Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e2b6aee0-b483-4030-86ea-bd70f894ed7f.roa
File:                     e2b6aee0-b483-4030-86ea-bd70f894ed7f.roa (raw, json)
Hash identifier:          ATWKgs1h4Bjl+TqUJYU540RS1+c5oY6Oh8ib4hxHEvM=
Subject key identifier:   8A:83:DD:55:7D:BC:79:C9:2A:CD:C4:BF:1D:43:4F:3E:A2:AA:9D:41
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1104D7A273C45123233B56B36D7310320130B085
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e2b6aee0-b483-4030-86ea-bd70f894ed7f.roa
Signing time:             Sun 08 Oct 2023 00:00:00 +0000
ROA not before:           Sun 08 Oct 2023 00:00:00 +0000
ROA not after:            Sun 12 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:04:d7:a2:73:c4:51:23:23:3b:56:b3:6d:73:10:32:01:30:b0:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  8 00:00:00 2023 GMT
            Not After : Nov 12 23:59:59 2023 GMT
        Subject: serialNumber=8b502ac56c9550dc1922dd9d3b7e29225aadbc3349405db309d2c313fb14188a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:3c:0d:9e:ae:3e:a8:f8:00:19:f6:80:b2:f1:
                    1e:97:3b:1b:33:a6:b2:08:df:3e:fb:e3:f9:27:e7:
                    09:a4:02:bf:c1:f4:c6:e6:bd:15:a1:95:03:a4:69:
                    77:7e:b0:c0:5d:18:30:f5:d7:86:c8:25:07:b4:89:
                    77:e0:cc:4e:f9:b0:c5:31:b5:61:32:cc:e2:79:df:
                    52:0f:5f:80:59:59:79:1f:94:c7:dc:b3:70:96:e9:
                    69:cd:bd:8c:a4:cd:c0:fd:2d:79:47:45:d5:7d:a4:
                    fc:ca:a6:d8:92:0f:69:e6:b8:6b:8e:ac:b8:cc:8c:
                    62:2f:5f:df:93:ef:3e:24:6a:df:b3:1b:46:70:c1:
                    c5:2a:cc:3c:0e:b4:f6:02:33:67:d7:a6:ed:f4:b1:
                    4d:54:cf:32:10:5c:16:57:13:f5:60:74:71:54:3e:
                    a4:55:71:e4:d3:72:fa:c1:35:ac:57:9e:d9:c3:9c:
                    d7:a7:71:bd:42:49:01:e0:59:c9:ee:be:1d:4f:f4:
                    49:75:bb:c7:06:1a:27:57:28:07:7f:4f:89:fb:30:
                    64:68:6d:ea:f8:35:52:21:80:e6:bf:86:74:07:4a:
                    75:8d:cc:3f:ac:f9:f7:21:b6:25:24:ff:2d:36:e2:
                    cb:3d:64:47:0b:e9:6e:1e:c8:c9:ff:6a:18:a1:e5:
                    75:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:83:DD:55:7D:BC:79:C9:2A:CD:C4:BF:1D:43:4F:3E:A2:AA:9D:41
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e2b6aee0-b483-4030-86ea-bd70f894ed7f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:28:89:68:f4:4b:cb:3d:6e:c8:74:15:b1:be:9b:c5:d0:82:
         8a:06:57:dc:4b:dc:cf:a5:55:97:c2:1d:15:1e:cc:35:5d:21:
         56:d4:85:b3:3d:ab:97:12:5b:0d:89:5f:7a:a8:34:89:9c:44:
         32:0a:ba:12:9b:70:59:c9:70:7f:68:69:ba:6d:14:b7:6c:65:
         67:a2:ba:e0:cb:48:e2:ef:31:a9:19:cd:20:20:d5:35:41:b1:
         92:79:8f:ca:21:d4:79:67:3f:62:d1:85:27:43:b3:f7:44:4f:
         58:bc:ee:75:07:16:da:f4:f3:5c:c2:b2:d1:cb:ec:dc:d6:1b:
         a4:76:72:1d:1a:80:06:52:3d:2f:b4:02:99:f0:be:6f:b5:d4:
         43:61:a3:0a:c8:d2:29:09:57:75:55:fa:64:8a:75:56:5d:7a:
         b9:18:1f:60:05:56:b4:45:8e:ad:ca:89:47:f3:24:9a:d8:80:
         f0:63:1b:2e:e0:15:aa:e4:23:e2:1a:7f:af:e4:47:b0:b5:73:
         ac:c9:94:af:ab:b2:76:08:f4:09:2a:f4:70:a3:55:9d:98:9d:
         a2:ad:21:cb:76:25:a2:23:a1:f8:81:8d:f3:b2:77:3f:66:f9:
         ab:15:a2:6c:c2:ad:df:fc:2b:ca:d8:1c:b8:94:12:cd:23:97:
         e6:c5:eb:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEQTXonPEUSMjO1azbXMQMgEwsIUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDA4MDAwMDAwWhcNMjMxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjUwMmFjNTZjOTU1MGRjMTkyMmRkOWQzYjdlMjkyMjVh
YWRiYzMzNDk0MDVkYjMwOWQyYzMxM2ZiMTQxODhhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOPA2erj6o+AAZ9oCy8R6XOxszprII3z774/kn5wmkAr/B
9MbmvRWhlQOkaXd+sMBdGDD114bIJQe0iXfgzE75sMUxtWEyzOJ531IPX4BZWXkf
lMfcs3CW6WnNvYykzcD9LXlHRdV9pPzKptiSD2nmuGuOrLjMjGIvX9+T7z4kat+z
G0ZwwcUqzDwOtPYCM2fXpu30sU1UzzIQXBZXE/VgdHFUPqRVceTTcvrBNaxXntnD
nNencb1CSQHgWcnuvh1P9El1u8cGGidXKAd/T4n7MGRober4NVIhgOa/hnQHSnWN
zD+s+fchtiUk/y024ss9ZEcL6W4eyMn/ahih5XUJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUioPdVX28eckqzcS/HUNPPqKqnUEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2UyYjZhZWUwLWI0ODMtNDAzMC04NmVhLWJkNzBmODk0ZWQ3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJQoiWj0S8s9bsh0FbG+m8XQgooG
V9xL3M+lVZfCHRUezDVdIVbUhbM9q5cSWw2JX3qoNImcRDIKuhKbcFnJcH9oabpt
FLdsZWeiuuDLSOLvMakZzSAg1TVBsZJ5j8oh1HlnP2LRhSdDs/dET1i87nUHFtr0
81zCstHL7NzWG6R2ch0agAZSPS+0Apnwvm+11ENhowrI0ikJV3VV+mSKdVZderkY
H2AFVrRFjq3KiUfzJJrYgPBjGy7gFarkI+Iaf6/kR7C1c6zJlK+rsnYI9Akq9HCj
VZ2YnaKtIct2JaIjofiBjfOydz9m+asVomzCrd/8K8rYHLiUEs0jl+bF630=
-----END CERTIFICATE-----