Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9e82fc50-94be-46c3-a806-b81a365de446.roa
File:                     9e82fc50-94be-46c3-a806-b81a365de446.roa (raw, json)
Hash identifier:          2AwcxOsGaacr7FzvpLWn3D/qEZbMLs1888TNQ68f9mU=
Subject key identifier:   FB:B4:57:FC:25:2F:DD:8E:9A:C0:3E:90:A7:78:BF:A4:0F:8D:30:D0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5D1E123C1E8C8E4D93653D1A1DD8163DAB56FD68
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9e82fc50-94be-46c3-a806-b81a365de446.roa
Signing time:             Tue 08 Aug 2023 00:00:00 +0000
ROA not before:           Tue 08 Aug 2023 00:00:00 +0000
ROA not after:            Tue 12 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:1e:12:3c:1e:8c:8e:4d:93:65:3d:1a:1d:d8:16:3d:ab:56:fd:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  8 00:00:00 2023 GMT
            Not After : Sep 12 23:59:59 2023 GMT
        Subject: serialNumber=e967f5b4bfc6d7995bf9d9fc062ce172bae2514cb159fad1b238bcf83596881d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:88:ef:13:fa:3b:da:35:15:0a:1e:87:f8:9e:
                    02:32:14:d1:90:ea:73:38:fb:96:8b:c9:70:1a:cd:
                    04:09:ef:ca:3a:07:eb:bd:8b:3d:3f:a4:dc:8b:c0:
                    c9:97:c0:1f:cc:f2:70:84:19:dd:99:67:e6:fa:5f:
                    05:9a:af:24:45:3d:27:0f:d2:e0:65:0f:0d:31:af:
                    da:05:9d:e7:5e:7b:40:57:eb:37:a8:4e:44:19:ab:
                    8a:9f:f0:17:ea:c2:c3:94:75:cd:cf:ab:72:06:b1:
                    c1:74:e8:66:b7:b7:3b:ad:f8:20:9a:8b:59:5d:88:
                    79:32:31:82:73:d0:96:cb:7f:02:22:ff:97:de:23:
                    61:6e:72:ba:81:e4:ec:78:be:a5:05:53:22:4c:9a:
                    60:b1:c9:6d:64:32:93:09:c5:86:67:69:f0:c4:d2:
                    af:04:ee:98:5a:bc:7c:8b:64:1b:ec:1d:71:49:34:
                    da:92:de:09:d8:dd:ac:ec:77:99:f9:d3:12:9f:b7:
                    f3:a8:e1:45:76:ff:c3:4d:fc:95:ed:a9:51:0c:98:
                    82:84:81:d6:df:db:fa:71:02:95:b9:a2:9b:22:8b:
                    0b:cb:03:77:df:c6:aa:4c:72:18:78:2a:dd:d9:72:
                    ec:ed:f6:45:ca:29:f7:ef:d7:96:c7:3b:22:87:a3:
                    b3:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:B4:57:FC:25:2F:DD:8E:9A:C0:3E:90:A7:78:BF:A4:0F:8D:30:D0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9e82fc50-94be-46c3-a806-b81a365de446.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:f9:d9:25:88:21:ae:1e:0f:8b:1a:da:ac:4a:e7:e8:0c:11:
         e2:f5:12:a4:aa:56:23:92:2d:c2:e1:94:21:c5:d5:d5:30:35:
         12:86:4b:1b:27:19:11:b9:e4:07:69:2d:8e:b6:02:12:7d:aa:
         54:3f:61:9a:03:f7:06:08:c8:8f:f6:66:7b:35:5d:ab:d5:68:
         df:59:67:b0:c7:a5:ae:3e:fa:06:c1:d8:47:2f:23:98:e5:e3:
         e3:22:9f:fc:1c:a9:43:49:e0:d7:9e:a9:0c:68:cb:90:36:06:
         8d:f7:83:77:3d:9a:81:ec:ae:1c:25:db:a6:93:cb:06:2c:43:
         ca:b5:e3:c2:68:ae:9d:cb:83:d3:dd:03:20:63:73:d3:f8:8a:
         d6:46:08:6c:e4:a5:b0:d3:64:ee:ec:92:67:99:32:2a:b1:94:
         28:4d:0b:b0:bb:90:b0:3a:e6:6f:38:b1:f9:2a:6f:29:f3:20:
         37:9b:f5:da:8d:9d:54:25:24:09:b8:1d:2d:e3:13:d3:e1:8f:
         9f:fc:ba:0a:af:c3:c3:99:b6:75:21:df:00:44:68:9c:00:d7:
         e2:08:31:f6:68:9e:fd:07:7b:ae:58:d0:0d:56:f7:df:60:39:
         ca:f7:41:f9:4d:61:98:fa:01:13:7e:46:90:e3:54:af:11:d1:
         ac:a4:6d:e6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXR4SPB6Mjk2TZT0aHdgWPatW/WgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODA4MDAwMDAwWhcNMjMwOTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTY3ZjViNGJmYzZkNzk5NWJmOWQ5ZmMwNjJjZTE3MmJh
ZTI1MTRjYjE1OWZhZDFiMjM4YmNmODM1OTY4ODFkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOiO8T+jvaNRUKHof4ngIyFNGQ6nM4+5aLyXAazQQJ78o6
B+u9iz0/pNyLwMmXwB/M8nCEGd2ZZ+b6XwWaryRFPScP0uBlDw0xr9oFnedee0BX
6zeoTkQZq4qf8BfqwsOUdc3Pq3IGscF06Ga3tzut+CCai1ldiHkyMYJz0JbLfwIi
/5feI2FucrqB5Ox4vqUFUyJMmmCxyW1kMpMJxYZnafDE0q8E7phavHyLZBvsHXFJ
NNqS3gnY3azsd5n50xKft/Oo4UV2/8NN/JXtqVEMmIKEgdbf2/pxApW5opsiiwvL
A3ffxqpMchh4Kt3Zcuzt9kXKKffv15bHOyKHo7O3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+7RX/CUv3Y6awD6Qp3i/pA+NMNAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzllODJmYzUwLTk0YmUtNDZjMy1hODA2LWI4MWEzNjVkZTQ0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADT52SWIIa4eD4sa2qxK5+gMEeL1
EqSqViOSLcLhlCHF1dUwNRKGSxsnGRG55AdpLY62AhJ9qlQ/YZoD9wYIyI/2Zns1
XavVaN9ZZ7DHpa4++gbB2EcvI5jl4+Min/wcqUNJ4NeeqQxoy5A2Bo33g3c9moHs
rhwl26aTywYsQ8q148Jorp3Lg9PdAyBjc9P4itZGCGzkpbDTZO7skmeZMiqxlChN
C7C7kLA65m84sfkqbynzIDeb9dqNnVQlJAm4HS3jE9Phj5/8ugqvw8OZtnUh3wBE
aJwA1+IIMfZonv0He65Y0A1W999gOcr3QflNYZj6ARN+RpDjVK8R0aykbeY=
-----END CERTIFICATE-----