Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0bfee2b4-ca98-48a0-b94d-f06e8b5cc31f.roa
File:                     0bfee2b4-ca98-48a0-b94d-f06e8b5cc31f.roa (raw, json)
Hash identifier:          priT854Soelg3Eudf5WN0J2tf6n8uIwKCtXqtEP8Aew=
Subject key identifier:   2D:2C:0B:4B:A5:92:04:6D:FD:84:33:C1:9D:9D:8E:7F:9E:7B:A2:C0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       02004FB8C0E33CABB754A4CC0946213416A5F6A6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0bfee2b4-ca98-48a0-b94d-f06e8b5cc31f.roa
Signing time:             Fri 11 Aug 2023 00:00:00 +0000
ROA not before:           Fri 11 Aug 2023 00:00:00 +0000
ROA not after:            Fri 15 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:00:4f:b8:c0:e3:3c:ab:b7:54:a4:cc:09:46:21:34:16:a5:f6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 11 00:00:00 2023 GMT
            Not After : Sep 15 23:59:59 2023 GMT
        Subject: serialNumber=e56bec0513109933e4eec768e06376ef347e22abefa6f358246c3ddc0eb399d3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c0:55:23:fe:26:d5:72:57:36:31:61:bf:e8:
                    bc:c5:d8:87:42:a6:ec:f1:4f:f2:d5:5e:28:71:c9:
                    35:e0:1a:fa:87:ad:9c:e7:b2:ff:fd:5a:34:f0:4f:
                    57:36:88:0a:6c:dc:84:c5:2e:6b:52:7c:64:bd:9d:
                    58:2c:2c:13:5b:47:1c:ba:28:18:ef:49:20:02:2c:
                    c9:25:e0:04:6f:bb:1b:4c:05:d9:5f:ff:0c:f4:c5:
                    72:86:1f:90:8f:46:7a:4b:a0:f7:18:33:e0:3d:35:
                    89:6e:c7:5b:b1:59:af:57:8a:88:1d:6b:2a:f2:01:
                    72:b7:4e:47:5c:d4:80:21:54:c6:f9:ad:55:59:7a:
                    2b:7f:58:d6:16:48:5d:fe:ec:99:d6:da:b3:fe:2c:
                    61:61:9f:c3:5b:bb:e3:e5:01:0c:30:b8:c3:45:01:
                    26:b5:d5:16:dc:8d:c7:05:18:f8:4b:25:c8:73:56:
                    58:2d:63:e4:61:cf:4f:a3:37:66:d8:03:c0:d4:52:
                    4b:74:27:0c:13:cc:ef:fe:e6:02:33:36:fb:12:7b:
                    93:b4:4c:4b:8f:9b:dc:b1:21:f4:6d:72:61:8b:f3:
                    25:8b:13:2f:c1:6d:a9:7a:96:4a:bb:c0:c7:cd:0e:
                    91:48:df:26:ee:ec:f8:4b:db:3a:b1:f1:3a:d5:1d:
                    10:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:2C:0B:4B:A5:92:04:6D:FD:84:33:C1:9D:9D:8E:7F:9E:7B:A2:C0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0bfee2b4-ca98-48a0-b94d-f06e8b5cc31f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:69:0c:ba:a0:a0:46:d2:3c:95:58:d1:95:78:7a:86:78:8c:
         4b:dd:1b:02:51:21:20:52:47:d1:eb:b9:35:ec:16:91:01:b6:
         af:7e:c1:f9:b1:fb:27:20:6d:a4:14:03:d0:9e:55:b6:1e:b4:
         29:9b:e3:bb:4c:fc:75:ef:0b:fe:a0:e4:f1:5a:b2:ef:e1:f6:
         8b:e7:fe:a8:70:2d:44:9b:bb:98:6f:1c:7a:db:e9:78:01:97:
         d6:15:6b:a5:5e:3f:03:4c:b9:78:b6:5d:90:8d:2a:6a:87:31:
         b3:44:4a:0e:a8:7e:fc:12:46:1f:eb:71:33:98:ca:23:0c:ef:
         4a:41:45:d7:85:75:66:41:47:4e:5e:bc:a2:08:1f:cf:7c:b6:
         e4:6c:0f:77:02:4e:68:1b:f0:6d:29:51:6b:68:31:94:cf:cf:
         69:4f:6b:b8:43:a4:a8:4e:69:cc:83:4f:1a:e3:20:f3:d5:45:
         7e:fe:1d:7c:45:e2:8d:9e:c2:46:2b:a0:8a:6d:28:53:5d:82:
         f9:54:19:a4:c2:76:47:fe:5f:38:bd:ee:55:59:3b:ab:cf:5e:
         4c:10:85:4a:d8:7c:68:9c:b8:b5:fd:e8:08:cc:0d:12:9c:d9:
         11:41:75:cc:3b:c2:3d:a0:ea:9d:7a:c0:45:04:86:7c:9b:55:
         a3:ec:f5:2c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAgBPuMDjPKu3VKTMCUYhNBal9qYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODExMDAwMDAwWhcNMjMwOTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTZiZWMwNTEzMTA5OTMzZTRlZWM3NjhlMDYzNzZlZjM0
N2UyMmFiZWZhNmYzNTgyNDZjM2RkYzBlYjM5OWQzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5wFUj/ibVclc2MWG/6LzF2IdCpuzxT/LVXihxyTXgGvqH
rZznsv/9WjTwT1c2iAps3ITFLmtSfGS9nVgsLBNbRxy6KBjvSSACLMkl4ARvuxtM
Bdlf/wz0xXKGH5CPRnpLoPcYM+A9NYlux1uxWa9XiogdayryAXK3Tkdc1IAhVMb5
rVVZeit/WNYWSF3+7JnW2rP+LGFhn8Nbu+PlAQwwuMNFASa11RbcjccFGPhLJchz
VlgtY+Rhz0+jN2bYA8DUUkt0JwwTzO/+5gIzNvsSe5O0TEuPm9yxIfRtcmGL8yWL
Ey/Bbal6lkq7wMfNDpFI3ybu7PhL2zqx8TrVHRCVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULSwLS6WSBG39hDPBnZ2Of557osAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBiZmVlMmI0LWNhOTgtNDhhMC1iOTRkLWYwNmU4YjVjYzMxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFFpDLqgoEbSPJVY0ZV4eoZ4jEvd
GwJRISBSR9HruTXsFpEBtq9+wfmx+ycgbaQUA9CeVbYetCmb47tM/HXvC/6g5PFa
su/h9ovn/qhwLUSbu5hvHHrb6XgBl9YVa6VePwNMuXi2XZCNKmqHMbNESg6ofvwS
Rh/rcTOYyiMM70pBRdeFdWZBR05evKIIH898tuRsD3cCTmgb8G0pUWtoMZTPz2lP
a7hDpKhOacyDTxrjIPPVRX7+HXxF4o2ewkYroIptKFNdgvlUGaTCdkf+Xzi97lVZ
O6vPXkwQhUrYfGicuLX96AjMDRKc2RFBdcw7wj2g6p16wEUEhnybVaPs9Sw=
-----END CERTIFICATE-----