Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6a262d5b-b41e-4a5f-925d-d5fb70742588.roa
File:                     6a262d5b-b41e-4a5f-925d-d5fb70742588.roa (raw, json)
Hash identifier:          nfiZfgNt8u9fZrvzUDxjKpc65/izvu5C+tCE9dC+iak=
Subject key identifier:   A3:D2:52:B0:0D:3E:21:7F:74:2B:64:AD:71:5F:05:BF:E3:53:B5:B3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       74B6F64A25DC8FD7458278DB8337625D675D2054
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6a262d5b-b41e-4a5f-925d-d5fb70742588.roa
Signing time:             Sat 18 Nov 2023 00:00:00 +0000
ROA not before:           Sat 18 Nov 2023 00:00:00 +0000
ROA not after:            Sat 23 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:b6:f6:4a:25:dc:8f:d7:45:82:78:db:83:37:62:5d:67:5d:20:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 18 00:00:00 2023 GMT
            Not After : Dec 23 23:59:59 2023 GMT
        Subject: serialNumber=e6501e7e51e0056c31bb9ecaa7cd482c4470a89dc177611f7c72ac10f8c21a2d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:08:b3:48:82:cf:0b:43:a2:c3:8c:c9:10:0d:
                    88:c9:b7:ec:de:53:1a:03:ad:37:9a:b3:1a:65:2f:
                    df:c5:c6:8f:e5:70:40:02:6c:dd:c7:48:7d:16:cc:
                    09:9c:4c:3e:4b:17:48:60:43:25:63:de:40:b1:81:
                    d1:68:41:57:69:cf:ba:f8:19:ad:f4:df:9e:24:e0:
                    0b:80:14:3f:67:ab:25:a3:64:50:e2:2f:23:a7:b4:
                    89:76:9e:9f:ad:3f:ab:51:83:05:9e:d9:e6:4c:db:
                    93:94:a7:d3:12:31:5f:f2:c8:a8:8b:62:30:e4:cf:
                    35:3e:a1:81:79:00:a2:f5:cc:ab:86:5a:d4:9c:e7:
                    a5:a5:cf:fa:2d:3f:a1:84:96:fb:90:b9:40:53:05:
                    5c:dc:26:55:09:ee:78:7e:ee:42:1e:25:5c:93:3e:
                    7b:82:19:79:14:4a:57:0e:f7:af:9f:ea:97:d9:3c:
                    0b:dc:cf:73:f2:bd:a8:5c:ba:f8:7a:0f:44:3a:7e:
                    c4:7b:5e:e1:d4:61:d5:5c:7e:56:54:08:ff:6e:80:
                    19:43:44:6a:bf:37:20:58:e1:ce:8a:2f:aa:d2:0f:
                    47:d8:71:69:59:08:92:c3:77:c6:66:a2:31:14:08:
                    0a:50:7d:3f:2c:b1:e6:40:52:ce:de:bd:67:af:21:
                    a8:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D2:52:B0:0D:3E:21:7F:74:2B:64:AD:71:5F:05:BF:E3:53:B5:B3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6a262d5b-b41e-4a5f-925d-d5fb70742588.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:dd:37:22:bd:2e:7b:77:08:b4:e8:79:a6:a6:c8:c7:05:29:
         8f:4b:ca:a0:0a:9c:43:b2:9e:c2:17:3a:01:59:65:02:39:8c:
         b8:8e:5d:30:62:48:a7:3b:a3:f6:fc:7b:24:1a:a5:5d:64:94:
         a3:e7:20:39:4c:24:05:f6:9f:37:3c:47:c2:e8:41:e5:b1:84:
         33:82:ef:a4:b4:ac:33:7a:75:31:9e:bf:55:80:dc:53:f9:3d:
         08:20:d5:62:a0:80:75:41:07:dc:3f:e2:eb:54:53:f9:56:e2:
         22:79:8a:d7:88:37:07:50:36:d7:71:09:57:9e:af:e1:14:a7:
         b3:b0:9e:45:b2:91:02:dc:5e:7c:64:07:5f:33:b1:5a:47:62:
         a2:f5:48:94:3f:42:b7:2e:20:87:7a:31:da:3b:a7:57:ff:c6:
         6c:53:aa:3b:38:55:2f:75:75:98:06:64:62:4d:0f:49:6a:da:
         dd:94:80:21:69:23:76:db:43:16:04:9f:16:4d:5e:98:4d:1a:
         20:ab:44:fc:d2:95:c8:a4:69:59:63:94:4a:71:d5:71:7e:08:
         38:41:fa:f8:55:77:a5:a5:dc:d0:a0:a5:82:d4:ec:48:7c:76:
         15:e2:1d:fc:b0:a1:82:03:55:d2:65:9b:d1:9d:dd:26:09:83:
         87:2d:8c:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdLb2SiXcj9dFgnjbgzdiXWddIFQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE4MDAwMDAwWhcNMjMxMjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNjUwMWU3ZTUxZTAwNTZjMzFiYjllY2FhN2NkNDgyYzQ0
NzBhODlkYzE3NzYxMWY3YzcyYWMxMGY4YzIxYTJkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzCLNIgs8LQ6LDjMkQDYjJt+zeUxoDrTeasxplL9/Fxo/l
cEACbN3HSH0WzAmcTD5LF0hgQyVj3kCxgdFoQVdpz7r4Ga30354k4AuAFD9nqyWj
ZFDiLyOntIl2np+tP6tRgwWe2eZM25OUp9MSMV/yyKiLYjDkzzU+oYF5AKL1zKuG
WtSc56Wlz/otP6GElvuQuUBTBVzcJlUJ7nh+7kIeJVyTPnuCGXkUSlcO96+f6pfZ
PAvcz3Pyvahcuvh6D0Q6fsR7XuHUYdVcflZUCP9ugBlDRGq/NyBY4c6KL6rSD0fY
cWlZCJLDd8ZmojEUCApQfT8sseZAUs7evWevIahvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUo9JSsA0+IX90K2StcV8Fv+NTtbMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzZhMjYyZDViLWI0MWUtNGE1Zi05MjVkLWQ1ZmI3MDc0MjU4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGndNyK9Lnt3CLToeaamyMcFKY9L
yqAKnEOynsIXOgFZZQI5jLiOXTBiSKc7o/b8eyQapV1klKPnIDlMJAX2nzc8R8Lo
QeWxhDOC76S0rDN6dTGev1WA3FP5PQgg1WKggHVBB9w/4utUU/lW4iJ5iteINwdQ
NtdxCVeer+EUp7OwnkWykQLcXnxkB18zsVpHYqL1SJQ/QrcuIId6Mdo7p1f/xmxT
qjs4VS91dZgGZGJND0lq2t2UgCFpI3bbQxYEnxZNXphNGiCrRPzSlcikaVljlEpx
1XF+CDhB+vhVd6Wl3NCgpYLU7Eh8dhXiHfywoYIDVdJlm9Gd3SYJg4ctjJA=
-----END CERTIFICATE-----