Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/da709c1d-5966-485b-a368-a079fa901bf2.roa
File:                     da709c1d-5966-485b-a368-a079fa901bf2.roa (raw, json)
Hash identifier:          uv/xbU006Jfb4mT9kwYgVYq0OmLX+w7btHgx0OKaSQ8=
Subject key identifier:   20:14:10:61:78:B8:22:11:EE:3C:A6:AB:B1:6E:08:97:2B:0C:5C:5E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       34A65FE4CBA2F119315FD45F0D231C4E6CBA0429
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/da709c1d-5966-485b-a368-a079fa901bf2.roa
Signing time:             Mon 13 Nov 2023 00:00:00 +0000
ROA not before:           Mon 13 Nov 2023 00:00:00 +0000
ROA not after:            Mon 18 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:a6:5f:e4:cb:a2:f1:19:31:5f:d4:5f:0d:23:1c:4e:6c:ba:04:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 13 00:00:00 2023 GMT
            Not After : Dec 18 23:59:59 2023 GMT
        Subject: serialNumber=14847888195cab02261775e50824478d7df92b793b2319488abd296f573d5b07, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d1:50:ab:dc:61:40:17:ed:c1:e0:67:6b:d4:
                    26:40:e5:29:99:a2:c0:b3:c7:20:f9:96:97:12:82:
                    dc:35:e9:b5:4a:51:9c:4f:7c:b9:6b:2b:9a:46:82:
                    18:b4:b4:78:b2:66:88:a3:c0:44:c9:88:b0:e3:00:
                    bc:76:8a:63:55:0d:31:40:49:d9:80:f6:61:f8:f4:
                    b6:80:c2:a8:fb:d2:31:36:dc:85:c6:44:9c:63:ac:
                    f8:bd:cf:32:79:6c:09:38:ab:3a:23:89:a4:ef:6b:
                    c4:50:71:12:f4:7f:0f:d5:bb:66:c5:a5:90:75:4d:
                    fe:26:3b:11:28:1c:74:a8:4e:6b:a9:c2:90:95:9b:
                    ee:34:79:a6:81:e5:bf:4c:45:54:ed:7e:77:78:28:
                    fd:41:90:e2:85:84:ae:a0:f6:1a:ec:87:99:72:b5:
                    bd:25:32:42:d1:fb:43:3b:08:d8:76:43:8f:f7:d1:
                    02:58:99:cc:f3:d0:0d:ba:01:df:64:bd:49:64:89:
                    f4:96:86:59:4b:3d:87:45:05:d3:38:98:b0:9d:02:
                    d5:02:5d:c1:ab:77:89:c9:65:ab:8d:44:53:47:ed:
                    e9:1e:82:bd:6d:64:2f:ca:ac:6f:29:54:67:b5:4b:
                    37:9f:26:fb:85:46:4a:00:c9:90:d4:cc:e0:ef:85:
                    08:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:14:10:61:78:B8:22:11:EE:3C:A6:AB:B1:6E:08:97:2B:0C:5C:5E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/da709c1d-5966-485b-a368-a079fa901bf2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:f7:10:70:b3:22:bc:4c:9b:8b:fa:c3:96:78:83:e2:ca:20:
         d9:dd:e1:37:6e:b0:1e:d4:9a:1a:01:30:47:30:2d:fa:ec:36:
         da:e4:e3:cb:ce:7e:7f:ab:20:a4:7d:64:77:e2:84:27:b1:ab:
         91:f8:5b:a1:4b:bf:13:51:66:11:98:86:cc:d1:1c:e5:78:5b:
         09:52:18:20:7b:1a:fa:fc:7f:77:bb:d8:72:bc:74:76:ab:1e:
         fe:c1:ed:05:b4:b2:82:b7:91:4e:c3:ac:2d:80:fb:85:f8:dc:
         2d:91:f6:fd:b4:91:f6:7f:0d:de:cf:8d:4d:fb:1c:a9:4a:e5:
         c5:55:ed:24:7f:af:de:8c:df:79:7e:1c:71:91:9d:ed:80:90:
         76:15:fa:b1:b3:e3:f5:b5:6c:16:e0:c2:00:00:19:02:97:e7:
         95:5a:d8:09:c0:d7:2d:50:ef:30:ff:a5:93:25:29:ec:f9:95:
         1e:70:57:59:79:d2:4a:1e:e7:33:af:ef:ed:25:e9:d9:6d:28:
         ee:68:a1:df:02:2e:9b:f9:58:f2:3c:32:35:25:8a:6e:32:9b:
         dc:63:2b:bc:d2:76:c2:3e:3d:91:d2:c6:cf:8d:07:8f:04:d3:
         99:83:2b:3d:8b:27:51:ca:22:b3:c7:ea:c4:0d:8e:4a:1a:37:
         56:f1:dc:7e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNKZf5Mui8RkxX9RfDSMcTmy6BCkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTEzMDAwMDAwWhcNMjMxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDg0Nzg4ODE5NWNhYjAyMjYxNzc1ZTUwODI0NDc4ZDdk
ZjkyYjc5M2IyMzE5NDg4YWJkMjk2ZjU3M2Q1YjA3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCl0VCr3GFAF+3B4Gdr1CZA5SmZosCzxyD5lpcSgtw16bVK
UZxPfLlrK5pGghi0tHiyZoijwETJiLDjALx2imNVDTFASdmA9mH49LaAwqj70jE2
3IXGRJxjrPi9zzJ5bAk4qzojiaTva8RQcRL0fw/Vu2bFpZB1Tf4mOxEoHHSoTmup
wpCVm+40eaaB5b9MRVTtfnd4KP1BkOKFhK6g9hrsh5lytb0lMkLR+0M7CNh2Q4/3
0QJYmczz0A26Ad9kvUlkifSWhllLPYdFBdM4mLCdAtUCXcGrd4nJZauNRFNH7eke
gr1tZC/KrG8pVGe1SzefJvuFRkoAyZDUzODvhQgvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIBQQYXi4IhHuPKarsW4IlysMXF4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RhNzA5YzFkLTU5NjYtNDg1Yi1hMzY4LWEwNzlmYTkwMWJmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHf3EHCzIrxMm4v6w5Z4g+LKINnd
4TdusB7UmhoBMEcwLfrsNtrk48vOfn+rIKR9ZHfihCexq5H4W6FLvxNRZhGYhszR
HOV4WwlSGCB7Gvr8f3e72HK8dHarHv7B7QW0soK3kU7DrC2A+4X43C2R9v20kfZ/
Dd7PjU37HKlK5cVV7SR/r96M33l+HHGRne2AkHYV+rGz4/W1bBbgwgAAGQKX55Va
2AnA1y1Q7zD/pZMlKez5lR5wV1l50koe5zOv7+0l6dltKO5ood8CLpv5WPI8MjUl
im4ym9xjK7zSdsI+PZHSxs+NB48E05mDKz2LJ1HKIrPH6sQNjkoaN1bx3H4=
-----END CERTIFICATE-----