Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7e3264c2-dcce-4964-bc31-497fe5a7e0f7.roa
File:                     7e3264c2-dcce-4964-bc31-497fe5a7e0f7.roa (raw, json)
Hash identifier:          h3KMwJ6GD5pOlu6IIZpDovg6Og6ddZIWwDejD8NrfBA=
Subject key identifier:   9A:67:B8:14:8A:91:0A:F1:06:66:5C:8F:70:B1:AD:EB:34:64:44:C1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       54294510D8B2A0D92B1589333959F62A655BD553
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7e3264c2-dcce-4964-bc31-497fe5a7e0f7.roa
Signing time:             Sat 25 Nov 2023 00:00:00 +0000
ROA not before:           Sat 25 Nov 2023 00:00:00 +0000
ROA not after:            Sat 30 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:29:45:10:d8:b2:a0:d9:2b:15:89:33:39:59:f6:2a:65:5b:d5:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 25 00:00:00 2023 GMT
            Not After : Dec 30 23:59:59 2023 GMT
        Subject: serialNumber=8da5054f4f7c0da9f37ff5110080767d59cb8cb15b9aa11666fef0ba55af52da, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c7:c8:f2:cd:46:4d:84:0e:47:51:ab:a3:0f:
                    9e:21:b3:72:0c:2a:75:5e:a6:d9:a4:26:05:c1:ff:
                    e9:2e:bf:1b:82:05:71:f3:e6:c0:61:38:1f:ac:ae:
                    ab:e9:a6:36:e8:1f:ad:eb:64:eb:38:c5:e6:e0:1d:
                    bc:31:3d:45:88:97:3b:78:7f:67:28:c0:5e:36:e3:
                    9e:16:61:46:b4:a4:bc:cb:a6:07:5e:d0:74:9e:dc:
                    66:74:ad:19:4a:6a:c0:64:79:35:25:b9:9f:47:bc:
                    53:66:84:a5:56:d8:22:f3:ef:ff:9d:4d:70:aa:b0:
                    f0:2f:1b:d7:a5:32:6e:25:88:e9:67:b2:24:73:03:
                    61:f9:e9:ed:e3:90:d7:40:fd:1a:ea:2a:c9:a3:79:
                    71:37:de:b3:3d:15:30:f2:ad:fc:ae:63:2e:22:36:
                    be:54:84:06:c8:6c:ad:a4:94:9a:29:0d:0c:a5:35:
                    de:e9:cd:6c:f3:67:26:34:4f:1e:a6:b6:fb:fb:a0:
                    e3:81:d4:6d:92:c7:21:59:48:47:8f:a7:b1:9b:c9:
                    b6:2a:a4:68:cd:42:90:f8:9d:de:d6:9c:8c:0b:71:
                    cc:b3:63:4a:f4:42:be:b9:f9:3c:8e:31:bb:95:49:
                    be:c7:21:7a:c0:df:61:70:72:97:ea:36:2d:1d:ef:
                    90:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:67:B8:14:8A:91:0A:F1:06:66:5C:8F:70:B1:AD:EB:34:64:44:C1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7e3264c2-dcce-4964-bc31-497fe5a7e0f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:5c:b9:c1:11:2c:ae:d7:33:d4:1b:79:de:28:ea:72:b6:d9:
         5b:3a:7b:e8:d5:c5:3e:7c:54:6f:d1:5a:49:86:1f:35:ab:aa:
         87:69:0a:e0:bd:04:16:3a:80:33:ef:36:66:67:e6:54:50:7a:
         6e:bc:7a:d0:70:6b:1c:b9:66:b1:1b:59:1d:bf:d3:e8:2f:21:
         e5:c5:db:5a:85:66:0b:18:1c:3a:35:6b:44:73:30:17:9a:ee:
         4a:15:f6:54:5a:ac:b2:fa:3f:29:fe:23:f1:36:d8:6c:11:d8:
         43:b0:96:b6:e2:92:94:7c:d9:b2:1d:24:fc:5a:aa:b0:8f:40:
         a4:11:1f:fe:ee:bd:a6:6b:5e:d7:1d:99:55:7e:90:85:29:03:
         77:bc:bd:e5:e0:78:09:0a:e2:04:6f:be:09:ae:ac:66:41:f5:
         c9:35:7d:2a:25:a0:75:e9:f5:4c:ca:9a:77:56:87:e7:4d:27:
         49:0d:43:59:1e:01:e7:04:ac:f5:e7:78:c1:05:2f:1a:b2:38:
         77:a0:ca:9a:f5:36:5c:2f:22:4f:54:89:79:3a:a8:8b:19:9c:
         ee:ed:cd:64:2a:13:73:3f:e4:22:ff:a4:9a:67:a4:8b:20:50:
         9d:04:39:ec:f1:09:24:e3:4c:9b:1e:2c:68:ef:c7:a7:3e:cc:
         ae:a0:8e:f9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVClFENiyoNkrFYkzOVn2KmVb1VMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTI1MDAwMDAwWhcNMjMxMjMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZGE1MDU0ZjRmN2MwZGE5ZjM3ZmY1MTEwMDgwNzY3ZDU5
Y2I4Y2IxNWI5YWExMTY2NmZlZjBiYTU1YWY1MmRhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4x8jyzUZNhA5HUaujD54hs3IMKnVeptmkJgXB/+kuvxuC
BXHz5sBhOB+srqvppjboH63rZOs4xebgHbwxPUWIlzt4f2cowF42454WYUa0pLzL
pgde0HSe3GZ0rRlKasBkeTUluZ9HvFNmhKVW2CLz7/+dTXCqsPAvG9elMm4liOln
siRzA2H56e3jkNdA/RrqKsmjeXE33rM9FTDyrfyuYy4iNr5UhAbIbK2klJopDQyl
Nd7pzWzzZyY0Tx6mtvv7oOOB1G2SxyFZSEePp7GbybYqpGjNQpD4nd7WnIwLccyz
Y0r0Qr65+TyOMbuVSb7HIXrA32FwcpfqNi0d75AJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmme4FIqRCvEGZlyPcLGt6zRkRMEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdlMzI2NGMyLWRjY2UtNDk2NC1iYzMxLTQ5N2ZlNWE3ZTBmNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIVcucERLK7XM9Qbed4o6nK22Vs6
e+jVxT58VG/RWkmGHzWrqodpCuC9BBY6gDPvNmZn5lRQem68etBwaxy5ZrEbWR2/
0+gvIeXF21qFZgsYHDo1a0RzMBea7koV9lRarLL6Pyn+I/E22GwR2EOwlrbikpR8
2bIdJPxaqrCPQKQRH/7uvaZrXtcdmVV+kIUpA3e8veXgeAkK4gRvvgmurGZB9ck1
fSoloHXp9UzKmndWh+dNJ0kNQ1keAecErPXneMEFLxqyOHegypr1NlwvIk9UiXk6
qIsZnO7tzWQqE3M/5CL/pJpnpIsgUJ0EOezxCSTjTJseLGjvx6c+zK6gjvk=
-----END CERTIFICATE-----