Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ba1858c-ee71-4d39-b138-5fa711f4d191.roa
File:                     4ba1858c-ee71-4d39-b138-5fa711f4d191.roa (raw, json)
Hash identifier:          wCMfB3HiW1fS61XHUgcjcKifBQfIBfDXo6WgUNV2cMI=
Subject key identifier:   5A:A2:25:9B:99:88:F1:E0:EC:06:87:A8:4C:72:38:F9:77:18:CB:4A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       09F54A6E6E3243C3D67634D8F9DA908CA191DE04
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ba1858c-ee71-4d39-b138-5fa711f4d191.roa
Signing time:             Tue 27 Jun 2023 00:00:00 +0000
ROA not before:           Tue 27 Jun 2023 00:00:00 +0000
ROA not after:            Tue 01 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:f5:4a:6e:6e:32:43:c3:d6:76:34:d8:f9:da:90:8c:a1:91:de:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 27 00:00:00 2023 GMT
            Not After : Aug  1 23:59:59 2023 GMT
        Subject: serialNumber=38366d2dbaf1cdfeb42320d0dd7c2de2aa64b64065def0999840809fa095a69f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6d:63:2b:2f:e0:54:17:69:60:48:7b:0c:30:
                    0d:11:5f:a2:91:c2:5d:b9:7f:b1:76:a3:ff:51:31:
                    03:a5:0f:6d:af:f8:fc:e9:ab:cb:56:86:1b:ad:28:
                    12:0f:fb:65:68:bf:9a:7b:e4:6d:ca:ce:9d:09:78:
                    53:e2:67:2f:07:82:c0:e7:c2:ef:b6:47:87:2d:02:
                    75:cd:34:ab:c4:10:58:73:f5:65:67:b1:80:74:95:
                    75:24:7f:0c:17:5c:d2:a5:c1:a8:d4:28:90:83:37:
                    9c:6e:aa:52:b8:a8:90:2d:c9:8f:f9:0f:7e:b2:ad:
                    5e:7a:63:47:a2:87:f0:4a:15:64:b3:6b:87:a7:94:
                    4b:17:23:26:a9:97:5c:ea:a0:b5:b2:ce:90:a1:72:
                    86:5c:02:37:1a:40:57:d3:93:7a:c5:04:77:cf:01:
                    f1:16:e7:24:6e:e3:ed:ba:9e:0c:e4:a1:2d:69:53:
                    c9:3d:f0:ec:e8:5a:1b:8d:2a:45:2a:94:7a:b8:c9:
                    5f:a0:09:d8:26:e2:e2:51:d4:8b:e2:f4:cc:70:ef:
                    6a:75:7d:e2:b2:dc:d5:6c:e1:a5:32:49:b3:fc:73:
                    22:cf:6f:72:77:c1:de:bd:67:6f:58:dc:df:e4:bd:
                    68:ce:71:2f:da:a8:3d:a4:4c:6e:24:45:e7:e1:5c:
                    77:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:A2:25:9B:99:88:F1:E0:EC:06:87:A8:4C:72:38:F9:77:18:CB:4A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ba1858c-ee71-4d39-b138-5fa711f4d191.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:4e:16:74:d6:1e:ff:c2:93:17:f2:74:51:0a:b0:90:7b:b8:
         bf:8d:55:8b:30:c0:51:cc:1e:ce:ee:f8:4d:2b:95:32:c5:13:
         55:5b:ce:a1:04:ba:9d:16:76:30:2e:70:15:f2:73:96:77:f1:
         2c:b0:e3:18:4d:d4:c1:03:e6:7f:70:47:68:b3:18:0b:52:53:
         b7:32:33:b3:0e:65:f5:38:f3:72:37:40:ef:bb:1a:44:10:00:
         17:2c:26:fa:e8:06:9a:7f:c7:53:21:0a:b1:20:61:eb:03:21:
         bb:ad:69:60:28:2e:17:2e:53:af:09:a4:e5:f5:47:44:31:2f:
         ca:ec:4e:d0:c7:49:49:1a:3c:4b:a5:38:24:51:80:b6:28:48:
         3e:a2:b2:01:81:40:29:0c:ab:5e:6f:1c:14:c1:e8:48:cd:84:
         e8:25:4e:00:99:0b:d2:5f:bd:2c:be:04:37:b1:8f:15:b0:80:
         72:bd:7f:cf:28:44:19:ae:7a:d8:fa:5e:3d:2f:0a:91:55:73:
         ad:7f:29:f2:af:fe:ea:4f:6c:bb:ed:f6:89:47:e7:01:ef:e7:
         d3:1f:24:d8:88:71:25:69:d8:12:d7:3d:dc:bf:56:ad:0e:9a:
         e8:c9:e4:c9:79:b5:d3:47:ac:f6:15:af:63:c1:77:89:29:35:
         fc:aa:5c:c8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCfVKbm4yQ8PWdjTY+dqQjKGR3gQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI3MDAwMDAwWhcNMjMwODAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzODM2NmQyZGJhZjFjZGZlYjQyMzIwZDBkZDdjMmRlMmFh
NjRiNjQwNjVkZWYwOTk5ODQwODA5ZmEwOTVhNjlmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnbWMrL+BUF2lgSHsMMA0RX6KRwl25f7F2o/9RMQOlD22v
+Pzpq8tWhhutKBIP+2Vov5p75G3Kzp0JeFPiZy8HgsDnwu+2R4ctAnXNNKvEEFhz
9WVnsYB0lXUkfwwXXNKlwajUKJCDN5xuqlK4qJAtyY/5D36yrV56Y0eih/BKFWSz
a4enlEsXIyapl1zqoLWyzpChcoZcAjcaQFfTk3rFBHfPAfEW5yRu4+26ngzkoS1p
U8k98OzoWhuNKkUqlHq4yV+gCdgm4uJR1Ivi9Mxw72p1feKy3NVs4aUySbP8cyLP
b3J3wd69Z29Y3N/kvWjOcS/aqD2kTG4kRefhXHdZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWqIlm5mI8eDsBoeoTHI4+XcYy0owHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRiYTE4NThjLWVlNzEtNGQzOS1iMTM4LTVmYTcxMWY0ZDE5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAClOFnTWHv/CkxfydFEKsJB7uL+N
VYswwFHMHs7u+E0rlTLFE1VbzqEEup0WdjAucBXyc5Z38Syw4xhN1MED5n9wR2iz
GAtSU7cyM7MOZfU483I3QO+7GkQQABcsJvroBpp/x1MhCrEgYesDIbutaWAoLhcu
U68JpOX1R0QxL8rsTtDHSUkaPEulOCRRgLYoSD6isgGBQCkMq15vHBTB6EjNhOgl
TgCZC9JfvSy+BDexjxWwgHK9f88oRBmuetj6Xj0vCpFVc61/KfKv/upPbLvt9olH
5wHv59MfJNiIcSVp2BLXPdy/Vq0OmujJ5Ml5tdNHrPYVr2PBd4kpNfyqXMg=
-----END CERTIFICATE-----