Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d92fddbf-6485-47e1-a278-e8379071f5d4.roa
File:                     d92fddbf-6485-47e1-a278-e8379071f5d4.roa (raw, json)
Hash identifier:          WAizDlQqSCkNMHZDvLsU+U0Hsm01XxRkkItU2ZNYiZc=
Subject key identifier:   B1:2C:E3:41:82:57:1E:1A:2A:37:AB:90:12:70:D6:B5:9E:8C:A5:65
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       17E7C5A55A70F435C990C9E4C1984B1215668392
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d92fddbf-6485-47e1-a278-e8379071f5d4.roa
Signing time:             Wed 06 Dec 2023 00:00:00 +0000
ROA not before:           Wed 06 Dec 2023 00:00:00 +0000
ROA not after:            Wed 10 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:e7:c5:a5:5a:70:f4:35:c9:90:c9:e4:c1:98:4b:12:15:66:83:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  6 00:00:00 2023 GMT
            Not After : Jan 10 23:59:59 2024 GMT
        Subject: serialNumber=d7ec2c9f05e7771daff85b651342473f1e570cf6b83d6e9b81923fcb078a4cba, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:00:61:5c:f4:d5:8c:3e:28:1b:e2:6a:03:db:
                    0f:01:6c:41:98:68:92:6c:62:ae:2d:67:6e:9b:e4:
                    52:34:4c:2b:3c:49:c6:db:e3:18:c5:de:67:29:c1:
                    bf:f4:ec:b4:6d:82:e1:6d:26:e3:e6:bf:35:d4:dd:
                    f4:d0:5b:20:02:77:f1:60:6c:4f:3f:e8:fd:76:ab:
                    37:92:26:19:1b:db:67:6f:d4:a2:eb:8b:26:61:ce:
                    23:2a:15:3e:18:72:6b:b0:7d:f9:31:9d:a5:31:09:
                    92:df:d2:bb:e8:24:66:d0:fb:26:b6:b4:ff:02:b8:
                    a8:2b:8b:35:e6:28:54:4a:a7:1d:63:80:48:95:75:
                    bf:47:06:13:e2:74:12:2d:95:71:d5:a6:eb:a1:32:
                    cc:29:8a:35:0a:96:70:7e:13:6a:15:b5:12:d6:4e:
                    7a:33:95:87:12:12:dc:10:00:b9:f6:b0:77:38:50:
                    48:ad:a8:d1:0f:e5:bd:04:90:b1:cb:3a:72:93:23:
                    08:7b:f4:20:74:cf:c0:39:91:aa:67:1d:d0:4c:31:
                    c4:a0:ac:04:56:ae:6a:cb:d5:b4:97:9a:9b:87:15:
                    fe:58:d7:db:73:d4:ed:2c:31:2e:52:94:29:66:b0:
                    44:0d:db:be:f5:db:16:1f:6e:e1:5f:0b:66:d4:b7:
                    3c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:2C:E3:41:82:57:1E:1A:2A:37:AB:90:12:70:D6:B5:9E:8C:A5:65
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d92fddbf-6485-47e1-a278-e8379071f5d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:18:37:d8:2e:dd:02:8d:c0:c4:88:ba:97:d7:5f:13:8a:f6:
         a4:36:7d:be:59:f9:cd:3e:d8:85:e1:4f:79:37:cb:f0:12:67:
         b0:27:62:f6:59:15:23:70:22:ae:8b:9a:6f:b1:b9:61:9d:d6:
         b1:a2:5f:0c:4a:e2:37:99:ae:1a:b4:44:ba:e7:13:a8:5d:4f:
         af:2c:c5:43:b2:e3:10:33:f4:72:b6:cb:5d:c1:aa:62:e8:9f:
         f9:1c:ad:da:1c:04:b6:cb:a2:6b:7a:d5:43:f6:e2:42:64:29:
         76:c4:3e:44:ac:f2:fa:b9:c9:09:e6:66:0f:c6:86:dc:e0:b2:
         42:86:05:fc:d1:61:bc:90:3b:8b:6e:6c:58:d6:3d:a9:ff:56:
         b5:b3:e1:55:69:b2:9a:c2:39:9b:56:74:65:25:ce:47:df:a7:
         15:52:a5:7f:d3:2b:fc:e2:1d:d6:ed:0d:41:67:4b:19:92:cb:
         1e:72:dc:1f:f8:8d:7b:e9:74:29:52:3d:c8:2d:43:ac:3c:ea:
         c9:aa:27:c1:bd:29:cf:b7:62:d1:a3:05:4c:d6:12:51:30:3c:
         a4:3a:58:03:c0:51:b4:9d:3e:1a:ca:e7:d3:0d:d7:1f:d3:b7:
         e5:c3:8f:5d:d8:56:cf:08:08:e6:c5:6d:3f:5c:be:d1:e4:df:
         e7:7a:a4:31
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF+fFpVpw9DXJkMnkwZhLEhVmg5IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjA2MDAwMDAwWhcNMjQwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkN2VjMmM5ZjA1ZTc3NzFkYWZmODViNjUxMzQyNDczZjFl
NTcwY2Y2YjgzZDZlOWI4MTkyM2ZjYjA3OGE0Y2JhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjAGFc9NWMPigb4moD2w8BbEGYaJJsYq4tZ26b5FI0TCs8
Scbb4xjF3mcpwb/07LRtguFtJuPmvzXU3fTQWyACd/FgbE8/6P12qzeSJhkb22dv
1KLriyZhziMqFT4YcmuwffkxnaUxCZLf0rvoJGbQ+ya2tP8CuKgrizXmKFRKpx1j
gEiVdb9HBhPidBItlXHVpuuhMswpijUKlnB+E2oVtRLWTnozlYcSEtwQALn2sHc4
UEitqNEP5b0EkLHLOnKTIwh79CB0z8A5kapnHdBMMcSgrARWrmrL1bSXmpuHFf5Y
19tz1O0sMS5SlClmsEQN27712xYfbuFfC2bUtzxXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsSzjQYJXHhoqN6uQEnDWtZ6MpWUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q5MmZkZGJmLTY0ODUtNDdlMS1hMjc4LWU4Mzc5MDcxZjVkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIUYN9gu3QKNwMSIupfXXxOK9qQ2
fb5Z+c0+2IXhT3k3y/ASZ7AnYvZZFSNwIq6Lmm+xuWGd1rGiXwxK4jeZrhq0RLrn
E6hdT68sxUOy4xAz9HK2y13BqmLon/kcrdocBLbLomt61UP24kJkKXbEPkSs8vq5
yQnmZg/GhtzgskKGBfzRYbyQO4tubFjWPan/VrWz4VVpsprCOZtWdGUlzkffpxVS
pX/TK/ziHdbtDUFnSxmSyx5y3B/4jXvpdClSPcgtQ6w86smqJ8G9Kc+3YtGjBUzW
ElEwPKQ6WAPAUbSdPhrK59MN1x/Tt+XDj13YVs8ICObFbT9cvtHk3+d6pDE=
-----END CERTIFICATE-----