Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2fe7972b-61d2-417f-bb6b-404524e757ad.roa
File:                     2fe7972b-61d2-417f-bb6b-404524e757ad.roa (raw, json)
Hash identifier:          bFDvBm1VLsa3qW4rqAZN71jGzV/pIiEKie/9ebP+0Rk=
Subject key identifier:   88:DB:BC:59:60:AF:0E:6A:97:35:B4:60:05:02:7C:55:3C:F4:7F:19
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7F92B3C5F208656A17FECF842959916C5E8513ED
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2fe7972b-61d2-417f-bb6b-404524e757ad.roa
Signing time:             Tue 27 Jun 2023 00:00:00 +0000
ROA not before:           Tue 27 Jun 2023 00:00:00 +0000
ROA not after:            Tue 01 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:92:b3:c5:f2:08:65:6a:17:fe:cf:84:29:59:91:6c:5e:85:13:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 27 00:00:00 2023 GMT
            Not After : Aug  1 23:59:59 2023 GMT
        Subject: serialNumber=86a41d74536dc4b54e26be09448ce618488fa74c1d735ad4d8b09be46de24a0c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:96:c1:52:80:5b:ad:6b:a6:17:fe:aa:32:22:
                    64:b3:f5:1a:c7:9a:ed:6f:37:12:26:fb:71:7e:54:
                    2f:3e:15:d1:e0:a9:07:6a:a7:28:7b:bf:9a:4b:78:
                    a4:48:0f:ef:de:65:68:1f:a9:b0:ee:27:24:e0:cd:
                    6c:1d:0b:f9:ca:23:77:0b:25:8b:49:13:fd:d3:be:
                    95:69:c3:e9:b9:97:e4:22:ca:b6:86:a5:b2:8c:6e:
                    8f:67:8c:b6:36:c0:cb:2a:fb:1c:3b:db:aa:4a:92:
                    e6:17:7b:0b:55:85:fc:8d:b5:b5:e0:9c:44:23:24:
                    bb:41:b0:1b:3f:fa:b5:af:5a:ae:01:be:a2:f9:0d:
                    7b:2e:6e:fe:b8:f3:ae:f4:43:ca:c2:a9:ec:21:60:
                    c9:33:58:18:42:ea:d3:ca:1d:0b:c1:e7:b7:0b:e0:
                    d8:0f:b0:d2:12:e0:c5:a8:96:90:af:8a:e9:5a:a7:
                    c3:6e:0c:87:2b:b0:8b:8b:ff:72:82:d7:f1:5b:c4:
                    be:79:c2:09:04:3d:c3:14:59:87:b7:4f:f6:81:dc:
                    17:7f:8d:08:4f:b3:f0:8f:9e:c2:ee:3d:a5:0d:ef:
                    fe:f4:f4:cc:58:a9:12:00:c4:24:d7:61:84:d2:11:
                    b8:2d:4d:31:bf:35:bd:0b:3c:9f:b3:91:4b:4e:73:
                    ca:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:DB:BC:59:60:AF:0E:6A:97:35:B4:60:05:02:7C:55:3C:F4:7F:19
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2fe7972b-61d2-417f-bb6b-404524e757ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:ef:e8:7f:6c:42:dd:46:20:ff:a6:2f:1b:25:a5:d0:2d:ea:
         9d:cc:20:f1:ec:94:af:ea:5d:68:5a:69:cc:85:90:c4:97:41:
         93:ac:11:1c:ee:63:22:fa:67:33:93:c0:40:34:0f:b8:71:d2:
         b8:54:3e:88:5b:bb:76:c0:96:cd:8b:c4:23:78:1a:fa:64:a0:
         a3:34:1e:06:64:0f:17:a0:5e:de:85:a9:18:83:4c:c9:39:93:
         c9:dc:00:10:db:19:c0:f4:b2:01:79:23:c7:13:8d:24:ae:f9:
         f3:40:3b:51:78:3f:66:e4:66:5b:d1:c1:33:eb:76:9a:83:1b:
         fa:c9:89:e6:bc:37:4f:d5:86:1e:41:3d:74:6e:08:85:70:f2:
         3d:0a:4e:6e:c2:b3:22:32:84:f6:db:07:6e:79:53:16:d8:b3:
         f3:85:83:57:87:61:00:09:45:63:2d:02:4c:61:0e:e6:94:3f:
         d2:9d:7e:1b:e9:ae:4d:f4:81:a1:0a:e2:a5:17:ff:c4:aa:97:
         31:db:07:88:f7:0e:ca:d1:31:8d:03:ff:c9:dd:77:a3:16:c3:
         1c:15:fe:cf:2f:2a:12:05:35:3f:0c:49:84:3a:36:88:2d:47:
         65:db:f7:05:4c:91:0f:e3:cb:7d:11:59:bb:d7:ff:22:e1:da:
         21:c1:3c:60
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUf5KzxfIIZWoX/s+EKVmRbF6FE+0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI3MDAwMDAwWhcNMjMwODAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NmE0MWQ3NDUzNmRjNGI1NGUyNmJlMDk0NDhjZTYxODQ4
OGZhNzRjMWQ3MzVhZDRkOGIwOWJlNDZkZTI0YTBjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCllsFSgFuta6YX/qoyImSz9RrHmu1vNxIm+3F+VC8+FdHg
qQdqpyh7v5pLeKRID+/eZWgfqbDuJyTgzWwdC/nKI3cLJYtJE/3TvpVpw+m5l+Qi
yraGpbKMbo9njLY2wMsq+xw726pKkuYXewtVhfyNtbXgnEQjJLtBsBs/+rWvWq4B
vqL5DXsubv648670Q8rCqewhYMkzWBhC6tPKHQvB57cL4NgPsNIS4MWolpCviula
p8NuDIcrsIuL/3KC1/FbxL55wgkEPcMUWYe3T/aB3Bd/jQhPs/CPnsLuPaUN7/70
9MxYqRIAxCTXYYTSEbgtTTG/Nb0LPJ+zkUtOc8qlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiNu8WWCvDmqXNbRgBQJ8VTz0fxkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJmZTc5NzJiLTYxZDItNDE3Zi1iYjZiLTQwNDUyNGU3NTdhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAXv6H9sQt1GIP+mLxslpdAt6p3M
IPHslK/qXWhaacyFkMSXQZOsERzuYyL6ZzOTwEA0D7hx0rhUPohbu3bAls2LxCN4
GvpkoKM0HgZkDxegXt6FqRiDTMk5k8ncABDbGcD0sgF5I8cTjSSu+fNAO1F4P2bk
ZlvRwTPrdpqDG/rJiea8N0/Vhh5BPXRuCIVw8j0KTm7CsyIyhPbbB255UxbYs/OF
g1eHYQAJRWMtAkxhDuaUP9Kdfhvprk30gaEK4qUX/8SqlzHbB4j3DsrRMY0D/8nd
d6MWwxwV/s8vKhIFNT8MSYQ6NogtR2Xb9wVMkQ/jy30RWbvX/yLh2iHBPGA=
-----END CERTIFICATE-----