Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/eece3017-e4f4-4198-b9dd-37f13634d0cc.roa
File:                     eece3017-e4f4-4198-b9dd-37f13634d0cc.roa (raw, json)
Hash identifier:          sgX69hUoIWY4m/bh4fDJ70AVK3XRYCZUJyLcKmta89I=
Subject key identifier:   5E:E9:2D:A2:5E:A9:8B:4B:E3:BD:04:D7:12:7A:F6:65:34:97:60:CD
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3E02C5E194B62A38FDF0E6B288DBA55140ECB4B0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/eece3017-e4f4-4198-b9dd-37f13634d0cc.roa
Signing time:             Wed 16 Aug 2023 00:00:00 +0000
ROA not before:           Wed 16 Aug 2023 00:00:00 +0000
ROA not after:            Wed 20 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:02:c5:e1:94:b6:2a:38:fd:f0:e6:b2:88:db:a5:51:40:ec:b4:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 16 00:00:00 2023 GMT
            Not After : Sep 20 23:59:59 2023 GMT
        Subject: serialNumber=956dfc5ec01f26b20d2217fbc8f4f53f65acaf868396d030a52ae7bb142945e6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:32:df:44:ee:ed:71:32:10:5a:a7:5e:01:f4:
                    6e:5d:35:cc:b2:d7:46:92:2b:3e:c3:8f:95:b8:cd:
                    68:bd:d5:93:f9:d5:23:dd:74:1b:81:ff:c9:5b:03:
                    ae:44:fd:c7:07:3f:aa:1d:67:e5:c6:9d:7e:7c:16:
                    32:d9:df:7f:47:10:e8:0a:72:6f:53:c3:d9:79:e8:
                    51:e5:6c:11:e1:ab:3a:58:27:df:24:d2:f7:04:f9:
                    c5:7e:3b:23:e7:de:da:90:e2:da:aa:ea:7c:28:94:
                    8b:d2:79:8b:28:a1:b5:3b:2b:3f:4f:1e:e3:20:21:
                    c6:c0:27:f7:9f:25:1b:de:b9:c9:51:8b:38:c4:0d:
                    20:11:91:2e:cd:ef:38:89:46:d6:a1:20:b7:3a:5f:
                    39:17:a6:c0:7b:1c:fe:95:15:da:c4:0e:e6:e9:cf:
                    f5:f6:81:ec:a9:0e:99:ca:c2:76:a2:cb:20:6e:c0:
                    20:e9:70:9b:35:2b:a4:37:e3:c0:00:99:a1:42:95:
                    31:27:c1:7f:b9:3d:18:00:d9:73:ac:d0:80:56:8c:
                    5d:a0:50:6e:a4:b6:ff:73:d4:2e:fa:22:e1:bb:78:
                    37:e3:d5:db:46:b9:c4:1a:63:d6:12:34:f4:27:89:
                    24:d3:e0:13:fe:aa:5d:96:20:7a:14:1d:f2:a1:01:
                    e7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E9:2D:A2:5E:A9:8B:4B:E3:BD:04:D7:12:7A:F6:65:34:97:60:CD
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/eece3017-e4f4-4198-b9dd-37f13634d0cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:f9:a6:8a:f4:52:da:d1:89:a1:84:0a:58:bc:e2:5b:ea:e7:
         64:a7:b4:78:1f:c7:58:6f:d1:8f:2a:92:b2:c1:5a:13:dd:4c:
         b4:14:c2:f9:52:47:82:61:7a:ad:b2:91:84:91:3f:b4:a3:6e:
         d1:e0:7b:50:ac:2f:ce:f2:c3:55:10:d3:c9:99:ec:29:57:08:
         d1:0d:7d:48:5e:52:ed:1d:ae:3b:a8:8b:5c:bc:6f:36:4c:a0:
         bc:bd:65:cd:cc:36:9c:7b:0e:fc:bb:3a:94:b4:9d:0d:f8:53:
         c6:1e:61:99:0a:e3:c6:4e:49:b0:72:5d:c6:68:55:b9:72:c4:
         52:8f:6a:f3:13:d3:e1:1f:e7:ec:23:c8:b7:d5:ce:ff:3d:b6:
         84:07:69:ec:0d:b9:76:c6:3c:71:ba:0e:9a:db:d0:aa:a3:ba:
         3c:09:d5:f9:0d:f3:5e:18:da:69:c3:dc:f0:b1:f8:85:0c:5b:
         30:9c:d3:8a:a2:16:24:8f:a5:28:90:d6:14:93:6d:02:d0:9d:
         79:bd:d3:84:4a:55:74:0c:57:48:58:4a:5c:6b:fb:ab:e4:c3:
         e4:c7:ee:95:16:31:52:44:e0:c5:8d:00:dd:bb:1f:57:6e:fc:
         a5:d4:6b:b3:3c:d3:ae:42:f7:81:64:bd:34:a5:14:40:0c:36:
         f0:cd:08:50
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPgLF4ZS2Kjj98OayiNulUUDstLAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE2MDAwMDAwWhcNMjMwOTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NTZkZmM1ZWMwMWYyNmIyMGQyMjE3ZmJjOGY0ZjUzZjY1
YWNhZjg2ODM5NmQwMzBhNTJhZTdiYjE0Mjk0NWU2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaMt9E7u1xMhBap14B9G5dNcyy10aSKz7Dj5W4zWi91ZP5
1SPddBuB/8lbA65E/ccHP6odZ+XGnX58FjLZ339HEOgKcm9Tw9l56FHlbBHhqzpY
J98k0vcE+cV+OyPn3tqQ4tqq6nwolIvSeYsoobU7Kz9PHuMgIcbAJ/efJRveuclR
izjEDSARkS7N7ziJRtahILc6XzkXpsB7HP6VFdrEDubpz/X2geypDpnKwnaiyyBu
wCDpcJs1K6Q348AAmaFClTEnwX+5PRgA2XOs0IBWjF2gUG6ktv9z1C76IuG7eDfj
1dtGucQaY9YSNPQniSTT4BP+ql2WIHoUHfKhAecBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXuktol6pi0vjvQTXEnr2ZTSXYM0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VlY2UzMDE3LWU0ZjQtNDE5OC1iOWRkLTM3ZjEzNjM0ZDBjYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALD5por0UtrRiaGECli84lvq52Sn
tHgfx1hv0Y8qkrLBWhPdTLQUwvlSR4Jheq2ykYSRP7SjbtHge1CsL87yw1UQ08mZ
7ClXCNENfUheUu0drjuoi1y8bzZMoLy9Zc3MNpx7Dvy7OpS0nQ34U8YeYZkK48ZO
SbByXcZoVblyxFKPavMT0+Ef5+wjyLfVzv89toQHaewNuXbGPHG6Dprb0KqjujwJ
1fkN814Y2mnD3PCx+IUMWzCc04qiFiSPpSiQ1hSTbQLQnXm904RKVXQMV0hYSlxr
+6vkw+TH7pUWMVJE4MWNAN27H1du/KXUa7M8065C94FkvTSlFEAMNvDNCFA=
-----END CERTIFICATE-----