Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea2138e7-4908-407a-a1c4-585320d4f463.roa
File:                     ea2138e7-4908-407a-a1c4-585320d4f463.roa (raw, json)
Hash identifier:          y/CyYCwTe3md/TWPiXEz4gvRQcz68MwGFn9Tp4NVp+0=
Subject key identifier:   0A:E9:A3:59:E0:B3:1F:A4:36:01:94:B0:28:E1:7D:E1:53:67:B5:D2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1356224007E18BAE2E25D69575539F98DDE7A994
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea2138e7-4908-407a-a1c4-585320d4f463.roa
Signing time:             Tue 19 Dec 2023 00:00:00 +0000
ROA not before:           Tue 19 Dec 2023 00:00:00 +0000
ROA not after:            Tue 23 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:56:22:40:07:e1:8b:ae:2e:25:d6:95:75:53:9f:98:dd:e7:a9:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 19 00:00:00 2023 GMT
            Not After : Jan 23 23:59:59 2024 GMT
        Subject: serialNumber=9f3812fd73b2a4efe6bcddcfc2f402a132d8c8724d88279dc64a7c1100018f20, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:19:79:ec:d8:f2:97:28:02:fe:ef:95:5b:a1:
                    fe:aa:80:84:7f:0d:8b:13:ee:48:2b:56:96:54:c8:
                    01:99:dc:3d:fe:37:79:2f:23:06:cd:f3:2e:ed:bc:
                    94:6f:f5:6a:84:9a:73:b2:74:e4:69:ec:63:24:39:
                    0e:d3:eb:2a:5f:75:8b:74:a6:c5:f5:c1:35:07:ad:
                    49:e6:31:56:50:fb:7d:a0:3a:16:15:3a:c7:0f:30:
                    ac:f3:d2:93:e0:cb:7d:22:61:6c:e9:af:e4:60:1b:
                    f0:06:3f:20:eb:f0:00:97:22:72:d6:1d:38:0f:fc:
                    bc:17:5a:8f:2f:ab:b4:7e:59:21:78:79:31:31:c8:
                    33:3e:f9:9c:5f:72:ec:58:ae:f6:89:42:41:e9:69:
                    81:51:19:aa:77:7d:ce:54:04:64:00:4b:81:4f:ae:
                    28:7d:bf:9a:f2:d1:70:29:b0:25:14:22:66:17:33:
                    39:d2:7c:7b:e9:08:ad:b4:96:7f:f0:dc:f8:d1:b7:
                    47:7b:e9:17:98:70:2e:1a:63:5e:8e:bf:c9:9d:68:
                    a2:86:79:af:a0:ae:c6:dc:28:ef:de:43:25:7c:c7:
                    ad:39:cb:10:07:9d:7d:b1:1e:a8:be:ed:6e:ed:38:
                    c9:43:7a:23:64:0b:a8:ae:62:b8:73:34:30:b3:53:
                    bb:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:E9:A3:59:E0:B3:1F:A4:36:01:94:B0:28:E1:7D:E1:53:67:B5:D2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea2138e7-4908-407a-a1c4-585320d4f463.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:1e:ec:46:14:2f:41:36:98:9c:bb:70:b9:2e:6e:47:70:77:
         a8:a6:8b:37:50:f4:40:4e:7b:fa:dd:72:fe:da:60:d0:45:85:
         9e:3f:b5:d4:55:d0:c3:8f:75:cd:2b:64:2e:5a:bc:4d:67:a9:
         36:28:2c:a1:12:19:e7:73:74:d4:2f:fd:73:6e:34:80:1f:02:
         cc:1b:d5:15:82:71:c0:c0:34:2f:2a:fa:01:f9:2f:39:a8:c9:
         a6:a8:92:f4:2c:0d:90:fc:42:73:56:d8:ed:48:12:75:26:04:
         82:12:c7:99:8f:af:b1:05:29:0a:85:e9:e6:3c:fe:53:b3:8a:
         7a:0a:2d:72:79:d5:8a:f4:60:31:b7:42:22:69:c3:30:49:7a:
         d1:1f:be:2d:51:b9:3c:3b:e2:f6:f4:9c:e4:a7:eb:84:17:57:
         0e:7f:46:fc:fb:ee:c4:3c:76:95:db:34:90:fa:56:75:6a:07:
         13:f4:a5:08:fc:dc:49:d1:3a:0e:f7:99:89:24:f6:59:f7:22:
         4c:1a:27:55:27:c7:cd:4b:54:da:22:77:8d:18:df:f8:15:2a:
         0d:84:e1:d6:39:40:48:bc:4f:e4:a2:b3:a0:e7:41:b0:d3:d2:
         13:c8:f5:88:c9:36:c9:da:4d:82:26:f4:9a:52:f9:78:72:14:
         e9:eb:62:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE1YiQAfhi64uJdaVdVOfmN3nqZQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjE5MDAwMDAwWhcNMjQwMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjM4MTJmZDczYjJhNGVmZTZiY2RkY2ZjMmY0MDJhMTMy
ZDhjODcyNGQ4ODI3OWRjNjRhN2MxMTAwMDE4ZjIwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+GXns2PKXKAL+75Vbof6qgIR/DYsT7kgrVpZUyAGZ3D3+
N3kvIwbN8y7tvJRv9WqEmnOydORp7GMkOQ7T6ypfdYt0psX1wTUHrUnmMVZQ+32g
OhYVOscPMKzz0pPgy30iYWzpr+RgG/AGPyDr8ACXInLWHTgP/LwXWo8vq7R+WSF4
eTExyDM++ZxfcuxYrvaJQkHpaYFRGap3fc5UBGQAS4FPrih9v5ry0XApsCUUImYX
MznSfHvpCK20ln/w3PjRt0d76ReYcC4aY16Ov8mdaKKGea+grsbcKO/eQyV8x605
yxAHnX2xHqi+7W7tOMlDeiNkC6iuYrhzNDCzU7uXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCumjWeCzH6Q2AZSwKOF94VNntdIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VhMjEzOGU3LTQ5MDgtNDA3YS1hMWM0LTU4NTMyMGQ0ZjQ2My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAce7EYUL0E2mJy7cLkubkdwd6im
izdQ9EBOe/rdcv7aYNBFhZ4/tdRV0MOPdc0rZC5avE1nqTYoLKESGedzdNQv/XNu
NIAfAswb1RWCccDANC8q+gH5LzmoyaaokvQsDZD8QnNW2O1IEnUmBIISx5mPr7EF
KQqF6eY8/lOzinoKLXJ51Yr0YDG3QiJpwzBJetEfvi1RuTw74vb0nOSn64QXVw5/
Rvz77sQ8dpXbNJD6VnVqBxP0pQj83EnROg73mYkk9ln3IkwaJ1Unx81LVNoid40Y
3/gVKg2E4dY5QEi8T+Sis6DnQbDT0hPI9YjJNsnaTYIm9JpS+XhyFOnrYkY=
-----END CERTIFICATE-----