Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b44c6c33-544f-429f-ae99-c038554bb887.roa
File:                     b44c6c33-544f-429f-ae99-c038554bb887.roa (raw, json)
Hash identifier:          /JTl78e1Jp1sCy//Ss90aXgX4rVl7dmwO66OFxIqu+E=
Subject key identifier:   B0:97:2D:C5:1E:D6:04:D8:51:D2:56:A4:12:6D:C0:EC:97:92:DB:3A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7197BF5988953BF271349BF830147DDC61F7F9F6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b44c6c33-544f-429f-ae99-c038554bb887.roa
Signing time:             Wed 20 Dec 2023 00:00:00 +0000
ROA not before:           Wed 20 Dec 2023 00:00:00 +0000
ROA not after:            Wed 24 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:97:bf:59:88:95:3b:f2:71:34:9b:f8:30:14:7d:dc:61:f7:f9:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 20 00:00:00 2023 GMT
            Not After : Jan 24 23:59:59 2024 GMT
        Subject: serialNumber=7e24c5d896c4bbd57b267502f56cfdefa1f93e56bbf4de36c6e0bb04b3c5b7b5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a3:ee:0f:51:35:ab:09:ca:ed:dd:7f:e2:cf:
                    fa:ca:aa:8f:6b:53:8e:36:c1:88:40:04:e7:8f:bf:
                    3e:6c:3e:b4:57:01:1d:aa:40:c3:59:bd:94:f8:92:
                    9d:cb:de:eb:fa:90:49:a6:5e:4a:0e:18:2b:70:0b:
                    c8:0e:51:dc:5a:21:a2:58:9d:87:52:61:e9:2b:82:
                    02:7d:fc:d6:d2:a8:3c:97:39:37:82:c7:fd:e5:4e:
                    44:25:9d:3a:74:82:75:c6:0b:90:f0:93:a9:1d:3e:
                    e4:31:03:53:ff:68:e1:60:b4:b5:3a:80:9c:8a:a2:
                    18:69:83:4f:58:e1:70:e3:22:c9:80:78:50:08:48:
                    7d:02:11:05:74:9f:3e:73:df:e5:2f:cb:b2:f7:f6:
                    c0:b2:62:3b:a7:d0:6a:50:c1:67:ed:c3:4e:90:78:
                    21:4f:15:85:1c:3f:bc:a4:05:0e:04:09:7c:43:89:
                    7d:31:8d:82:9a:0d:db:39:51:fd:f3:18:b7:40:52:
                    91:a3:4d:03:d4:4e:3a:bb:da:3c:71:35:b9:0e:d6:
                    75:c1:47:83:5c:c0:2b:dd:83:6f:bc:6f:2c:4b:f8:
                    f6:81:5a:9f:04:d0:5d:66:68:49:2c:28:14:0b:e8:
                    e4:0c:a6:3c:0f:c7:6c:11:a1:a2:8b:e1:bf:cf:57:
                    8c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:97:2D:C5:1E:D6:04:D8:51:D2:56:A4:12:6D:C0:EC:97:92:DB:3A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b44c6c33-544f-429f-ae99-c038554bb887.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:fc:8f:89:df:3f:2b:ed:30:bb:32:d4:63:3b:9e:39:70:b8:
         03:4c:fa:c6:06:a9:81:71:06:23:b3:18:64:cd:5b:33:e0:4a:
         b0:59:32:19:bd:42:fb:dd:42:a5:95:03:39:ed:79:4a:d8:a9:
         47:db:4b:ec:61:fa:12:fe:92:70:f9:ec:dd:ba:ff:e7:16:51:
         36:f7:33:0f:31:f1:f0:20:5d:68:b9:b3:d0:ba:c7:a5:04:43:
         15:b3:5e:d0:8c:6e:e0:37:14:6f:be:12:ce:11:0f:db:d5:99:
         85:6a:75:d9:fa:9c:ec:7d:20:55:9f:65:69:c4:f2:f6:d6:d3:
         bc:52:38:05:a7:6d:df:a4:04:2f:99:7b:67:80:19:ad:f0:f5:
         b2:9e:ca:cc:94:44:6c:d3:61:78:f5:74:4b:56:b8:b8:8c:96:
         22:94:b5:7d:0c:82:71:12:8a:90:b3:c2:54:d0:e0:c1:ca:b4:
         f0:16:d7:c5:81:36:b9:fd:88:e6:f3:65:98:07:ce:ec:c7:b9:
         9c:fa:f4:29:2c:de:ba:71:d6:c9:53:6c:6b:77:b5:a4:3a:72:
         b0:14:4e:cf:a8:4f:21:88:11:92:4d:df:f2:10:6a:d5:b8:aa:
         91:e8:88:44:aa:0b:2a:63:f1:ae:7c:91:7c:52:a1:c5:6d:af:
         bb:56:8d:64
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcZe/WYiVO/JxNJv4MBR93GH3+fYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjIwMDAwMDAwWhcNMjQwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZTI0YzVkODk2YzRiYmQ1N2IyNjc1MDJmNTZjZmRlZmEx
ZjkzZTU2YmJmNGRlMzZjNmUwYmIwNGIzYzViN2I1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCho+4PUTWrCcrt3X/iz/rKqo9rU442wYhABOePvz5sPrRX
AR2qQMNZvZT4kp3L3uv6kEmmXkoOGCtwC8gOUdxaIaJYnYdSYekrggJ9/NbSqDyX
OTeCx/3lTkQlnTp0gnXGC5Dwk6kdPuQxA1P/aOFgtLU6gJyKohhpg09Y4XDjIsmA
eFAISH0CEQV0nz5z3+Uvy7L39sCyYjun0GpQwWftw06QeCFPFYUcP7ykBQ4ECXxD
iX0xjYKaDds5Uf3zGLdAUpGjTQPUTjq72jxxNbkO1nXBR4NcwCvdg2+8byxL+PaB
Wp8E0F1maEksKBQL6OQMpjwPx2wRoaKL4b/PV4ytAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsJctxR7WBNhR0lakEm3A7JeS2zowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I0NGM2YzMzLTU0NGYtNDI5Zi1hZTk5LWMwMzg1NTRiYjg4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKj8j4nfPyvtMLsy1GM7njlwuANM
+sYGqYFxBiOzGGTNWzPgSrBZMhm9QvvdQqWVAznteUrYqUfbS+xh+hL+knD57N26
/+cWUTb3Mw8x8fAgXWi5s9C6x6UEQxWzXtCMbuA3FG++Es4RD9vVmYVqddn6nOx9
IFWfZWnE8vbW07xSOAWnbd+kBC+Ze2eAGa3w9bKeysyURGzTYXj1dEtWuLiMliKU
tX0MgnESipCzwlTQ4MHKtPAW18WBNrn9iObzZZgHzuzHuZz69Cks3rpx1slTbGt3
taQ6crAUTs+oTyGIEZJN3/IQatW4qpHoiESqCypj8a58kXxSocVtr7tWjWQ=
-----END CERTIFICATE-----