Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b5e31316-11c4-4b3a-a6e5-5ba4fcebda82.roa
File:                     b5e31316-11c4-4b3a-a6e5-5ba4fcebda82.roa (raw, json)
Hash identifier:          uXisBdNjhr5cIvm1AwZI0mLyJ/DORYwdiDaaFmJvOr0=
Subject key identifier:   A5:56:CC:05:65:BA:CD:BC:D9:FB:62:3C:7C:57:C5:C3:B0:34:35:B1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       789FD22447B7C85429E666E242DCF4599400CE7A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b5e31316-11c4-4b3a-a6e5-5ba4fcebda82.roa
Signing time:             Mon 30 Oct 2023 00:00:00 +0000
ROA not before:           Mon 30 Oct 2023 00:00:00 +0000
ROA not after:            Mon 04 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:9f:d2:24:47:b7:c8:54:29:e6:66:e2:42:dc:f4:59:94:00:ce:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 30 00:00:00 2023 GMT
            Not After : Dec  4 23:59:59 2023 GMT
        Subject: serialNumber=f17462638464215e6291b99e5c4f06797ac5d52645316f5b8d03e8415daaf0dc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:34:f9:19:0d:22:fb:1d:9e:08:32:0c:3b:86:
                    0f:52:26:5f:88:f1:4c:4a:13:ac:56:36:97:03:1c:
                    ed:cd:c2:9f:de:33:95:0d:11:2e:ee:e1:b7:f4:d4:
                    af:14:0b:cd:33:a7:0f:04:cc:8a:f4:11:e6:72:af:
                    38:d7:8b:74:bd:4b:7b:a2:f6:18:97:c6:71:4a:ff:
                    d5:63:2e:65:6c:65:08:5b:40:f1:f9:03:ad:0a:94:
                    1e:84:79:2a:f3:26:12:36:20:32:46:ea:f3:82:d4:
                    1b:24:22:b6:ef:04:a6:39:50:d1:9c:60:79:da:ab:
                    83:17:85:9a:5a:8d:dd:db:09:08:f0:18:fd:1a:12:
                    4b:17:45:03:cc:fa:da:ba:da:f3:03:e8:3e:64:93:
                    85:4e:16:8c:30:0f:8e:07:fc:c0:bb:1c:25:f1:31:
                    46:f7:6e:91:99:e8:33:73:69:6f:b4:c3:51:99:40:
                    12:a1:08:a7:5e:1c:b6:1c:56:43:67:2b:91:fc:b6:
                    f6:e9:33:81:c4:e8:28:f1:c8:71:f2:a4:ec:bf:a4:
                    90:88:ac:3f:38:0c:9e:b0:16:ea:b8:09:6b:3c:b8:
                    ec:89:ec:5a:2b:60:f2:b5:c2:ba:fa:b6:99:65:98:
                    52:d7:e2:6b:34:ee:97:07:8c:a1:d2:42:df:86:06:
                    1b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:56:CC:05:65:BA:CD:BC:D9:FB:62:3C:7C:57:C5:C3:B0:34:35:B1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b5e31316-11c4-4b3a-a6e5-5ba4fcebda82.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:fd:5a:fd:b9:a8:dc:69:39:47:76:96:4c:63:e4:89:71:66:
         0d:28:1e:10:f0:d4:cd:1b:6c:d8:9a:ab:bf:92:5e:dd:4e:91:
         02:99:32:84:3e:c9:45:cb:28:31:d9:91:e2:2b:5a:1b:f5:2a:
         6e:1f:65:50:e2:a3:bb:98:75:28:d8:78:c4:2c:b3:2d:3a:e1:
         7a:d6:1d:1e:6d:09:76:3f:85:fc:4c:99:f2:f6:05:10:a8:5e:
         cf:2a:27:c8:37:3c:ce:23:a3:13:f2:54:f0:49:d6:ef:06:e6:
         cb:94:69:c9:6e:b7:a4:9f:6b:5c:1f:39:92:e8:49:0f:a4:14:
         76:03:ba:28:f9:68:e6:41:9d:03:e0:8b:21:3c:39:8d:a7:3c:
         1d:0b:f4:b2:c1:63:a0:8f:14:7a:97:ff:72:aa:0c:1c:58:e4:
         11:86:78:d4:f8:00:84:b8:75:25:af:a5:76:74:b5:b1:4e:d4:
         a2:93:bd:8f:78:83:60:a2:1e:90:5a:75:6b:76:b0:53:43:97:
         8a:27:5e:fc:11:7f:88:d4:f6:07:9d:ae:26:94:f6:56:7b:e9:
         73:a3:cd:6d:3e:59:87:88:b0:eb:5d:56:a4:eb:45:99:59:7a:
         d0:04:37:76:8b:60:fb:a7:ab:19:e8:05:8b:d1:02:59:db:a2:
         31:b4:ea:8c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeJ/SJEe3yFQp5mbiQtz0WZQAznowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDMwMDAwMDAwWhcNMjMxMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTc0NjI2Mzg0NjQyMTVlNjI5MWI5OWU1YzRmMDY3OTdh
YzVkNTI2NDUzMTZmNWI4ZDAzZTg0MTVkYWFmMGRjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDONPkZDSL7HZ4IMgw7hg9SJl+I8UxKE6xWNpcDHO3Nwp/e
M5UNES7u4bf01K8UC80zpw8EzIr0EeZyrzjXi3S9S3ui9hiXxnFK/9VjLmVsZQhb
QPH5A60KlB6EeSrzJhI2IDJG6vOC1BskIrbvBKY5UNGcYHnaq4MXhZpajd3bCQjw
GP0aEksXRQPM+tq62vMD6D5kk4VOFowwD44H/MC7HCXxMUb3bpGZ6DNzaW+0w1GZ
QBKhCKdeHLYcVkNnK5H8tvbpM4HE6CjxyHHypOy/pJCIrD84DJ6wFuq4CWs8uOyJ
7ForYPK1wrr6tpllmFLX4ms07pcHjKHSQt+GBhspAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpVbMBWW6zbzZ+2I8fFfFw7A0NbEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I1ZTMxMzE2LTExYzQtNGIzYS1hNmU1LTViYTRmY2ViZGE4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJX9Wv25qNxpOUd2lkxj5IlxZg0o
HhDw1M0bbNiaq7+SXt1OkQKZMoQ+yUXLKDHZkeIrWhv1Km4fZVDio7uYdSjYeMQs
sy064XrWHR5tCXY/hfxMmfL2BRCoXs8qJ8g3PM4joxPyVPBJ1u8G5suUaclut6Sf
a1wfOZLoSQ+kFHYDuij5aOZBnQPgiyE8OY2nPB0L9LLBY6CPFHqX/3KqDBxY5BGG
eNT4AIS4dSWvpXZ0tbFO1KKTvY94g2CiHpBadWt2sFNDl4onXvwRf4jU9gedriaU
9lZ76XOjzW0+WYeIsOtdVqTrRZlZetAEN3aLYPunqxnoBYvRAlnbojG06ow=
-----END CERTIFICATE-----