Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ee4cf903-533d-4bc9-95d0-ca9ea101392a.roa
File:                     ee4cf903-533d-4bc9-95d0-ca9ea101392a.roa (raw, json)
Hash identifier:          Qdgu3JzAlH5IK9Ev+P+JrIiME8bEkNQMkHq4iTDqYs8=
Subject key identifier:   CA:94:B3:49:D8:D2:C0:ED:66:35:B3:45:3B:DC:A6:61:A8:D5:47:D9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1DA15C443D579A773963CFC14A733733C2B51C38
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ee4cf903-533d-4bc9-95d0-ca9ea101392a.roa
Signing time:             Mon 21 Aug 2023 00:00:00 +0000
ROA not before:           Mon 21 Aug 2023 00:00:00 +0000
ROA not after:            Mon 25 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:a1:5c:44:3d:57:9a:77:39:63:cf:c1:4a:73:37:33:c2:b5:1c:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 21 00:00:00 2023 GMT
            Not After : Sep 25 23:59:59 2023 GMT
        Subject: serialNumber=4560acdbac32b35ec34ba5f9e422d0bab0188fedb3bd9dbd5c97927edec62e2d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:6f:ac:fe:cf:4f:5a:0e:06:b1:f8:0b:49:8e:
                    fc:3b:d9:50:31:81:4e:1e:c1:38:87:55:99:93:c3:
                    64:b9:07:e7:73:fc:f0:cd:81:f5:5c:17:11:7b:f6:
                    34:d2:76:77:0b:3d:d4:54:60:73:17:46:61:a8:d8:
                    f2:78:4e:e6:a8:ed:ba:31:8b:6d:37:26:11:7f:00:
                    79:a3:c0:7f:bd:5c:0d:ae:37:b6:82:21:08:77:e3:
                    67:74:ec:c2:5a:4f:1c:09:a5:1a:d4:23:f0:e7:9f:
                    e2:a7:30:2c:66:11:5a:e2:66:c5:a3:a6:dc:a2:75:
                    93:e3:eb:fa:a0:af:4e:70:fc:86:e2:28:ed:04:ac:
                    94:7d:c8:e1:21:c9:91:d2:da:20:1a:ed:a1:b8:dc:
                    ec:c3:99:57:e6:9d:00:cb:54:17:60:0e:75:cf:9a:
                    40:d6:cb:d5:8c:95:82:37:73:e2:b3:5d:0d:5e:91:
                    8b:40:ad:5f:a9:20:20:bc:0e:9e:9e:a3:7f:4d:4b:
                    7a:75:58:24:f0:de:24:27:db:fb:69:d3:59:f0:0a:
                    59:4c:34:db:17:c0:61:c5:ec:f5:c1:34:9c:e7:32:
                    d4:73:10:4d:64:46:1c:ae:de:31:3e:6b:ab:29:2e:
                    58:30:31:e0:28:c1:fa:9c:08:be:37:45:59:5d:81:
                    71:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:94:B3:49:D8:D2:C0:ED:66:35:B3:45:3B:DC:A6:61:A8:D5:47:D9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ee4cf903-533d-4bc9-95d0-ca9ea101392a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:b2:47:d2:60:d5:3c:b8:be:e8:fb:44:66:d6:e9:e1:11:1c:
         da:99:13:77:fa:b6:39:a3:e0:13:f9:2b:9f:1c:05:bf:23:0d:
         a2:86:3d:c2:e2:d8:da:eb:c1:75:5d:31:94:08:d1:5f:13:2c:
         25:26:05:84:0b:52:27:cc:cf:a0:70:3b:d3:62:93:d3:41:fc:
         49:58:d0:0c:95:82:23:f1:b4:89:d6:7b:24:6e:f2:5c:6b:1f:
         fb:9e:32:bc:39:78:8e:ea:d4:51:99:b0:3d:f5:c4:74:23:c4:
         fa:6d:d7:6a:2a:0b:d4:c1:68:c7:97:13:68:ea:72:eb:68:31:
         72:00:e6:94:9d:f0:33:f0:77:fe:43:b1:7f:50:e6:05:2e:9c:
         82:c3:95:5e:b3:50:8c:6a:9e:88:b1:42:bc:20:96:65:98:fa:
         a5:e3:d2:3c:f6:48:2b:44:f9:6b:c1:74:c2:ae:a3:d3:f6:23:
         7e:3e:4d:01:7f:12:8a:1e:d8:de:cb:57:72:a3:ea:75:f9:6f:
         98:ee:9a:8b:24:48:05:14:74:2a:93:c4:8d:1d:3d:5e:9b:3b:
         bd:9b:7a:e2:f1:6b:de:ee:24:e1:e1:11:f5:81:49:b6:30:73:
         c0:11:0b:1e:69:ab:19:4f:7f:34:c5:98:15:2c:6b:93:5f:4a:
         4a:99:ad:da
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHaFcRD1Xmnc5Y8/BSnM3M8K1HDgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODIxMDAwMDAwWhcNMjMwOTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTYwYWNkYmFjMzJiMzVlYzM0YmE1ZjllNDIyZDBiYWIw
MTg4ZmVkYjNiZDlkYmQ1Yzk3OTI3ZWRlYzYyZTJkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWb6z+z09aDgax+AtJjvw72VAxgU4ewTiHVZmTw2S5B+dz
/PDNgfVcFxF79jTSdncLPdRUYHMXRmGo2PJ4Tuao7boxi203JhF/AHmjwH+9XA2u
N7aCIQh342d07MJaTxwJpRrUI/Dnn+KnMCxmEVriZsWjptyidZPj6/qgr05w/Ibi
KO0ErJR9yOEhyZHS2iAa7aG43OzDmVfmnQDLVBdgDnXPmkDWy9WMlYI3c+KzXQ1e
kYtArV+pICC8Dp6eo39NS3p1WCTw3iQn2/tp01nwCllMNNsXwGHF7PXBNJznMtRz
EE1kRhyu3jE+a6spLlgwMeAowfqcCL43RVldgXFhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUypSzSdjSwO1mNbNFO9ymYajVR9kwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VlNGNmOTAzLTUzM2QtNGJjOS05NWQwLWNhOWVhMTAxMzkyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFiyR9Jg1Ty4vuj7RGbW6eERHNqZ
E3f6tjmj4BP5K58cBb8jDaKGPcLi2NrrwXVdMZQI0V8TLCUmBYQLUifMz6BwO9Ni
k9NB/ElY0AyVgiPxtInWeyRu8lxrH/ueMrw5eI7q1FGZsD31xHQjxPpt12oqC9TB
aMeXE2jqcutoMXIA5pSd8DPwd/5DsX9Q5gUunILDlV6zUIxqnoixQrwglmWY+qXj
0jz2SCtE+WvBdMKuo9P2I34+TQF/Eooe2N7LV3Kj6nX5b5jumoskSAUUdCqTxI0d
PV6bO72beuLxa97uJOHhEfWBSbYwc8ARCx5pqxlPfzTFmBUsa5NfSkqZrdo=
-----END CERTIFICATE-----