Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ad2d51e-95c4-4502-8428-93686e741d32.roa
File:                     4ad2d51e-95c4-4502-8428-93686e741d32.roa (raw, json)
Hash identifier:          C5DZGkfRSMZuaeDv+bA3fnHm6LbrT0876vmm/BTBLUI=
Subject key identifier:   F0:00:88:3F:CC:70:B1:C3:A2:E0:A0:42:3A:F9:4C:6B:8C:CD:21:23
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3AFDD6E6DB5D4A2F3661E9A38B383FAEAEA9A170
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ad2d51e-95c4-4502-8428-93686e741d32.roa
Signing time:             Tue 23 Jan 2024 00:00:00 +0000
ROA not before:           Tue 23 Jan 2024 00:00:00 +0000
ROA not after:            Tue 27 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:fd:d6:e6:db:5d:4a:2f:36:61:e9:a3:8b:38:3f:ae:ae:a9:a1:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 23 00:00:00 2024 GMT
            Not After : Feb 27 23:59:59 2024 GMT
        Subject: serialNumber=8eaabb9ef16c405027f6878f465d2be446ed2a78f5ff9de974709e975db6c013, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:00:e8:d3:f0:95:40:08:98:b9:41:a8:d5:3b:
                    3c:d0:4a:b6:b8:a4:05:7a:0b:b0:1a:22:a6:c4:e4:
                    18:22:b2:28:df:f9:11:da:ab:fe:a1:d5:f9:ed:aa:
                    8b:d3:08:8e:89:f1:dd:e5:9a:f3:01:53:15:7a:df:
                    7f:7f:2a:45:71:22:4b:a7:6c:22:9d:0e:92:98:b1:
                    d8:0a:54:e6:6b:3d:30:f5:97:8a:5a:61:a9:25:e1:
                    59:a8:ac:92:71:f0:1f:c7:bd:59:ef:c5:5b:5d:8a:
                    39:eb:e9:a8:67:2b:d5:e4:15:86:1e:b3:b8:b5:88:
                    de:95:36:16:76:ad:3d:01:cc:be:0c:5f:79:3e:ba:
                    2b:33:0b:d7:05:3e:e3:73:6f:70:fd:0c:ca:f8:01:
                    16:dc:96:8b:b7:32:fe:85:69:73:03:e8:1d:fb:96:
                    f4:df:0f:db:a8:23:c7:33:e0:da:57:c4:8e:77:4a:
                    71:7c:b7:b0:8a:dd:0b:48:09:61:8f:ca:39:9d:16:
                    aa:89:86:d1:c1:9e:73:c6:c5:63:c1:8f:73:b3:95:
                    52:04:66:34:8a:6f:00:19:f4:24:84:41:00:3a:01:
                    43:64:96:91:8d:6b:4d:2a:9a:ca:f2:f5:f9:0f:1b:
                    a8:d0:5d:85:ce:d6:e3:00:ea:8f:68:77:49:b9:a3:
                    c2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:00:88:3F:CC:70:B1:C3:A2:E0:A0:42:3A:F9:4C:6B:8C:CD:21:23
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ad2d51e-95c4-4502-8428-93686e741d32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:49:0a:af:18:7c:6a:f9:74:9a:cf:2a:4f:19:5c:5a:9d:63:
         85:54:ea:16:b5:b5:b7:37:52:71:3a:ea:2d:91:52:43:e2:6a:
         c4:f0:7b:90:d0:46:57:ca:01:9d:54:d2:14:8a:82:8f:e7:98:
         bf:86:8d:41:64:87:f8:16:87:db:94:34:c4:80:fb:dd:9f:a7:
         ec:0b:2c:00:c3:36:c3:6f:93:f0:c0:80:ad:4c:ee:88:c3:67:
         bd:58:9f:5b:8c:84:5e:b4:8d:8a:46:30:45:c3:ea:5c:aa:d7:
         4c:0d:b0:75:3b:01:ff:c6:6f:36:c5:af:72:16:7b:46:0b:af:
         19:78:d7:36:eb:18:76:88:67:8e:3d:92:c8:71:8e:f6:1d:44:
         13:4c:1c:d4:f1:d8:9a:0c:0a:57:39:4b:d1:99:0e:b4:f8:9d:
         90:1e:20:f4:ed:b1:62:f7:0f:4a:14:68:dd:25:9c:f4:8a:4b:
         37:a4:b3:13:9e:40:3c:4c:d8:d3:1c:f2:83:ac:a8:c7:ff:f4:
         ab:63:26:f8:b9:62:d9:b7:ed:c0:46:2f:bc:f2:4f:07:44:3f:
         9b:bd:00:b9:84:04:e3:0c:6d:e0:b5:83:e5:35:6b:9e:24:b8:
         99:ff:77:43:66:79:2e:29:da:03:82:90:1a:2c:3b:8e:52:1e:
         58:c6:85:ba
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOv3W5ttdSi82Yemjizg/rq6poXAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTIzMDAwMDAwWhcNMjQwMjI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZWFhYmI5ZWYxNmM0MDUwMjdmNjg3OGY0NjVkMmJlNDQ2
ZWQyYTc4ZjVmZjlkZTk3NDcwOWU5NzVkYjZjMDEzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKAOjT8JVACJi5QajVOzzQSra4pAV6C7AaIqbE5Bgisijf
+RHaq/6h1fntqovTCI6J8d3lmvMBUxV6339/KkVxIkunbCKdDpKYsdgKVOZrPTD1
l4paYakl4VmorJJx8B/HvVnvxVtdijnr6ahnK9XkFYYes7i1iN6VNhZ2rT0BzL4M
X3k+uiszC9cFPuNzb3D9DMr4ARbclou3Mv6FaXMD6B37lvTfD9uoI8cz4NpXxI53
SnF8t7CK3QtICWGPyjmdFqqJhtHBnnPGxWPBj3OzlVIEZjSKbwAZ9CSEQQA6AUNk
lpGNa00qmsry9fkPG6jQXYXO1uMA6o9od0m5o8KVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8ACIP8xwscOi4KBCOvlMa4zNISMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRhZDJkNTFlLTk1YzQtNDUwMi04NDI4LTkzNjg2ZTc0MWQzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABZJCq8YfGr5dJrPKk8ZXFqdY4VU
6ha1tbc3UnE66i2RUkPiasTwe5DQRlfKAZ1U0hSKgo/nmL+GjUFkh/gWh9uUNMSA
+92fp+wLLADDNsNvk/DAgK1M7ojDZ71Yn1uMhF60jYpGMEXD6lyq10wNsHU7Af/G
bzbFr3IWe0YLrxl41zbrGHaIZ449kshxjvYdRBNMHNTx2JoMClc5S9GZDrT4nZAe
IPTtsWL3D0oUaN0lnPSKSzeksxOeQDxM2NMc8oOsqMf/9KtjJvi5Ytm37cBGL7zy
TwdEP5u9ALmEBOMMbeC1g+U1a54kuJn/d0NmeS4p2gOCkBosO45SHljGhbo=
-----END CERTIFICATE-----