Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5fff404a-2703-4c8e-9be7-daab09994a56.roa
File:                     5fff404a-2703-4c8e-9be7-daab09994a56.roa (raw, json)
Hash identifier:          N6U/0UINFH2A8tIlMJItYexbHszaN9CygpAa6Ga7Veo=
Subject key identifier:   15:A2:32:7A:3A:B7:47:51:C2:65:73:C1:D5:4B:32:D1:60:CC:DC:D9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       16032E7DD77D27C177A0FCA1B8477830E10A6EE7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5fff404a-2703-4c8e-9be7-daab09994a56.roa
Signing time:             Sat 09 Dec 2023 00:00:00 +0000
ROA not before:           Sat 09 Dec 2023 00:00:00 +0000
ROA not after:            Sat 13 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:03:2e:7d:d7:7d:27:c1:77:a0:fc:a1:b8:47:78:30:e1:0a:6e:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  9 00:00:00 2023 GMT
            Not After : Jan 13 23:59:59 2024 GMT
        Subject: serialNumber=51c1b45d5a90b2ef891a3737156c88b5c453b4545c4a5a4c19113f8677d6f224, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f3:98:25:af:d2:11:e7:26:cb:b6:cb:b1:9b:
                    ed:3e:45:08:f1:35:26:56:9d:e8:aa:92:35:87:5c:
                    18:95:d0:54:80:d1:fa:b0:68:88:0e:d3:e1:45:ed:
                    8f:8f:d4:b7:f9:65:20:89:91:aa:3e:1f:ca:71:c5:
                    d1:b9:87:b8:e0:fb:29:8e:6e:23:d0:9d:6a:84:50:
                    fb:38:07:f1:51:43:e1:f0:d4:bb:d9:dc:ba:3d:e2:
                    18:63:e9:31:47:5d:d3:65:86:2c:fc:88:7d:80:e9:
                    26:a0:a4:d2:13:5e:17:a6:2c:7f:e5:27:1d:01:df:
                    05:ff:0f:b2:e5:f8:c2:4a:74:16:f0:4b:be:14:0d:
                    db:6c:bf:cb:8e:10:e0:29:e2:36:0f:3b:b7:96:cc:
                    4e:da:f1:bf:97:02:ac:db:b9:98:39:af:c7:7d:a5:
                    87:a6:39:68:a7:71:fa:c9:91:b2:92:c5:26:47:d7:
                    76:5e:56:f3:5c:57:a5:3b:e2:f9:a6:d6:ff:99:98:
                    ab:64:b3:d0:01:9d:96:dc:a4:38:e5:9b:17:b7:14:
                    ca:af:7e:44:98:d4:5e:1d:a1:a2:79:47:7f:b1:72:
                    a9:01:98:a4:43:b9:a3:08:d7:3b:f6:ea:b0:56:ba:
                    65:57:94:c2:70:53:c8:a0:00:47:bd:d4:95:ac:01:
                    99:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A2:32:7A:3A:B7:47:51:C2:65:73:C1:D5:4B:32:D1:60:CC:DC:D9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5fff404a-2703-4c8e-9be7-daab09994a56.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:eb:95:0e:b7:af:7f:e6:72:68:cb:ae:cb:7b:e6:ce:4d:f0:
         82:fe:d9:de:82:9a:f5:56:87:ae:84:f2:86:91:65:18:61:07:
         05:cf:2e:62:c3:c1:1e:bd:04:d3:c9:06:56:41:a8:06:67:95:
         a8:79:bc:e8:67:2b:6c:57:71:d7:ae:00:94:8c:2a:6d:eb:66:
         5c:5e:a6:8a:0d:1b:f6:5d:d6:45:80:5f:95:ea:3a:7b:ef:fc:
         30:dc:79:d5:d3:a5:db:ca:e1:84:e1:9b:fd:ae:f1:0b:7e:6e:
         57:42:32:3b:5a:5e:27:52:ef:7a:df:69:98:e1:1b:43:29:13:
         ad:8b:ce:3f:77:5c:a1:e4:44:ff:da:dc:78:e1:51:53:73:73:
         39:f2:6e:05:fa:c4:6e:a6:65:14:8a:4c:b6:58:ed:25:0e:78:
         13:3d:8d:47:11:29:c4:2d:a7:95:24:6a:23:b6:4c:cf:62:3c:
         6b:f8:bf:88:29:b6:dd:fb:15:00:4f:88:eb:8e:1a:4d:cf:09:
         46:49:62:18:39:7e:bc:fb:80:a8:87:c3:f4:d5:cd:e9:2c:20:
         d6:b7:48:3f:eb:aa:72:ca:d3:11:79:50:60:30:3f:25:c3:c0:
         2d:5f:eb:d8:a5:47:6f:4d:75:e1:a6:65:d5:00:7a:d9:88:04:
         66:a3:08:8b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFgMufdd9J8F3oPyhuEd4MOEKbucwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjA5MDAwMDAwWhcNMjQwMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MWMxYjQ1ZDVhOTBiMmVmODkxYTM3MzcxNTZjODhiNWM0
NTNiNDU0NWM0YTVhNGMxOTExM2Y4Njc3ZDZmMjI0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs85glr9IR5ybLtsuxm+0+RQjxNSZWneiqkjWHXBiV0FSA
0fqwaIgO0+FF7Y+P1Lf5ZSCJkao+H8pxxdG5h7jg+ymObiPQnWqEUPs4B/FRQ+Hw
1LvZ3Lo94hhj6TFHXdNlhiz8iH2A6SagpNITXhemLH/lJx0B3wX/D7Ll+MJKdBbw
S74UDdtsv8uOEOAp4jYPO7eWzE7a8b+XAqzbuZg5r8d9pYemOWincfrJkbKSxSZH
13ZeVvNcV6U74vmm1v+ZmKtks9ABnZbcpDjlmxe3FMqvfkSY1F4doaJ5R3+xcqkB
mKRDuaMI1zv26rBWumVXlMJwU8igAEe91JWsAZnfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFaIyejq3R1HCZXPB1Usy0WDM3NkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVmZmY0MDRhLTI3MDMtNGM4ZS05YmU3LWRhYWIwOTk5NGE1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFvrlQ63r3/mcmjLrst75s5N8IL+
2d6CmvVWh66E8oaRZRhhBwXPLmLDwR69BNPJBlZBqAZnlah5vOhnK2xXcdeuAJSM
Km3rZlxepooNG/Zd1kWAX5XqOnvv/DDcedXTpdvK4YThm/2u8Qt+bldCMjtaXidS
73rfaZjhG0MpE62Lzj93XKHkRP/a3HjhUVNzcznybgX6xG6mZRSKTLZY7SUOeBM9
jUcRKcQtp5UkaiO2TM9iPGv4v4gptt37FQBPiOuOGk3PCUZJYhg5frz7gKiHw/TV
zeksINa3SD/rqnLK0xF5UGAwPyXDwC1f69ilR29NdeGmZdUAetmIBGajCIs=
-----END CERTIFICATE-----