Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d93d1c57-59bc-4f1c-b434-d4fa7531e074.roa
File:                     d93d1c57-59bc-4f1c-b434-d4fa7531e074.roa (raw, json)
Hash identifier:          j8Ckc3t5FhBO0lX4X1gp3WiY+mM7AoM/hm1HRRCD+6E=
Subject key identifier:   84:26:C1:CA:76:55:F5:96:B9:11:E1:DF:B4:46:B3:E2:B0:AF:7B:DC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       46311D1E974E6F49A1E135FC94AB8AD80C7438D1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d93d1c57-59bc-4f1c-b434-d4fa7531e074.roa
Signing time:             Fri 06 Oct 2023 00:00:00 +0000
ROA not before:           Fri 06 Oct 2023 00:00:00 +0000
ROA not after:            Fri 10 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:31:1d:1e:97:4e:6f:49:a1:e1:35:fc:94:ab:8a:d8:0c:74:38:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  6 00:00:00 2023 GMT
            Not After : Nov 10 23:59:59 2023 GMT
        Subject: serialNumber=2f002744894bde5e790f44116efac43d30511285a8941df54eedd35c78922efa, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:89:44:3b:bc:d3:75:f8:c0:bf:eb:86:e4:94:
                    9a:3b:fd:fa:66:3f:08:eb:52:a9:35:11:a1:18:13:
                    5a:3e:66:ac:da:65:05:a8:40:06:63:9d:e9:bb:c1:
                    e2:b5:d2:d2:08:c5:e9:85:08:0f:a4:fe:0e:49:bb:
                    54:ef:6d:dd:48:4b:fc:70:2a:9e:9a:3a:92:a9:53:
                    6c:66:f2:5a:a8:04:cd:94:d3:63:c6:56:b6:85:64:
                    c4:2a:52:cc:2e:35:18:40:7d:8f:f7:d0:97:7b:d9:
                    31:4f:4c:57:59:54:a7:20:d6:b2:7f:ed:27:36:1c:
                    09:3c:81:88:b9:91:d6:88:e0:80:2a:c4:e7:f6:13:
                    31:1b:91:5e:36:42:0b:73:48:8f:1f:c6:3f:67:1e:
                    bc:65:07:45:41:37:f3:eb:7c:0a:8d:6f:cf:48:93:
                    9e:7f:6f:69:e9:2d:f1:23:c1:04:d5:57:c2:f0:7c:
                    b7:ce:90:b3:f6:8a:40:24:7a:73:f8:66:bc:fa:88:
                    3c:04:65:d1:bf:7b:45:ad:13:fa:27:f8:d9:51:4a:
                    74:33:28:c5:38:6f:0d:30:28:78:6b:f0:67:da:87:
                    fb:74:11:3f:6d:2b:69:88:ff:49:7e:a1:27:98:8d:
                    ed:1a:77:5a:df:6c:48:b6:62:63:ff:91:09:80:0b:
                    76:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:26:C1:CA:76:55:F5:96:B9:11:E1:DF:B4:46:B3:E2:B0:AF:7B:DC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d93d1c57-59bc-4f1c-b434-d4fa7531e074.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:14:3f:c7:4e:33:76:cf:2c:df:61:c8:8d:80:d4:7a:72:f5:
         4e:32:9a:ad:b2:76:54:41:57:23:9d:72:19:71:72:1b:dc:8d:
         97:37:1c:88:cd:00:28:2b:e4:01:6a:fe:8c:d7:df:75:80:a1:
         b3:b3:f3:4a:cb:a4:f9:66:68:fb:86:b9:db:e3:1b:b3:ab:f7:
         94:ec:e8:6c:4c:b0:91:8b:7a:f3:de:f5:23:2c:b6:d3:ef:4a:
         aa:0e:a2:e5:88:f0:9f:9c:eb:95:b2:e1:ca:42:37:eb:99:0f:
         15:6e:00:ea:97:99:f1:b8:da:e1:ac:d8:44:ca:bc:cd:89:e6:
         dd:30:7d:18:26:d7:5b:9f:9b:9d:c7:b3:34:0d:df:f2:f2:77:
         dc:d8:21:b0:7c:0e:7b:e8:0e:9f:b6:51:31:be:c0:b4:46:58:
         ee:36:27:57:08:a8:af:0f:5d:c4:1a:55:36:8e:25:2f:61:a8:
         47:4b:bf:91:7c:fb:a2:e1:f2:b9:05:61:46:d2:85:54:4a:c0:
         3a:f8:3d:08:58:4c:5b:90:53:d2:d8:bf:76:07:7a:38:ec:80:
         25:20:ea:fd:e3:ef:66:83:61:52:18:1d:ff:c7:9b:21:bc:d6:
         6b:ad:a0:64:12:84:5f:62:a6:95:20:bd:75:29:91:3e:d5:d1:
         60:63:10:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURjEdHpdOb0mh4TX8lKuK2Ax0ONEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDA2MDAwMDAwWhcNMjMxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZjAwMjc0NDg5NGJkZTVlNzkwZjQ0MTE2ZWZhYzQzZDMw
NTExMjg1YTg5NDFkZjU0ZWVkZDM1Yzc4OTIyZWZhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtiUQ7vNN1+MC/64bklJo7/fpmPwjrUqk1EaEYE1o+Zqza
ZQWoQAZjnem7weK10tIIxemFCA+k/g5Ju1Tvbd1IS/xwKp6aOpKpU2xm8lqoBM2U
02PGVraFZMQqUswuNRhAfY/30Jd72TFPTFdZVKcg1rJ/7Sc2HAk8gYi5kdaI4IAq
xOf2EzEbkV42QgtzSI8fxj9nHrxlB0VBN/PrfAqNb89Ik55/b2npLfEjwQTVV8Lw
fLfOkLP2ikAkenP4Zrz6iDwEZdG/e0WtE/on+NlRSnQzKMU4bw0wKHhr8Gfah/t0
ET9tK2mI/0l+oSeYje0ad1rfbEi2YmP/kQmAC3ZVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhCbBynZV9Za5EeHftEaz4rCve9wwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q5M2QxYzU3LTU5YmMtNGYxYy1iNDM0LWQ0ZmE3NTMxZTA3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIcUP8dOM3bPLN9hyI2A1Hpy9U4y
mq2ydlRBVyOdchlxchvcjZc3HIjNACgr5AFq/ozX33WAobOz80rLpPlmaPuGudvj
G7Or95Ts6GxMsJGLevPe9SMsttPvSqoOouWI8J+c65Wy4cpCN+uZDxVuAOqXmfG4
2uGs2ETKvM2J5t0wfRgm11ufm53HszQN3/Lyd9zYIbB8DnvoDp+2UTG+wLRGWO42
J1cIqK8PXcQaVTaOJS9hqEdLv5F8+6Lh8rkFYUbShVRKwDr4PQhYTFuQU9LYv3YH
ejjsgCUg6v3j72aDYVIYHf/HmyG81mutoGQShF9ippUgvXUpkT7V0WBjEMI=
-----END CERTIFICATE-----