Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/52f98f0b-c0d8-4116-9255-78a51d513b3f.roa
File:                     52f98f0b-c0d8-4116-9255-78a51d513b3f.roa (raw, json)
Hash identifier:          raSXcxlOpkDhnp58Bo+Df9+wJ9T5iwRq6gpm59R0RlI=
Subject key identifier:   74:98:08:36:7F:FD:FD:3B:E1:55:5C:5C:48:29:D1:1C:E2:38:A8:D1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4ADE0715F30DEED3DBBB22B37F2EF06A18E456C5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/52f98f0b-c0d8-4116-9255-78a51d513b3f.roa
Signing time:             Fri 27 Oct 2023 00:00:00 +0000
ROA not before:           Fri 27 Oct 2023 00:00:00 +0000
ROA not after:            Fri 01 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:de:07:15:f3:0d:ee:d3:db:bb:22:b3:7f:2e:f0:6a:18:e4:56:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 27 00:00:00 2023 GMT
            Not After : Dec  1 23:59:59 2023 GMT
        Subject: serialNumber=e465976962e5176d8efba923a1e3a037d95cb19f3636f4b9c13cd9abc0e850ed, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ab:c0:36:2d:73:13:92:9d:02:4e:f6:d5:75:
                    b5:9e:57:b4:7e:2e:bc:23:19:47:76:17:de:d0:2a:
                    c5:f5:f3:b7:75:a5:82:fa:5d:54:57:b9:24:77:9a:
                    b9:1f:f7:80:85:a4:d1:69:68:5a:30:aa:73:8e:03:
                    fb:04:fe:22:a0:fa:8b:cc:21:25:d5:56:8f:23:ec:
                    06:ed:84:ab:b9:a8:1d:91:75:4e:99:40:9f:f8:f8:
                    df:52:ab:56:c4:13:c9:68:9d:43:e7:3b:83:e3:bb:
                    fd:c4:4f:e4:49:79:c1:c2:41:f0:e3:e5:c2:45:38:
                    ab:44:a5:58:d4:4e:a5:00:e9:83:d2:0f:2c:6c:b9:
                    03:bc:2e:b7:78:69:3f:00:e1:da:ae:9d:34:9c:f9:
                    e9:54:80:f9:df:d7:93:17:de:44:36:91:e9:fb:e8:
                    8c:da:bd:18:e8:ba:e4:fe:1f:67:8c:5f:79:ab:24:
                    72:cb:0f:f8:73:d5:13:f0:79:12:26:6a:c8:fc:c3:
                    89:ed:a9:6b:41:ce:e2:06:ed:d8:0e:b2:97:09:03:
                    7b:47:58:44:44:45:4e:e5:d2:c3:65:ac:30:bc:d8:
                    42:1b:ca:fe:a3:67:0d:34:82:16:ad:9a:68:62:7a:
                    fb:ad:ca:27:34:4a:c8:d5:b7:2b:29:a7:d2:1d:56:
                    87:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:98:08:36:7F:FD:FD:3B:E1:55:5C:5C:48:29:D1:1C:E2:38:A8:D1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/52f98f0b-c0d8-4116-9255-78a51d513b3f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:15:50:a8:9c:b1:6e:0f:ba:ca:91:42:84:8b:00:91:7a:25:
         e8:eb:73:9d:62:ca:9f:2c:fb:c2:bf:d8:01:0b:fc:ee:de:79:
         a3:6c:c0:f8:12:e8:b3:c6:30:c6:4e:6c:14:b2:e1:4b:0e:dc:
         73:5e:8c:f6:b3:76:26:b4:2a:84:b0:a6:72:9c:b2:90:1b:81:
         dd:87:ea:30:5a:4b:dc:f4:01:28:7a:5e:15:f5:f3:22:d9:e7:
         23:1a:21:1c:32:04:45:4f:7f:2c:97:af:8d:d8:14:d5:3f:45:
         1e:63:cf:6a:48:db:70:4a:e6:a4:38:4e:69:31:eb:0e:d9:9d:
         7a:10:1b:f9:37:75:84:45:a4:f5:01:14:0a:90:f4:b7:26:18:
         5d:7d:67:0a:a6:2d:17:c5:54:09:0a:aa:b9:71:41:38:76:29:
         95:d7:94:91:49:ce:0d:83:55:95:6b:94:ca:e8:8a:97:57:d5:
         9f:ad:ce:6b:a1:1a:b2:b9:18:8b:21:ca:49:ce:90:60:33:cd:
         16:a8:ed:74:4f:e0:75:81:c0:dc:39:9e:08:8a:3a:b8:b8:37:
         c6:bd:01:b1:d4:f0:8b:a8:a8:e8:dd:bf:9a:41:8c:e8:84:63:
         bf:55:5a:07:7f:15:27:a3:92:a4:11:0d:fd:77:62:09:7a:a2:
         21:3e:da:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSt4HFfMN7tPbuyKzfy7wahjkVsUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI3MDAwMDAwWhcNMjMxMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNDY1OTc2OTYyZTUxNzZkOGVmYmE5MjNhMWUzYTAzN2Q5
NWNiMTlmMzYzNmY0YjljMTNjZDlhYmMwZTg1MGVkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaq8A2LXMTkp0CTvbVdbWeV7R+LrwjGUd2F97QKsX187d1
pYL6XVRXuSR3mrkf94CFpNFpaFowqnOOA/sE/iKg+ovMISXVVo8j7AbthKu5qB2R
dU6ZQJ/4+N9Sq1bEE8lonUPnO4Pju/3ET+RJecHCQfDj5cJFOKtEpVjUTqUA6YPS
DyxsuQO8Lrd4aT8A4dqunTSc+elUgPnf15MX3kQ2ken76IzavRjouuT+H2eMX3mr
JHLLD/hz1RPweRImasj8w4ntqWtBzuIG7dgOspcJA3tHWERERU7l0sNlrDC82EIb
yv6jZw00ghatmmhievutyic0SsjVtyspp9IdVoffAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdJgINn/9/TvhVVxcSCnRHOI4qNEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUyZjk4ZjBiLWMwZDgtNDExNi05MjU1LTc4YTUxZDUxM2IzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIYVUKicsW4PusqRQoSLAJF6Jejr
c51iyp8s+8K/2AEL/O7eeaNswPgS6LPGMMZObBSy4UsO3HNejPazdia0KoSwpnKc
spAbgd2H6jBaS9z0ASh6XhX18yLZ5yMaIRwyBEVPfyyXr43YFNU/RR5jz2pI23BK
5qQ4Tmkx6w7ZnXoQG/k3dYRFpPUBFAqQ9LcmGF19ZwqmLRfFVAkKqrlxQTh2KZXX
lJFJzg2DVZVrlMroipdX1Z+tzmuhGrK5GIshyknOkGAzzRao7XRP4HWBwNw5ngiK
Ori4N8a9AbHU8IuoqOjdv5pBjOiEY79VWgd/FSejkqQRDf13Ygl6oiE+2ik=
-----END CERTIFICATE-----