Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f7291308-99eb-409d-80b7-34eaeac96cf1.roa
File:                     f7291308-99eb-409d-80b7-34eaeac96cf1.roa (raw, json)
Hash identifier:          ZlvHSHSMgFbcLwP7ughBbJWZ5S4oC3Yzm2ZC3/OPqPg=
Subject key identifier:   43:06:1C:0D:B4:52:47:5E:F8:45:F7:CC:C4:95:1B:61:B0:F8:E6:EE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1FD0E1B2FA2CEB043F6FC7C583AE12C9DA936BC0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f7291308-99eb-409d-80b7-34eaeac96cf1.roa
Signing time:             Sun 27 Aug 2023 00:00:00 +0000
ROA not before:           Sun 27 Aug 2023 00:00:00 +0000
ROA not after:            Sun 01 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:d0:e1:b2:fa:2c:eb:04:3f:6f:c7:c5:83:ae:12:c9:da:93:6b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 27 00:00:00 2023 GMT
            Not After : Oct  1 23:59:59 2023 GMT
        Subject: serialNumber=142c223f28b19c50ed8dc8e8806ae0168f12bd1e1a8a1ff0487c16b705b408b3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:15:b5:c5:72:14:3c:ec:26:91:f9:0a:59:df:
                    5c:ba:a7:0d:11:00:e7:17:1a:b6:1b:65:4e:38:d9:
                    59:09:6d:b9:96:18:fb:ef:42:69:4a:6c:77:43:f8:
                    ee:94:03:8b:fe:a5:4f:cc:44:d3:ed:cd:05:cf:72:
                    fe:45:0c:31:7e:fb:3c:86:9f:6c:69:d7:c6:41:0a:
                    08:f7:c1:98:e5:9e:33:c1:7e:63:68:80:fa:b2:72:
                    82:05:53:77:50:20:2b:c3:8d:1b:d1:d4:16:5a:8c:
                    da:a1:2f:6d:5b:a5:b2:9b:83:00:fa:e0:83:7d:e5:
                    74:b2:61:c9:45:b3:08:eb:3c:89:21:b2:2e:6e:db:
                    da:38:82:3a:ed:87:d6:08:dc:3a:43:1f:5d:d0:1f:
                    57:85:55:bc:9a:fc:11:5c:09:fb:e5:c1:84:c5:89:
                    cf:f0:09:fe:bf:c5:d9:0c:78:74:5a:52:9c:a8:dd:
                    21:9b:45:10:29:c5:11:94:d8:d4:11:bb:b7:84:8f:
                    6b:30:b7:9f:a8:80:c5:e0:c6:b8:4d:f3:5b:81:c6:
                    c3:01:24:c4:ca:ac:ec:a9:2c:c4:01:b5:68:86:d2:
                    14:72:18:6c:32:c8:26:43:e5:7c:47:8c:39:ac:b1:
                    8e:e1:b6:9b:85:3d:09:dd:3c:ab:3d:b7:f5:aa:70:
                    8c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:06:1C:0D:B4:52:47:5E:F8:45:F7:CC:C4:95:1B:61:B0:F8:E6:EE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f7291308-99eb-409d-80b7-34eaeac96cf1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:81:f9:03:98:42:f3:3a:73:cb:65:54:7c:a7:46:a3:d8:4c:
         23:23:45:f4:fe:c7:68:5f:7c:ff:f0:a3:fd:ed:f0:43:83:d2:
         b5:00:99:61:70:70:65:04:88:9a:44:21:d9:67:17:53:eb:e1:
         bd:63:39:d2:d8:d2:0c:80:d5:39:e5:55:a0:a0:9f:3a:62:79:
         84:d7:7c:3f:50:7b:a6:dc:a5:af:58:e3:7d:79:13:c9:c3:2b:
         60:6f:4b:04:f7:fe:4c:bd:92:96:fb:a5:3a:ed:dc:78:d1:73:
         12:6d:8e:84:5d:f3:9a:a6:1b:6f:76:65:8c:fb:68:01:49:ad:
         59:0c:e5:2a:ab:5c:93:76:3a:22:88:0d:67:44:e7:cc:c2:c6:
         f3:f1:bf:22:dd:e4:47:0a:d1:67:4f:5e:e9:f1:42:00:48:cf:
         79:af:f0:52:a3:e8:17:a4:aa:51:4c:0a:ce:10:14:a9:99:3f:
         35:d6:14:4e:b9:72:43:74:c7:64:27:15:96:94:2f:c4:d1:ac:
         6a:46:f0:49:ab:d4:ce:fb:fb:d3:f2:6a:71:56:76:34:1c:ba:
         45:74:9e:33:a9:1b:e7:1d:21:87:97:fa:49:ba:52:66:18:19:
         c9:c0:a6:e5:08:bd:f8:4a:90:a8:1b:32:8d:1a:22:b5:df:07:
         3d:c0:3f:e9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH9Dhsvos6wQ/b8fFg64SydqTa8AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI3MDAwMDAwWhcNMjMxMDAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDJjMjIzZjI4YjE5YzUwZWQ4ZGM4ZTg4MDZhZTAxNjhm
MTJiZDFlMWE4YTFmZjA0ODdjMTZiNzA1YjQwOGIzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyFbXFchQ87CaR+QpZ31y6pw0RAOcXGrYbZU442VkJbbmW
GPvvQmlKbHdD+O6UA4v+pU/MRNPtzQXPcv5FDDF++zyGn2xp18ZBCgj3wZjlnjPB
fmNogPqycoIFU3dQICvDjRvR1BZajNqhL21bpbKbgwD64IN95XSyYclFswjrPIkh
si5u29o4gjrth9YI3DpDH13QH1eFVbya/BFcCfvlwYTFic/wCf6/xdkMeHRaUpyo
3SGbRRApxRGU2NQRu7eEj2swt5+ogMXgxrhN81uBxsMBJMTKrOypLMQBtWiG0hRy
GGwyyCZD5XxHjDmssY7htpuFPQndPKs9t/WqcIz5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQwYcDbRSR174RffMxJUbYbD45u4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y3MjkxMzA4LTk5ZWItNDA5ZC04MGI3LTM0ZWFlYWM5NmNmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADaB+QOYQvM6c8tlVHynRqPYTCMj
RfT+x2hffP/wo/3t8EOD0rUAmWFwcGUEiJpEIdlnF1Pr4b1jOdLY0gyA1TnlVaCg
nzpieYTXfD9Qe6bcpa9Y4315E8nDK2BvSwT3/ky9kpb7pTrt3HjRcxJtjoRd85qm
G292ZYz7aAFJrVkM5SqrXJN2OiKIDWdE58zCxvPxvyLd5EcK0WdPXunxQgBIz3mv
8FKj6BekqlFMCs4QFKmZPzXWFE65ckN0x2QnFZaUL8TRrGpG8Emr1M77+9PyanFW
djQcukV0njOpG+cdIYeX+km6UmYYGcnApuUIvfhKkKgbMo0aIrXfBz3AP+k=
-----END CERTIFICATE-----