Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aef7ef7b-aa07-4f1f-891d-1bcd520a4ee8.roa
File:                     aef7ef7b-aa07-4f1f-891d-1bcd520a4ee8.roa (raw, json)
Hash identifier:          PHMph6uCnWCeaOhByFcBn+RnojMyKrOTCCDQTir6eYA=
Subject key identifier:   1C:F0:6E:F4:85:48:53:8C:0D:B4:30:17:85:33:DF:C4:33:09:D9:DD
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       532EA61B3C77F3F0C0FAC50A1A7827990D4E2F00
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aef7ef7b-aa07-4f1f-891d-1bcd520a4ee8.roa
Signing time:             Wed 11 Oct 2023 00:00:00 +0000
ROA not before:           Wed 11 Oct 2023 00:00:00 +0000
ROA not after:            Wed 15 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:2e:a6:1b:3c:77:f3:f0:c0:fa:c5:0a:1a:78:27:99:0d:4e:2f:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 11 00:00:00 2023 GMT
            Not After : Nov 15 23:59:59 2023 GMT
        Subject: serialNumber=ed9f24d9f230e1a3f142c7f535874eacc4098126b3d13efa3f08fc228ac37d8a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:33:64:ba:2e:d8:ac:90:e7:3b:ef:5f:d5:90:
                    c9:64:83:8e:96:4c:6d:9e:68:99:f2:00:7a:8e:11:
                    89:2b:ed:da:9a:23:6b:ae:be:01:5d:fd:1c:1d:f1:
                    6b:14:0e:ff:33:af:eb:11:3f:dd:ea:10:a6:8e:02:
                    70:58:34:35:0b:93:c2:0f:6a:52:49:1b:e2:3a:16:
                    7a:0f:ab:7f:3c:c3:1b:92:9d:85:47:03:e6:c6:f3:
                    9b:d0:1d:5b:37:d9:69:78:ee:17:3e:e4:dc:57:c1:
                    e4:90:f2:28:99:5f:b4:0a:68:24:ff:0e:9b:97:d6:
                    3a:69:b3:df:80:79:d7:27:ef:fd:7f:75:41:3c:b3:
                    16:23:a7:8d:a6:e8:2f:e8:dc:09:79:c3:13:7a:3b:
                    f3:eb:6d:e1:4c:6b:99:c2:be:17:47:57:8c:c8:f6:
                    2c:35:01:9e:92:7f:f6:39:77:de:ab:e6:08:7a:7e:
                    ac:89:93:d5:f8:42:ad:d0:07:20:de:03:93:6e:ba:
                    2b:c7:3c:c7:15:6b:1a:0a:d7:46:03:df:ea:df:aa:
                    47:5f:a6:11:8a:84:5a:6b:1e:e2:43:d4:64:ca:81:
                    7b:5e:de:bb:98:69:d4:d7:f3:41:6b:d0:da:de:3f:
                    02:12:cf:d9:95:42:fa:07:13:37:e3:0a:82:9f:0f:
                    36:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:F0:6E:F4:85:48:53:8C:0D:B4:30:17:85:33:DF:C4:33:09:D9:DD
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aef7ef7b-aa07-4f1f-891d-1bcd520a4ee8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:cb:bc:f2:84:6d:26:0f:93:6c:bd:38:a3:90:61:1c:7d:40:
         6d:35:1f:97:b4:47:ef:21:16:9b:59:a3:26:99:b9:b2:3f:a0:
         0c:ee:f0:10:07:11:0b:fe:a0:c0:32:49:8b:82:93:01:8f:ff:
         95:8e:da:59:b6:96:3c:39:2c:f6:1d:29:2e:b9:94:08:eb:56:
         08:5c:96:73:85:08:b1:fb:b5:93:80:dd:3a:eb:9d:5d:71:b6:
         f0:e2:ce:7a:59:49:a9:0d:e7:20:53:b8:0d:ad:30:e0:2d:47:
         58:b9:fc:f0:13:51:f9:5c:6b:e7:f7:04:a2:41:0f:75:9b:8d:
         26:91:7a:00:6f:fa:56:81:f5:29:61:78:61:53:b3:21:4d:24:
         26:b0:f8:80:22:ce:5c:3d:eb:9f:34:4d:fa:77:a8:dc:e3:e9:
         ce:80:ec:4c:42:ac:e7:95:76:33:b6:4d:88:29:b7:04:a6:cf:
         cb:d0:70:9f:9e:93:ee:43:57:17:9a:bb:1a:e6:10:80:c8:dd:
         01:ac:9a:54:75:8a:4c:47:ee:1a:10:c1:d3:b9:4f:9a:1b:8f:
         f3:96:46:bf:52:58:b1:5e:1d:be:43:8e:a5:9d:44:8e:cd:95:
         7f:e7:72:61:b7:13:f5:01:ca:41:c5:21:23:5e:03:c0:14:21:
         45:e6:0e:60
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUy6mGzx38/DA+sUKGngnmQ1OLwAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDExMDAwMDAwWhcNMjMxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDlmMjRkOWYyMzBlMWEzZjE0MmM3ZjUzNTg3NGVhY2M0
MDk4MTI2YjNkMTNlZmEzZjA4ZmMyMjhhYzM3ZDhhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2M2S6LtiskOc771/VkMlkg46WTG2eaJnyAHqOEYkr7dqa
I2uuvgFd/Rwd8WsUDv8zr+sRP93qEKaOAnBYNDULk8IPalJJG+I6FnoPq388wxuS
nYVHA+bG85vQHVs32Wl47hc+5NxXweSQ8iiZX7QKaCT/DpuX1jpps9+Aedcn7/1/
dUE8sxYjp42m6C/o3Al5wxN6O/PrbeFMa5nCvhdHV4zI9iw1AZ6Sf/Y5d96r5gh6
fqyJk9X4Qq3QByDeA5NuuivHPMcVaxoK10YD3+rfqkdfphGKhFprHuJD1GTKgXte
3ruYadTX80Fr0NrePwISz9mVQvoHEzfjCoKfDzbJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHPBu9IVIU4wNtDAXhTPfxDMJ2d0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FlZjdlZjdiLWFhMDctNGYxZi04OTFkLTFiY2Q1MjBhNGVlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIbLvPKEbSYPk2y9OKOQYRx9QG01
H5e0R+8hFptZoyaZubI/oAzu8BAHEQv+oMAySYuCkwGP/5WO2lm2ljw5LPYdKS65
lAjrVghclnOFCLH7tZOA3TrrnV1xtvDiznpZSakN5yBTuA2tMOAtR1i5/PATUflc
a+f3BKJBD3WbjSaRegBv+laB9SlheGFTsyFNJCaw+IAizlw96580Tfp3qNzj6c6A
7ExCrOeVdjO2TYgptwSmz8vQcJ+ek+5DVxeauxrmEIDI3QGsmlR1ikxH7hoQwdO5
T5obj/OWRr9SWLFeHb5DjqWdRI7NlX/ncmG3E/UBykHFISNeA8AUIUXmDmA=
-----END CERTIFICATE-----