:e8:f6:57:50:a3:11:62:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 11 00:00:00 2023 GMT
            Not After : Nov 15 23:59:59 2023 GMT
        Subject: serialNumber=7685b2e90432936c23a481ddafd9e2832010ef260e5cee6e9ba28f2ff1b2720d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:b1:be:23:ee:ee:cd:57:2b:6e:b7:4d:60:a1:
                    d0:ab:61:97:bb:e1:d7:50:81:0f:ab:62:cc:da:4a:
                    9f:bc:1c:23:c0:ae:e0:fe:63:44:ff:86:47:77:90:
                    2c:30:0e:e9:bc:84:1e:3a:4b:3d:9d:c7:a4:21:0d:
                    dd:91:be:95:9e:d9:3b:17:95:80:1d:b8:b1:90:13:
                    ff:ea:ac:92:29:9f:0b:48:2f:fa:d2:f3:28:4c:0a:
                    c6:4f:36:f5:38:7b:b7:ce:84:83:69:3a:b8:c0:3f:
                    d2:0b:79:41:e9:9e:ef:87:75:d9:78:d4:dc:ee:87:
                    96:a1:35:13:f0:32:4a:da:a6:5f:a4:8a:76:37:da:
                    28:63:a2:2a:bc:21:68:0e:22:48:6e:49:8a:a6:ba:
                    76:22:9c:91:7f:ee:cb:52:ca:19:94:ff:31:14:ea:
                    ea:72:7e:b7:db:cf:f7:0e:02:2e:0d:2e:d4:99:4a:
                    77:50:f0:67:38:0a:c1:02:cb:d6:c1:a5:39:c5:6c:
                    d9:9c:f4:ae:8c:9a:4f:63:26:81:79:b5:1b:cb:a8:
                    97:3e:b5:3b:4e:c9:ea:18:00:fc:4d:c5:f2:e3:28:
                    64:55:18:6b:a2:d0:cc:09:fc:46:9f:3a:9e:ac:90:
                    bb:5f:d9:32:1f:fd:68:ab:af:03:4a:81:ff:3b:e2:
                    85:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:71:FA:E1:6F:9E:88:43:33:27:E0:DF:03:57:D4:09:ED:5A:AC:1E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ad583cc5-525b-4678-ba2d-89fdcb81dd5b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:33:e5:73:52:5c:46:67:29:e9:30:e3:02:ae:1d:74:58:ba:
         92:aa:ae:14:eb:79:33:21:21:cb:1f:b5:c8:2f:93:dd:50:8f:
         1e:0b:27:e7:b7:15:84:a2:e0:4c:75:fa:e5:4d:30:6b:a5:a7:
         ff:b8:5a:e1:96:40:02:81:01:3c:47:ae:26:c3:70:32:ab:a7:
         ca:69:02:77:2d:51:d3:b8:40:e6:92:5c:43:41:08:6a:56:1d:
         4b:1a:bc:b2:4e:f6:e0:97:3a:4e:56:6d:93:d3:6e:0f:48:fa:
         91:d2:9f:70:db:b7:97:95:35:49:75:da:b9:5c:a5:e1:41:47:
         c5:58:cf:84:86:d2:58:0f:90:09:66:94:b3:9b:96:69:3f:7c:
         2f:ca:fc:c9:16:e8:5a:d6:a4:42:1e:c2:90:b2:97:20:59:6d:
         2e:a4:66:26:6a:86:6e:b1:6a:f6:be:a1:f1:05:ab:2b:9d:b4:
         e2:18:5d:97:e5:90:fd:5b:4c:8e:3d:74:6e:f8:10:28:d0:50:
         cf:8f:d2:13:b4:c7:ad:85:3a:1a:2e:0a:0b:35:54:7c:6b:33:
         92:fa:8d:40:58:c1:e1:bd:c0:bc:e4:b2:7a:50:6f:ad:6c:ee:
         b9:0c:5a:6a:e0:b2:e9:e8:04:6c:88:1a:bf:aa:1b:ba:68:84:
         2d:92:1c:f4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdgmJvObKFx9Hl2U96PZXUKMRYowwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDExMDAwMDAwWhcNMjMxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3Njg1YjJlOTA0MzI5MzZjMjNhNDgxZGRhZmQ5ZTI4MzIw
MTBlZjI2MGU1Y2VlNmU5YmEyOGYyZmYxYjI3MjBkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDzsb4j7u7NVytut01godCrYZe74ddQgQ+rYszaSp+8HCPA
ruD+Y0T/hkd3kCwwDum8hB46Sz2dx6QhDd2RvpWe2TsXlYAduLGQE//qrJIpnwtI
L/rS8yhMCsZPNvU4e7fOhINpOrjAP9ILeUHpnu+Hddl41Nzuh5ahNRPwMkrapl+k
inY32ihjoiq8IWgOIkhuSYqmunYinJF/7stSyhmU/zEU6upyfrfbz/cOAi4NLtSZ
SndQ8Gc4CsECy9bBpTnFbNmc9K6Mmk9jJoF5tRvLqJc+tTtOyeoYAPxNxfLjKGRV
GGui0MwJ/EafOp6skLtf2TIf/WirrwNKgf874oVNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUM3H64W+eiEMzJ+DfA1fUCe1arB4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FkNTgzY2M1LTUyNWItNDY3OC1iYTJkLTg5ZmRjYjgxZGQ1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABMz5XNSXEZnKekw4wKuHXRYupKq
rhTreTMhIcsftcgvk91Qjx4LJ+e3FYSi4Ex1+uVNMGulp/+4WuGWQAKBATxHribD
cDKrp8ppAnctUdO4QOaSXENBCGpWHUsavLJO9uCXOk5WbZPTbg9I+pHSn3Dbt5eV
NUl12rlcpeFBR8VYz4SG0lgPkAlmlLOblmk/fC/K/MkW6FrWpEIewpCylyBZbS6k
ZiZqhm6xava+ofEFqyudtOIYXZflkP1bTI49dG74ECjQUM+P0hO0x62FOhouCgs1
VHxrM5L6jUBYweG9wLzksnpQb61s7rkMWmrgsunoBGyIGr+qG7pohC2SHPQ=
-----END CERTIFICATE-----