Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f5479f05-7749-41ce-a904-41e36d4885fc.roa
File:                     f5479f05-7749-41ce-a904-41e36d4885fc.roa (raw, json)
Hash identifier:          ijsiczYM9Yt0okx08WKnX+trPACg3XqnQJmV3u15N/o=
Subject key identifier:   85:C1:0C:D0:EE:9F:3D:F5:CE:3F:8D:F6:33:09:C1:3A:B6:25:63:E5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       40F525319C17F3E4828B4051044E8D58CF00ADFD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f5479f05-7749-41ce-a904-41e36d4885fc.roa
Signing time:             Thu 16 Nov 2023 00:00:00 +0000
ROA not before:           Thu 16 Nov 2023 00:00:00 +0000
ROA not after:            Thu 21 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:f5:25:31:9c:17:f3:e4:82:8b:40:51:04:4e:8d:58:cf:00:ad:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 16 00:00:00 2023 GMT
            Not After : Dec 21 23:59:59 2023 GMT
        Subject: serialNumber=4c6ed3eb63a695002f40c2287086f097d4be094b12e1e53c553bfadb943d97c3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a6:9b:a5:75:cd:a4:75:2a:b3:91:a5:ba:9b:
                    41:3d:57:36:46:df:e9:cb:60:6b:52:b2:29:bc:a8:
                    2b:80:c3:1c:76:1b:e7:d4:d2:8d:aa:ae:37:c6:0a:
                    06:df:77:0d:75:aa:6b:47:36:28:8e:c6:2e:27:63:
                    b1:bd:6b:38:15:56:72:f5:54:a3:ea:17:89:3a:b7:
                    bc:89:ec:24:83:c6:d3:39:f9:f4:50:34:a3:42:70:
                    e2:59:4f:0c:da:44:72:f9:a2:6a:b6:fe:cb:94:65:
                    d8:5c:b6:63:5b:e2:82:72:38:8f:b7:ed:9a:b6:d4:
                    fd:bd:a2:cf:4d:61:e6:05:12:52:2c:ab:86:a7:99:
                    a2:7c:b0:44:fa:c7:46:af:dc:ff:4f:20:21:ae:e7:
                    4d:76:ca:97:4c:e4:54:f6:d2:e6:32:37:47:ae:40:
                    bd:a2:1d:bf:49:8e:fe:6d:26:c0:37:67:70:c9:6a:
                    48:f1:03:a8:51:9c:ce:0a:2b:c0:ff:60:d8:0e:fe:
                    03:cf:1a:0c:d8:1e:8d:bd:eb:f6:57:c9:2a:25:c2:
                    e0:7f:9e:0d:e8:02:c6:d9:f5:55:ac:1d:4a:01:4c:
                    b2:1f:0c:21:17:fb:b4:d7:6f:63:a5:ab:93:0b:22:
                    a1:56:d6:bf:c1:1e:ff:df:6b:36:b2:52:33:02:92:
                    fb:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:C1:0C:D0:EE:9F:3D:F5:CE:3F:8D:F6:33:09:C1:3A:B6:25:63:E5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f5479f05-7749-41ce-a904-41e36d4885fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:45:f8:ff:e3:21:3c:f9:81:c2:ad:d1:c3:22:f3:49:8b:18:
         16:23:d9:f3:8e:40:86:8d:c2:91:72:00:46:d8:27:bf:93:be:
         70:a6:a5:cf:42:58:d3:93:3a:93:ff:9e:65:35:da:bf:4c:20:
         73:d8:0c:21:80:aa:3d:42:9d:14:bb:c7:53:cb:41:06:9a:07:
         cc:99:75:38:da:8b:e7:fa:b0:5e:ff:78:e6:d9:3b:fb:f9:73:
         28:19:06:59:7a:fd:66:d0:44:13:6c:9a:66:46:3b:30:76:42:
         cb:9d:89:9b:dd:1d:46:33:b0:81:fe:e1:d4:23:f9:2a:7f:75:
         da:7f:79:fa:7a:56:28:4d:0b:31:15:02:45:f0:56:bb:aa:f9:
         bb:c8:0e:cd:70:69:68:11:3a:da:aa:7b:d2:00:53:13:a2:38:
         5c:15:32:87:b4:de:e6:23:a6:84:0b:56:81:cf:f9:e0:3b:ac:
         ca:ca:64:d7:ef:97:ef:dd:c8:74:e9:9f:cc:4c:70:06:c2:28:
         f4:02:b3:e2:3c:8a:26:71:33:da:5d:99:54:f6:96:9c:a9:1a:
         fe:d6:a4:0b:25:ce:3f:7d:8f:99:2b:4f:12:b3:a9:77:b7:68:
         0a:9a:16:88:e1:0b:50:d1:a4:32:22:18:17:60:ac:b5:f3:60:
         de:2a:64:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQPUlMZwX8+SCi0BRBE6NWM8Arf0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE2MDAwMDAwWhcNMjMxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YzZlZDNlYjYzYTY5NTAwMmY0MGMyMjg3MDg2ZjA5N2Q0
YmUwOTRiMTJlMWU1M2M1NTNiZmFkYjk0M2Q5N2MzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrppuldc2kdSqzkaW6m0E9VzZG3+nLYGtSsim8qCuAwxx2
G+fU0o2qrjfGCgbfdw11qmtHNiiOxi4nY7G9azgVVnL1VKPqF4k6t7yJ7CSDxtM5
+fRQNKNCcOJZTwzaRHL5omq2/suUZdhctmNb4oJyOI+37Zq21P29os9NYeYFElIs
q4anmaJ8sET6x0av3P9PICGu5012ypdM5FT20uYyN0euQL2iHb9Jjv5tJsA3Z3DJ
akjxA6hRnM4KK8D/YNgO/gPPGgzYHo296/ZXySolwuB/ng3oAsbZ9VWsHUoBTLIf
DCEX+7TXb2Olq5MLIqFW1r/BHv/fazayUjMCkvuzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhcEM0O6fPfXOP432MwnBOrYlY+UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y1NDc5ZjA1LTc3NDktNDFjZS1hOTA0LTQxZTM2ZDQ4ODVmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJNF+P/jITz5gcKt0cMi80mLGBYj
2fOOQIaNwpFyAEbYJ7+TvnCmpc9CWNOTOpP/nmU12r9MIHPYDCGAqj1CnRS7x1PL
QQaaB8yZdTjai+f6sF7/eObZO/v5cygZBll6/WbQRBNsmmZGOzB2QsudiZvdHUYz
sIH+4dQj+Sp/ddp/efp6VihNCzEVAkXwVruq+bvIDs1waWgROtqqe9IAUxOiOFwV
Moe03uYjpoQLVoHP+eA7rMrKZNfvl+/dyHTpn8xMcAbCKPQCs+I8iiZxM9pdmVT2
lpypGv7WpAslzj99j5krTxKzqXe3aAqaFojhC1DRpDIiGBdgrLXzYN4qZAg=
-----END CERTIFICATE-----