Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f18b2a68-b677-4285-8d58-0a4e6c7d6ec5.roa
File:                     f18b2a68-b677-4285-8d58-0a4e6c7d6ec5.roa (raw, json)
Hash identifier:          8jyS9jo/m3Z+wF2rEELXpaMkFDBJGgh/RbS/x9Qf06c=
Subject key identifier:   C8:14:DF:3F:07:19:E5:53:D1:8F:CE:C1:BC:3A:91:65:1E:4F:1C:EC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       59688D1798AB328BDF900EFA17A925982516D421
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f18b2a68-b677-4285-8d58-0a4e6c7d6ec5.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:68:8d:17:98:ab:32:8b:df:90:0e:fa:17:a9:25:98:25:16:d4:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=73ccae9d92ff801ce312c070db0e8dbae784f2cd4b227d96ff2cf7601669ed00, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:78:21:b5:03:df:b2:4b:aa:2d:b0:59:bc:2b:
                    33:08:59:5e:9a:29:18:11:2f:1a:b8:3d:ff:3c:fe:
                    2a:53:e5:e4:06:ba:a3:71:76:40:41:2b:a3:fd:84:
                    bf:ed:ad:97:73:38:ad:1c:ac:35:2c:7b:e1:95:31:
                    b2:77:1a:d7:78:0b:52:bf:1f:13:2e:4e:ca:2b:f9:
                    ae:82:a9:24:71:0c:76:9f:6c:f4:8d:5a:44:bb:44:
                    e5:62:2e:22:79:e4:ca:dd:4c:94:55:7a:1f:8c:42:
                    7b:a7:e0:1b:5d:c3:2e:fd:0b:37:8c:74:4b:fd:c8:
                    5e:f3:74:90:13:15:44:3b:4b:23:19:6e:7a:b3:e3:
                    d8:7c:ab:ce:f7:87:53:82:c4:52:db:c6:27:85:04:
                    2c:d8:9a:3a:cb:07:56:cb:62:7d:6a:6f:92:d6:88:
                    6b:0b:29:03:2c:43:a0:8d:5f:b4:61:54:62:c9:0d:
                    eb:69:38:b9:83:df:5c:c3:e5:a0:38:2a:a9:12:9d:
                    97:eb:6d:92:cf:12:1c:a4:4d:8c:67:63:9b:ef:9e:
                    70:02:37:c1:f3:24:fe:c6:67:f2:a1:67:65:c4:e9:
                    16:57:7e:67:e2:da:47:44:ab:fa:f2:67:eb:e3:6d:
                    c4:16:08:ba:6b:53:71:8d:a6:7b:c8:d3:99:15:85:
                    f2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:14:DF:3F:07:19:E5:53:D1:8F:CE:C1:BC:3A:91:65:1E:4F:1C:EC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f18b2a68-b677-4285-8d58-0a4e6c7d6ec5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:25:e7:e8:83:53:a1:48:09:86:6f:df:fa:ae:6a:ad:ed:b2:
         22:58:21:69:ec:a7:28:1e:f1:a1:bf:08:f6:7b:83:3a:3f:02:
         aa:14:3a:78:67:9c:db:79:9c:db:16:35:34:c9:54:5a:12:c8:
         ac:ec:bf:46:e5:b6:28:55:bf:f2:35:7f:fb:d0:20:6e:0b:5f:
         8c:70:e8:be:ed:ed:01:a7:9e:2a:f8:5f:c7:ea:eb:90:de:24:
         86:66:51:ef:12:25:a1:b7:de:53:5b:a9:b0:b8:0d:99:22:05:
         86:05:42:46:cf:b7:3d:9e:0c:dd:ac:60:5e:7b:24:4d:85:fb:
         50:75:fe:66:b9:53:8c:96:4e:49:5c:2f:76:ab:69:1e:f1:0d:
         94:a9:e9:95:fe:d8:53:7e:30:3a:9e:16:22:60:d8:91:dc:4d:
         4d:8f:60:81:f8:9d:f4:ae:f8:df:ba:69:c4:0e:29:48:35:de:
         d2:29:e7:78:00:3d:43:0b:16:58:d0:c2:a1:1d:e0:43:68:6e:
         5f:a1:9f:7d:a5:69:81:1d:14:0b:e3:35:97:5a:ee:8d:d0:50:
         bc:30:c9:dc:43:57:d7:a8:0d:76:f2:04:70:8f:6b:a8:d6:79:
         64:33:7d:ff:df:e9:b1:b1:68:c2:01:76:e6:b8:42:a2:08:cf:
         52:fe:00:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWWiNF5irMovfkA76F6klmCUW1CEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA4MDAwMDAwWhcNMjMxMDEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3M2NjYWU5ZDkyZmY4MDFjZTMxMmMwNzBkYjBlOGRiYWU3
ODRmMmNkNGIyMjdkOTZmZjJjZjc2MDE2NjllZDAwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOeCG1A9+yS6otsFm8KzMIWV6aKRgRLxq4Pf88/ipT5eQG
uqNxdkBBK6P9hL/trZdzOK0crDUse+GVMbJ3Gtd4C1K/HxMuTsor+a6CqSRxDHaf
bPSNWkS7ROViLiJ55MrdTJRVeh+MQnun4Btdwy79CzeMdEv9yF7zdJATFUQ7SyMZ
bnqz49h8q873h1OCxFLbxieFBCzYmjrLB1bLYn1qb5LWiGsLKQMsQ6CNX7RhVGLJ
DetpOLmD31zD5aA4KqkSnZfrbZLPEhykTYxnY5vvnnACN8HzJP7GZ/KhZ2XE6RZX
fmfi2kdEq/ryZ+vjbcQWCLprU3GNpnvI05kVhfIZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyBTfPwcZ5VPRj87BvDqRZR5PHOwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2YxOGIyYTY4LWI2NzctNDI4NS04ZDU4LTBhNGU2YzdkNmVjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACAl5+iDU6FICYZv3/quaq3tsiJY
IWnspyge8aG/CPZ7gzo/AqoUOnhnnNt5nNsWNTTJVFoSyKzsv0bltihVv/I1f/vQ
IG4LX4xw6L7t7QGnnir4X8fq65DeJIZmUe8SJaG33lNbqbC4DZkiBYYFQkbPtz2e
DN2sYF57JE2F+1B1/ma5U4yWTklcL3araR7xDZSp6ZX+2FN+MDqeFiJg2JHcTU2P
YIH4nfSu+N+6acQOKUg13tIp53gAPUMLFljQwqEd4ENobl+hn32laYEdFAvjNZda
7o3QULwwydxDV9eoDXbyBHCPa6jWeWQzff/f6bGxaMIBdua4QqIIz1L+AGs=
-----END CERTIFICATE-----