Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d799d85c-a8c3-49a4-b3d7-c6d175118a6f.roa
File:                     d799d85c-a8c3-49a4-b3d7-c6d175118a6f.roa (raw, json)
Hash identifier:          U8jdpbQLR0swymLrj+lAv6CT3DrAICgeTk9s5wbfyk0=
Subject key identifier:   AC:6B:10:B5:61:6F:19:C4:2F:27:F6:4B:11:E7:9D:A6:D4:B8:A0:FC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5FA2B6415DBEE78C15FBB5C4F4A95AAF7ED1D94F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d799d85c-a8c3-49a4-b3d7-c6d175118a6f.roa
Signing time:             Mon 04 Dec 2023 00:00:00 +0000
ROA not before:           Mon 04 Dec 2023 00:00:00 +0000
ROA not after:            Mon 08 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:a2:b6:41:5d:be:e7:8c:15:fb:b5:c4:f4:a9:5a:af:7e:d1:d9:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  4 00:00:00 2023 GMT
            Not After : Jan  8 23:59:59 2024 GMT
        Subject: serialNumber=a2a8a3c126f571fa5344db71025e87181d891aaa13f78db65cd0fe78098f330c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:56:b1:fb:48:77:b6:0c:91:60:ab:aa:e6:7b:
                    38:57:8f:00:10:e0:f9:61:7b:d1:d5:cf:b6:74:43:
                    62:a9:5c:30:f7:78:e6:5b:bb:c7:31:c7:9c:2a:46:
                    cb:2c:e9:1a:8a:f4:06:0b:99:54:39:54:d3:85:59:
                    83:45:87:eb:07:a7:f9:66:21:b9:3b:7a:85:67:74:
                    cc:78:d4:dd:17:bb:c4:58:00:56:b8:65:07:1d:95:
                    01:31:21:73:39:c6:78:50:f4:14:45:a4:cc:ce:20:
                    47:f0:3f:d9:ab:bd:9e:f9:51:54:ca:5b:36:1c:d8:
                    63:c4:0d:48:88:bb:08:42:30:d3:4e:dd:74:cd:11:
                    51:9e:3f:db:3f:64:14:2e:52:f4:0c:e5:36:24:00:
                    81:1b:d8:61:c4:ce:78:46:ad:c3:50:30:1e:df:e4:
                    63:75:21:84:6f:e7:6b:43:b0:73:65:35:ea:31:a2:
                    81:2a:1b:71:be:b8:e9:59:2d:e7:54:03:fa:10:84:
                    e9:81:62:d4:84:c8:2b:aa:41:17:97:08:2e:4d:cd:
                    ec:a6:d1:54:9e:74:6a:53:45:8f:f4:5b:fe:a7:58:
                    56:10:38:41:90:d2:40:09:e8:f3:32:63:15:b5:e2:
                    c3:be:c8:23:5d:70:48:28:6b:33:3a:a2:59:4a:0c:
                    54:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:6B:10:B5:61:6F:19:C4:2F:27:F6:4B:11:E7:9D:A6:D4:B8:A0:FC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d799d85c-a8c3-49a4-b3d7-c6d175118a6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:45:b3:88:41:ea:53:a5:29:3a:bb:fd:45:97:23:47:12:e4:
         bf:e4:1f:af:7b:0b:8b:b3:43:e7:52:dc:f1:2d:8a:36:7e:b5:
         b9:75:cd:e9:5c:d4:7d:83:9b:2e:fd:ad:c3:76:f1:12:ce:e9:
         60:1f:6e:28:f6:f4:68:2b:c0:72:8e:81:47:77:9c:1e:5a:34:
         b5:ed:7a:e5:5d:b2:e0:50:00:50:af:22:ce:f8:87:ed:ae:33:
         71:ee:ab:38:d1:ee:d4:60:1f:d6:79:8f:72:6a:ae:ae:18:17:
         77:d9:fd:3d:0f:45:90:e0:19:a7:22:27:8e:22:3d:c8:79:28:
         95:27:17:fb:3e:0c:18:6b:7e:6f:a1:7d:55:65:4b:e5:9e:a0:
         e2:58:07:76:0d:e8:6f:50:f8:f6:25:ef:67:73:f5:57:0b:66:
         74:1a:71:f3:f4:d4:91:67:50:b8:51:c6:9d:4a:80:37:35:f9:
         a2:b4:06:d5:9e:bf:3d:c0:52:e8:be:2a:dd:c7:be:40:40:af:
         10:07:51:9a:80:43:a6:94:5c:cd:34:79:3f:00:9a:d9:f6:9f:
         4f:cf:21:3f:22:aa:03:95:28:5e:b1:40:e3:22:6b:99:ce:c7:
         df:3d:a3:21:fc:1a:77:23:f7:e0:c3:39:4b:1c:6b:be:c8:92:
         1a:90:77:fd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUX6K2QV2+54wV+7XE9Klar37R2U8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjA0MDAwMDAwWhcNMjQwMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMmE4YTNjMTI2ZjU3MWZhNTM0NGRiNzEwMjVlODcxODFk
ODkxYWFhMTNmNzhkYjY1Y2QwZmU3ODA5OGYzMzBjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrVrH7SHe2DJFgq6rmezhXjwAQ4Plhe9HVz7Z0Q2KpXDD3
eOZbu8cxx5wqRsss6RqK9AYLmVQ5VNOFWYNFh+sHp/lmIbk7eoVndMx41N0Xu8RY
AFa4ZQcdlQExIXM5xnhQ9BRFpMzOIEfwP9mrvZ75UVTKWzYc2GPEDUiIuwhCMNNO
3XTNEVGeP9s/ZBQuUvQM5TYkAIEb2GHEznhGrcNQMB7f5GN1IYRv52tDsHNlNeox
ooEqG3G+uOlZLedUA/oQhOmBYtSEyCuqQReXCC5Nzeym0VSedGpTRY/0W/6nWFYQ
OEGQ0kAJ6PMyYxW14sO+yCNdcEgoazM6ollKDFSrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrGsQtWFvGcQvJ/ZLEeedptS4oPwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q3OTlkODVjLWE4YzMtNDlhNC1iM2Q3LWM2ZDE3NTExOGE2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAANFs4hB6lOlKTq7/UWXI0cS5L/k
H697C4uzQ+dS3PEtijZ+tbl1zelc1H2Dmy79rcN28RLO6WAfbij29GgrwHKOgUd3
nB5aNLXteuVdsuBQAFCvIs74h+2uM3HuqzjR7tRgH9Z5j3Jqrq4YF3fZ/T0PRZDg
GaciJ44iPch5KJUnF/s+DBhrfm+hfVVlS+WeoOJYB3YN6G9Q+PYl72dz9VcLZnQa
cfP01JFnULhRxp1KgDc1+aK0BtWevz3AUui+Kt3HvkBArxAHUZqAQ6aUXM00eT8A
mtn2n0/PIT8iqgOVKF6xQOMia5nOx989oyH8Gncj9+DDOUsca77IkhqQd/0=
-----END CERTIFICATE-----