Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b261412c-6cb4-4022-9230-b7ca1d701447.roa
File:                     b261412c-6cb4-4022-9230-b7ca1d701447.roa (raw, json)
Hash identifier:          OCeK52fvuNZHi11SyOZxy//veR/y6Y3B8vOeyFr1LCQ=
Subject key identifier:   58:9E:20:31:21:82:30:B9:AE:14:2E:61:EB:9E:52:68:4E:2F:E7:C5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6C0252F1507AB3A249D0F5445165381C79D7A72F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b261412c-6cb4-4022-9230-b7ca1d701447.roa
Signing time:             Wed 09 Aug 2023 00:00:00 +0000
ROA not before:           Wed 09 Aug 2023 00:00:00 +0000
ROA not after:            Wed 13 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:02:52:f1:50:7a:b3:a2:49:d0:f5:44:51:65:38:1c:79:d7:a7:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  9 00:00:00 2023 GMT
            Not After : Sep 13 23:59:59 2023 GMT
        Subject: serialNumber=2b510385da9674c0b1fed897433fbf5d0846a1ffe3c220173530baaff4188d4c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:16:4b:0c:d3:02:bd:d6:a9:e4:0b:0a:4f:c2:
                    dc:27:47:88:50:d8:23:33:42:3b:45:a5:1c:79:3a:
                    82:f5:bc:8c:4b:ee:cc:1c:62:c0:76:98:c4:30:2c:
                    cd:bd:ac:ae:33:69:7d:b0:c2:ab:03:2e:e2:ef:23:
                    c1:cb:ee:3e:78:bd:36:e5:63:d7:42:98:30:15:53:
                    df:37:29:82:c6:12:41:2d:5a:5a:87:18:ec:58:82:
                    5d:56:2b:d9:f9:9d:6e:3d:af:6e:5b:6e:97:7a:d1:
                    f9:51:b9:89:68:06:a9:0d:46:d5:4f:a1:0e:1f:b7:
                    7e:5a:84:c6:34:a9:9b:d3:61:0a:e3:ae:76:8a:86:
                    5e:f4:af:ca:3a:b7:d0:7d:83:f1:b5:a1:47:75:e2:
                    40:75:22:8c:62:a9:96:3e:c3:3e:2b:94:ce:63:7c:
                    0b:4e:6c:68:ee:68:9f:20:55:ab:0c:5a:3f:e7:3d:
                    a5:6f:48:7f:2a:da:d6:13:03:b8:c9:fb:f0:03:05:
                    9d:c3:35:4f:c6:55:80:5e:71:06:d2:cb:47:66:4e:
                    43:8c:5c:f8:ce:8c:98:2b:eb:54:3b:4f:55:d1:11:
                    50:60:fc:b4:7f:a6:e2:d5:c8:39:c1:4d:ae:60:86:
                    0f:ba:c0:32:ad:4d:8f:ce:86:f4:ab:75:18:f1:76:
                    32:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:9E:20:31:21:82:30:B9:AE:14:2E:61:EB:9E:52:68:4E:2F:E7:C5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b261412c-6cb4-4022-9230-b7ca1d701447.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:98:a2:9e:42:03:7c:ac:9b:c9:c7:ef:f7:7a:d0:f1:62:15:
         fd:bb:98:8c:3b:fa:3c:c4:15:c6:86:3e:f2:e4:af:be:c8:5d:
         fb:a0:2f:27:1c:ec:6f:91:e2:4c:90:c2:08:aa:3a:9f:45:11:
         d4:c9:6a:9b:fe:ec:71:9a:a3:a7:74:6e:ca:28:4a:28:7e:41:
         df:ed:83:d2:93:45:fa:ad:1e:3c:04:a7:c8:64:43:23:89:f1:
         a0:74:95:d2:2a:90:c3:fb:80:21:ab:20:ec:11:e8:75:21:75:
         86:52:90:1a:98:aa:e1:21:24:9f:4c:da:06:22:df:5f:76:c4:
         81:67:b9:71:ec:cb:1b:ff:fe:6e:7a:44:90:80:d1:81:72:af:
         ca:b3:5c:75:b0:8c:95:76:3e:b4:b6:61:b5:f9:34:6f:a7:68:
         8e:56:8d:0f:60:3e:66:03:1e:35:fe:61:98:e6:c7:6f:6a:13:
         3d:ba:e1:4a:6b:c2:d6:66:48:54:79:2b:4c:0d:9d:0c:e8:e6:
         4a:72:64:3a:5a:e0:69:7b:e4:0f:b1:fa:e3:26:72:66:f6:4a:
         55:ee:26:7f:96:2a:76:26:1d:fa:ed:d9:5e:f3:fd:e9:66:c7:
         f6:16:a9:70:78:63:28:8e:32:29:f1:01:a4:7d:f0:b4:4e:f2:
         26:2b:4b:05
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbAJS8VB6s6JJ0PVEUWU4HHnXpy8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODA5MDAwMDAwWhcNMjMwOTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYjUxMDM4NWRhOTY3NGMwYjFmZWQ4OTc0MzNmYmY1ZDA4
NDZhMWZmZTNjMjIwMTczNTMwYmFhZmY0MTg4ZDRjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDFksM0wK91qnkCwpPwtwnR4hQ2CMzQjtFpRx5OoL1vIxL
7swcYsB2mMQwLM29rK4zaX2wwqsDLuLvI8HL7j54vTblY9dCmDAVU983KYLGEkEt
WlqHGOxYgl1WK9n5nW49r25bbpd60flRuYloBqkNRtVPoQ4ft35ahMY0qZvTYQrj
rnaKhl70r8o6t9B9g/G1oUd14kB1IoxiqZY+wz4rlM5jfAtObGjuaJ8gVasMWj/n
PaVvSH8q2tYTA7jJ+/ADBZ3DNU/GVYBecQbSy0dmTkOMXPjOjJgr61Q7T1XREVBg
/LR/puLVyDnBTa5ghg+6wDKtTY/OhvSrdRjxdjJlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWJ4gMSGCMLmuFC5h655SaE4v58UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2IyNjE0MTJjLTZjYjQtNDAyMi05MjMwLWI3Y2ExZDcwMTQ0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACSYop5CA3ysm8nH7/d60PFiFf27
mIw7+jzEFcaGPvLkr77IXfugLycc7G+R4kyQwgiqOp9FEdTJapv+7HGao6d0bsoo
Sih+Qd/tg9KTRfqtHjwEp8hkQyOJ8aB0ldIqkMP7gCGrIOwR6HUhdYZSkBqYquEh
JJ9M2gYi3192xIFnuXHsyxv//m56RJCA0YFyr8qzXHWwjJV2PrS2YbX5NG+naI5W
jQ9gPmYDHjX+YZjmx29qEz264UprwtZmSFR5K0wNnQzo5kpyZDpa4Gl75A+x+uMm
cmb2SlXuJn+WKnYmHfrt2V7z/elmx/YWqXB4YyiOMinxAaR98LRO8iYrSwU=
-----END CERTIFICATE-----