Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d7aba96-0c72-4ac4-94ca-10618d810d88.roa
File:                     7d7aba96-0c72-4ac4-94ca-10618d810d88.roa (raw, json)
Hash identifier:          0e5TMS/EzZVnRx+QgR/bGRa6SRDcbX08Yn2SermDdA8=
Subject key identifier:   15:8C:53:34:D1:ED:F3:3C:A7:AD:35:0C:08:CD:E0:5B:93:25:C2:AF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6C1C2C93D4B70AE8F03E7DBEE41FBDFCA271DD2B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d7aba96-0c72-4ac4-94ca-10618d810d88.roa
Signing time:             Mon 30 Oct 2023 00:00:00 +0000
ROA not before:           Mon 30 Oct 2023 00:00:00 +0000
ROA not after:            Mon 04 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:1c:2c:93:d4:b7:0a:e8:f0:3e:7d:be:e4:1f:bd:fc:a2:71:dd:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 30 00:00:00 2023 GMT
            Not After : Dec  4 23:59:59 2023 GMT
        Subject: serialNumber=1c5bfc7eadbbcfabf71043225d98e47bdbd993cc1249ff4fa1c090a794b8e67c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:af:02:c6:ee:05:f3:aa:e8:f9:80:8e:f8:e4:
                    8d:b0:ed:2a:19:e0:1c:a6:c4:4e:91:a7:9e:e0:0c:
                    29:49:bc:47:f0:66:47:05:9d:2e:ee:fa:ce:c2:0a:
                    9d:40:a7:8f:b0:1f:ce:53:ce:f4:0d:8e:12:2c:89:
                    52:51:ec:94:d8:c6:76:c2:eb:e1:06:90:d7:9c:5c:
                    c1:30:8c:47:04:32:7e:18:a2:f4:a0:db:a3:cb:86:
                    96:40:1c:0e:b8:9b:7d:94:4a:ba:62:f4:75:fe:01:
                    05:10:82:86:58:6c:9d:8e:64:61:85:3e:d7:c3:62:
                    1c:55:12:6d:fa:36:81:f3:cd:22:3d:2d:7c:e4:3d:
                    e9:8c:47:1c:42:4e:da:d5:e2:e7:a9:d5:7e:4f:8f:
                    bc:42:f6:13:72:7a:0f:67:8c:cb:ef:93:6e:b8:e8:
                    5c:67:74:71:bb:97:ac:5d:30:af:f6:a0:90:78:68:
                    ff:49:08:9f:f3:e5:14:ea:93:5f:12:63:69:66:1d:
                    36:86:cb:4c:39:a5:f5:79:c1:d5:5e:f1:dc:29:f2:
                    a5:16:a5:8d:b0:58:b0:1f:ab:a8:c4:d4:81:e0:7e:
                    94:e4:1c:03:f7:3f:08:42:b8:a8:0c:ad:6b:22:7e:
                    10:3d:3a:d1:0b:41:b9:55:9c:f8:0b:75:6b:53:1a:
                    d2:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:8C:53:34:D1:ED:F3:3C:A7:AD:35:0C:08:CD:E0:5B:93:25:C2:AF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d7aba96-0c72-4ac4-94ca-10618d810d88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:b5:99:cf:6e:5f:23:42:6d:79:db:79:41:2d:6f:2c:7e:a3:
         fa:dc:6e:4f:4d:69:a4:6b:58:a8:41:f2:70:85:1f:5b:24:12:
         c2:a4:60:6a:f3:30:cd:0a:e9:f1:01:9b:85:a4:5c:5c:8a:77:
         9c:d2:f9:29:fd:e2:e1:19:6e:b6:22:02:43:74:e5:e5:dc:97:
         54:0e:c7:1b:fc:e1:d4:b6:5e:26:99:53:fa:c1:13:37:8e:91:
         af:cd:15:51:aa:54:97:78:e6:d9:f8:0e:00:5c:75:e8:28:90:
         ed:29:b1:1d:6d:56:50:d3:28:9a:c7:6f:46:a5:c5:a4:20:0c:
         37:bc:5b:8b:66:2d:22:d7:b7:4d:aa:c9:d0:78:5c:ce:de:75:
         30:f0:dc:de:90:bb:b4:d4:07:27:51:91:88:c5:67:68:b5:85:
         a0:a9:04:55:e7:1f:c3:70:07:dd:5e:f0:a3:46:e8:94:11:56:
         70:fc:92:e6:af:a3:8d:49:d5:3c:e1:65:73:51:db:3c:95:3f:
         52:dc:91:13:b0:7e:7f:7b:18:40:79:47:84:bf:19:2f:88:ae:
         a3:cf:f1:f9:1b:60:2e:43:47:9f:94:58:45:42:b5:07:d9:a1:
         b0:8c:38:e5:21:37:b9:e9:ae:1f:42:bb:66:c5:f8:81:fe:e8:
         c4:2e:8e:b7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbBwsk9S3CujwPn2+5B+9/KJx3SswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDMwMDAwMDAwWhcNMjMxMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYzViZmM3ZWFkYmJjZmFiZjcxMDQzMjI1ZDk4ZTQ3YmRi
ZDk5M2NjMTI0OWZmNGZhMWMwOTBhNzk0YjhlNjdjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLrwLG7gXzquj5gI745I2w7SoZ4BymxE6Rp57gDClJvEfw
ZkcFnS7u+s7CCp1Ap4+wH85TzvQNjhIsiVJR7JTYxnbC6+EGkNecXMEwjEcEMn4Y
ovSg26PLhpZAHA64m32USrpi9HX+AQUQgoZYbJ2OZGGFPtfDYhxVEm36NoHzzSI9
LXzkPemMRxxCTtrV4uep1X5Pj7xC9hNyeg9njMvvk2646FxndHG7l6xdMK/2oJB4
aP9JCJ/z5RTqk18SY2lmHTaGy0w5pfV5wdVe8dwp8qUWpY2wWLAfq6jE1IHgfpTk
HAP3PwhCuKgMrWsifhA9OtELQblVnPgLdWtTGtK9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFYxTNNHt8zynrTUMCM3gW5Mlwq8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdkN2FiYTk2LTBjNzItNGFjNC05NGNhLTEwNjE4ZDgxMGQ4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADu1mc9uXyNCbXnbeUEtbyx+o/rc
bk9NaaRrWKhB8nCFH1skEsKkYGrzMM0K6fEBm4WkXFyKd5zS+Sn94uEZbrYiAkN0
5eXcl1QOxxv84dS2XiaZU/rBEzeOka/NFVGqVJd45tn4DgBcdegokO0psR1tVlDT
KJrHb0alxaQgDDe8W4tmLSLXt02qydB4XM7edTDw3N6Qu7TUBydRkYjFZ2i1haCp
BFXnH8NwB91e8KNG6JQRVnD8kuavo41J1TzhZXNR2zyVP1LckROwfn97GEB5R4S/
GS+IrqPP8fkbYC5DR5+UWEVCtQfZobCMOOUhN7nprh9Cu2bF+IH+6MQujrc=
-----END CERTIFICATE-----