Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d35f1a91-3167-4ab9-ac98-43fceab7ad02.roa
File:                     d35f1a91-3167-4ab9-ac98-43fceab7ad02.roa (raw, json)
Hash identifier:          8i+WQl7DowNGoj43M4awHuDrc3YkECrt0TQiW1WtEVQ=
Subject key identifier:   86:60:C1:58:8D:07:18:00:17:4A:F1:A1:30:C1:2D:A2:02:DF:9E:AD
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       668B55F4908D0E7E9588D02222B4B2210A11C350
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d35f1a91-3167-4ab9-ac98-43fceab7ad02.roa
Signing time:             Sat 16 Dec 2023 00:00:00 +0000
ROA not before:           Sat 16 Dec 2023 00:00:00 +0000
ROA not after:            Sat 20 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:8b:55:f4:90:8d:0e:7e:95:88:d0:22:22:b4:b2:21:0a:11:c3:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 16 00:00:00 2023 GMT
            Not After : Jan 20 23:59:59 2024 GMT
        Subject: serialNumber=e745217beec5817da1e6f1c8c713efe59f347a5d2bfe8e6f320b51677aede0ea, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0d:60:e3:e9:f6:20:35:7a:30:4f:6a:6b:6a:
                    38:0f:46:0f:45:03:ee:c5:6c:f7:c3:38:23:5b:ea:
                    f8:17:13:e0:83:eb:0d:d5:2a:ad:bc:d8:c8:bc:dd:
                    34:89:d1:68:cf:c5:95:2f:74:14:32:fb:32:fc:b3:
                    96:1e:3c:6a:eb:f2:6c:90:b0:5c:ed:90:b7:48:a4:
                    ed:bc:14:ba:64:a2:42:df:74:7e:eb:f5:f9:77:e4:
                    e1:c8:25:f5:35:64:fb:ed:19:03:99:4f:0a:7b:f8:
                    e8:22:cc:43:7f:4e:e3:39:21:05:bc:c5:1c:09:3d:
                    d9:8d:03:71:7a:c3:bc:0b:73:54:6a:f8:7a:e2:f1:
                    0a:53:f1:ac:ff:22:e5:71:db:0c:37:1d:fb:ca:29:
                    1d:69:f3:b8:d7:47:5e:87:25:01:7e:e3:60:9e:0f:
                    28:e7:5b:02:5d:c4:af:9b:42:cd:34:b8:d1:0f:e0:
                    9d:d1:65:6d:dc:26:a1:a4:93:77:f5:b8:bf:dd:b2:
                    2b:3d:4a:a9:19:2c:e2:08:30:08:c2:cc:2b:68:64:
                    ed:2a:5a:85:5f:88:39:12:8d:63:75:67:cd:64:b3:
                    60:46:83:87:16:64:76:4b:d6:0b:7f:f0:87:14:21:
                    7a:4b:a1:0b:f9:26:c4:53:8d:13:a1:b3:bb:62:f3:
                    17:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:60:C1:58:8D:07:18:00:17:4A:F1:A1:30:C1:2D:A2:02:DF:9E:AD
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d35f1a91-3167-4ab9-ac98-43fceab7ad02.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:b6:fe:c7:1c:42:b2:b6:a7:99:e4:3d:eb:e4:e0:4e:15:86:
         d1:eb:00:59:ed:04:a6:ef:f3:1b:7a:38:1f:9c:e2:62:fc:85:
         37:f0:50:70:d5:2c:ba:69:90:0f:7c:24:23:8a:77:6c:03:27:
         15:a9:12:3d:9b:eb:27:e3:cc:02:3c:0f:e5:80:7d:e9:e0:37:
         b8:3d:bb:6e:5f:8e:ea:83:57:9a:a1:53:d8:f5:56:f3:8e:8d:
         7e:d5:15:cd:0d:e7:3e:76:0a:07:43:be:1d:82:5f:5e:fc:cd:
         90:3f:85:37:35:2d:25:a0:1e:ee:09:99:1b:35:37:f5:08:cf:
         a1:e4:99:06:4d:2d:11:4f:d0:df:41:2a:3d:63:36:b4:10:00:
         17:72:b8:40:8d:a1:61:92:0c:1f:1c:0f:c9:8d:f1:f7:27:82:
         c2:a4:d3:13:67:99:5b:fa:b9:8a:13:47:d2:3e:10:68:ff:0b:
         c0:3e:87:c8:b6:f3:04:df:35:2c:1d:d7:9d:48:32:e3:37:4f:
         ee:a4:b6:5f:d3:22:dc:3f:d9:6b:06:bf:a6:9d:55:80:d6:17:
         15:03:19:1d:c5:24:2b:99:17:35:fa:81:6a:23:7f:d3:d9:57:
         50:35:00:68:c1:d4:4f:a6:69:cc:63:09:d2:da:4e:b4:71:b8:
         1e:b4:8b:db
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZotV9JCNDn6ViNAiIrSyIQoRw1AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjE2MDAwMDAwWhcNMjQwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNzQ1MjE3YmVlYzU4MTdkYTFlNmYxYzhjNzEzZWZlNTlm
MzQ3YTVkMmJmZThlNmYzMjBiNTE2NzdhZWRlMGVhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsDWDj6fYgNXowT2prajgPRg9FA+7FbPfDOCNb6vgXE+CD
6w3VKq282Mi83TSJ0WjPxZUvdBQy+zL8s5YePGrr8myQsFztkLdIpO28FLpkokLf
dH7r9fl35OHIJfU1ZPvtGQOZTwp7+OgizEN/TuM5IQW8xRwJPdmNA3F6w7wLc1Rq
+Hri8QpT8az/IuVx2ww3HfvKKR1p87jXR16HJQF+42CeDyjnWwJdxK+bQs00uNEP
4J3RZW3cJqGkk3f1uL/dsis9SqkZLOIIMAjCzCtoZO0qWoVfiDkSjWN1Z81ks2BG
g4cWZHZL1gt/8IcUIXpLoQv5JsRTjROhs7ti8xctAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhmDBWI0HGAAXSvGhMMEtogLfnq0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QzNWYxYTkxLTMxNjctNGFiOS1hYzk4LTQzZmNlYWI3YWQwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEC2/sccQrK2p5nkPevk4E4VhtHr
AFntBKbv8xt6OB+c4mL8hTfwUHDVLLppkA98JCOKd2wDJxWpEj2b6yfjzAI8D+WA
fengN7g9u25fjuqDV5qhU9j1VvOOjX7VFc0N5z52CgdDvh2CX178zZA/hTc1LSWg
Hu4JmRs1N/UIz6HkmQZNLRFP0N9BKj1jNrQQABdyuECNoWGSDB8cD8mN8fcngsKk
0xNnmVv6uYoTR9I+EGj/C8A+h8i28wTfNSwd151IMuM3T+6ktl/TItw/2WsGv6ad
VYDWFxUDGR3FJCuZFzX6gWojf9PZV1A1AGjB1E+macxjCdLaTrRxuB60i9s=
-----END CERTIFICATE-----