Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/48f49c54-18be-4df6-879d-594b4b410383.roa
File:                     48f49c54-18be-4df6-879d-594b4b410383.roa (raw, json)
Hash identifier:          aWppbm4fsRgRb075G7YhXwtEPNQ/vK1c2geV2GNe2Ik=
Subject key identifier:   25:1B:78:88:19:BE:C6:E6:3A:2B:90:0C:DD:3F:3B:E0:63:E9:B9:AC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4579694FEBE4BB38F4182F06980D71361786EBA5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/48f49c54-18be-4df6-879d-594b4b410383.roa
Signing time:             Wed 23 Aug 2023 00:00:00 +0000
ROA not before:           Wed 23 Aug 2023 00:00:00 +0000
ROA not after:            Wed 27 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:79:69:4f:eb:e4:bb:38:f4:18:2f:06:98:0d:71:36:17:86:eb:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 23 00:00:00 2023 GMT
            Not After : Sep 27 23:59:59 2023 GMT
        Subject: serialNumber=dc239fa2d750f903c9c99b30d5dcaff4b5b1ae53f8b76c9b3224926fd696237b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f6:c0:aa:7e:5a:b5:7c:ac:67:f5:61:da:13:
                    b5:af:1e:60:88:01:46:f2:56:f8:2a:3f:8e:53:df:
                    11:22:fa:22:15:c8:46:9b:d9:0e:14:6c:19:9e:09:
                    f3:a6:ea:48:58:23:a6:27:60:38:15:ea:2a:1b:cd:
                    d8:58:05:dd:b2:af:65:56:74:31:20:0b:e5:fc:91:
                    53:74:19:47:fb:14:71:71:32:e4:09:68:53:4a:3b:
                    69:1c:81:ff:e1:9b:bf:bd:c7:a7:6a:2d:ee:af:5c:
                    99:81:cf:90:00:49:92:10:87:46:5c:db:e1:42:89:
                    20:78:66:f3:c6:66:58:ba:87:8d:5e:1e:20:a2:ab:
                    b4:7f:4b:c2:5d:a2:7b:dc:e1:7e:2f:58:7b:aa:bc:
                    8e:b5:31:ea:db:a5:b5:04:e1:6f:8b:43:ab:12:40:
                    53:ae:9d:05:10:a8:bd:05:2d:74:99:52:42:fd:7b:
                    a3:cd:dd:a5:eb:db:d8:24:03:0c:5b:39:cd:da:53:
                    e4:5c:8a:99:d1:32:0b:dc:8a:78:5b:d0:57:ff:78:
                    e7:e9:14:8d:d9:22:5b:3c:d3:de:15:7f:95:18:9f:
                    34:2c:3e:6c:37:12:98:61:80:a6:d2:0c:85:40:3a:
                    b7:d1:bb:6b:31:5c:ce:e0:3d:82:44:b9:d4:9b:47:
                    e6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:1B:78:88:19:BE:C6:E6:3A:2B:90:0C:DD:3F:3B:E0:63:E9:B9:AC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/48f49c54-18be-4df6-879d-594b4b410383.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:c5:c4:d1:3a:32:c8:13:0d:66:9e:92:27:39:77:46:61:8b:
         a9:b7:f8:a0:93:9f:54:18:18:8b:a8:63:35:d4:7d:71:bd:3a:
         00:19:dc:64:22:b2:98:4f:57:21:eb:92:2b:ac:6a:82:82:a5:
         3d:0f:6a:af:b1:de:8d:3b:6c:fb:63:81:13:c8:d3:42:1e:39:
         12:41:5c:76:3a:07:3c:aa:85:7f:65:2f:cf:95:c5:15:3b:4d:
         fa:56:d3:ee:67:8d:7f:03:58:d6:d6:a2:9c:71:34:ad:da:57:
         f6:89:0a:6c:80:b2:52:88:95:e4:ee:3d:de:fb:d6:f4:02:aa:
         d6:2a:76:1a:67:97:b5:01:67:05:dd:3d:17:f6:9c:9f:db:53:
         f2:9a:cf:42:08:70:14:6f:6d:a3:9d:e1:10:93:06:5c:b5:f4:
         68:c9:69:a3:5a:b2:99:fd:27:44:5b:e0:fe:f4:4f:25:3e:2c:
         f8:5f:f7:4f:41:55:f8:a5:30:12:27:77:1b:7d:69:82:fb:1c:
         25:ff:c5:19:d8:30:55:db:1c:62:d5:5f:a0:d6:f9:47:f3:c7:
         a7:0f:74:e5:aa:c9:d0:d3:8b:c5:62:10:89:28:04:7a:87:df:
         b8:55:1b:a6:fa:76:35:e5:35:80:0b:b2:d6:a3:39:97:15:64:
         bf:b6:f8:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURXlpT+vkuzj0GC8GmA1xNheG66UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODIzMDAwMDAwWhcNMjMwOTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzIzOWZhMmQ3NTBmOTAzYzljOTliMzBkNWRjYWZmNGI1
YjFhZTUzZjhiNzZjOWIzMjI0OTI2ZmQ2OTYyMzdiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd9sCqflq1fKxn9WHaE7WvHmCIAUbyVvgqP45T3xEi+iIV
yEab2Q4UbBmeCfOm6khYI6YnYDgV6iobzdhYBd2yr2VWdDEgC+X8kVN0GUf7FHFx
MuQJaFNKO2kcgf/hm7+9x6dqLe6vXJmBz5AASZIQh0Zc2+FCiSB4ZvPGZli6h41e
HiCiq7R/S8Jdonvc4X4vWHuqvI61MerbpbUE4W+LQ6sSQFOunQUQqL0FLXSZUkL9
e6PN3aXr29gkAwxbOc3aU+RcipnRMgvcinhb0Ff/eOfpFI3ZIls8094Vf5UYnzQs
Pmw3EphhgKbSDIVAOrfRu2sxXM7gPYJEudSbR+axAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJRt4iBm+xuY6K5AM3T874GPpuawwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ4ZjQ5YzU0LTE4YmUtNGRmNi04NzlkLTU5NGI0YjQxMDM4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC3FxNE6MsgTDWaekic5d0Zhi6m3
+KCTn1QYGIuoYzXUfXG9OgAZ3GQisphPVyHrkiusaoKCpT0Paq+x3o07bPtjgRPI
00IeORJBXHY6BzyqhX9lL8+VxRU7TfpW0+5njX8DWNbWopxxNK3aV/aJCmyAslKI
leTuPd771vQCqtYqdhpnl7UBZwXdPRf2nJ/bU/Kaz0IIcBRvbaOd4RCTBly19GjJ
aaNaspn9J0Rb4P70TyU+LPhf909BVfilMBIndxt9aYL7HCX/xRnYMFXbHGLVX6DW
+Ufzx6cPdOWqydDTi8ViEIkoBHqH37hVG6b6djXlNYALstajOZcVZL+2+EA=
-----END CERTIFICATE-----