Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82bf289b-a8fd-45a1-9188-5c5dcdca3b6d.roa
File:                     82bf289b-a8fd-45a1-9188-5c5dcdca3b6d.roa (raw, json)
Hash identifier:          TH+GYqPc6WeQGvEDiDLJqT/J0UlKlzttojUvw95dius=
Subject key identifier:   24:49:93:F2:61:F7:B4:C8:AA:85:33:0E:0F:2D:0A:8A:E8:28:C2:46
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5CCB55344A3C24C2B551A4039A7BA2D422FD586E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82bf289b-a8fd-45a1-9188-5c5dcdca3b6d.roa
Signing time:             Sun 03 Dec 2023 00:00:00 +0000
ROA not before:           Sun 03 Dec 2023 00:00:00 +0000
ROA not after:            Sun 07 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:cb:55:34:4a:3c:24:c2:b5:51:a4:03:9a:7b:a2:d4:22:fd:58:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  3 00:00:00 2023 GMT
            Not After : Jan  7 23:59:59 2024 GMT
        Subject: serialNumber=e03e284f06ffb90c5e9d5b2697b9d97ab5366665a932f9622e8620e28ed3af48, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5c:e8:89:2e:51:fc:e3:56:4f:52:f6:09:80:
                    37:43:ee:04:c5:27:c4:20:78:3b:65:62:24:92:a2:
                    6d:fe:e9:a5:2b:63:75:00:f4:ea:53:e1:e5:50:92:
                    d6:9d:7e:f1:a9:f8:07:f1:0d:7e:69:85:c7:ee:ff:
                    b4:77:5f:11:1d:c3:0e:7a:c2:78:08:03:f4:db:0a:
                    17:09:8f:4c:e6:a5:e2:04:bd:c5:b0:35:d0:49:21:
                    21:9a:70:05:78:e2:cd:e9:d2:e1:5c:ea:df:35:3b:
                    97:65:cb:1d:57:33:17:71:32:2c:c1:b7:70:40:6d:
                    27:15:0f:e2:64:cf:1e:01:72:68:f2:31:90:f4:35:
                    93:57:25:f4:d5:59:8d:2d:ac:25:87:da:09:c0:3c:
                    4b:78:13:b0:54:b2:98:1a:3d:79:d4:f8:5e:d9:6d:
                    4d:e2:1c:16:aa:ab:1b:d3:56:7d:4a:16:5a:0f:6d:
                    0f:0c:b0:05:ba:09:cb:53:5d:dc:c5:1a:ec:92:55:
                    21:97:0e:34:41:ea:0e:91:5d:2f:f4:f2:d2:1d:ab:
                    97:e1:05:73:1e:4b:1d:73:56:39:39:59:7b:e9:70:
                    96:5b:20:55:1e:9e:cc:18:68:4f:3f:7e:d1:57:b6:
                    1b:07:6b:9a:cc:d1:5e:b8:e9:86:61:12:8e:8f:26:
                    3b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:49:93:F2:61:F7:B4:C8:AA:85:33:0E:0F:2D:0A:8A:E8:28:C2:46
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82bf289b-a8fd-45a1-9188-5c5dcdca3b6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:2c:b7:64:ff:d7:53:ae:39:06:d4:b9:e3:d8:3b:dc:ad:5d:
         b5:f6:55:7d:be:f5:67:0e:af:84:cf:02:a8:97:ae:77:f5:f2:
         d9:16:30:30:55:ab:39:94:a2:85:3d:0d:7b:6b:3a:91:f0:6a:
         c7:10:47:d8:8c:6b:01:b9:5c:5d:aa:70:da:0b:6c:5f:4c:e6:
         18:fc:60:44:43:2f:90:8a:70:63:b3:3d:07:7d:70:d8:78:44:
         21:f5:21:5e:a7:55:48:4e:05:77:33:69:9f:b6:5d:0b:bf:84:
         1f:ae:37:9e:aa:94:cb:62:e0:56:cd:98:8d:6c:04:ea:e4:01:
         26:ef:79:e7:2c:ed:e1:9a:8d:d9:dd:ba:c9:db:9a:03:62:c0:
         df:dd:bf:ec:1e:51:fd:8f:96:00:fa:fe:11:1b:30:c7:10:d2:
         2a:24:9b:66:12:54:4f:30:9d:99:5a:40:fa:c6:94:0f:ad:8c:
         c6:2d:3d:43:33:a6:a6:21:80:5c:69:19:e9:82:66:12:5c:34:
         57:5b:7d:00:fe:58:7e:82:0f:47:b5:c3:cb:f6:c4:ab:e2:65:
         81:1e:3d:72:3d:3c:e7:9f:21:80:21:42:a7:29:52:bc:03:e3:
         ba:23:c5:b0:21:4e:a2:1b:22:02:d0:8f:88:d1:36:9e:f3:fe:
         a1:8a:e8:02
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXMtVNEo8JMK1UaQDmnui1CL9WG4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjAzMDAwMDAwWhcNMjQwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMDNlMjg0ZjA2ZmZiOTBjNWU5ZDViMjY5N2I5ZDk3YWI1
MzY2NjY1YTkzMmY5NjIyZTg2MjBlMjhlZDNhZjQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTXOiJLlH841ZPUvYJgDdD7gTFJ8QgeDtlYiSSom3+6aUr
Y3UA9OpT4eVQktadfvGp+AfxDX5phcfu/7R3XxEdww56wngIA/TbChcJj0zmpeIE
vcWwNdBJISGacAV44s3p0uFc6t81O5dlyx1XMxdxMizBt3BAbScVD+Jkzx4Bcmjy
MZD0NZNXJfTVWY0trCWH2gnAPEt4E7BUspgaPXnU+F7ZbU3iHBaqqxvTVn1KFloP
bQ8MsAW6CctTXdzFGuySVSGXDjRB6g6RXS/08tIdq5fhBXMeSx1zVjk5WXvpcJZb
IFUenswYaE8/ftFXthsHa5rM0V646YZhEo6PJjvbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJEmT8mH3tMiqhTMODy0KiugowkYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyYmYyODliLWE4ZmQtNDVhMS05MTg4LTVjNWRjZGNhM2I2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFYst2T/11OuOQbUuePYO9ytXbX2
VX2+9WcOr4TPAqiXrnf18tkWMDBVqzmUooU9DXtrOpHwascQR9iMawG5XF2qcNoL
bF9M5hj8YERDL5CKcGOzPQd9cNh4RCH1IV6nVUhOBXczaZ+2XQu/hB+uN56qlMti
4FbNmI1sBOrkASbveecs7eGajdndusnbmgNiwN/dv+weUf2PlgD6/hEbMMcQ0iok
m2YSVE8wnZlaQPrGlA+tjMYtPUMzpqYhgFxpGemCZhJcNFdbfQD+WH6CD0e1w8v2
xKviZYEePXI9POefIYAhQqcpUrwD47ojxbAhTqIbIgLQj4jRNp7z/qGK6AI=
-----END CERTIFICATE-----