Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a11321e1-b7ec-4352-8584-5a51a8bf9765.roa
File:                     a11321e1-b7ec-4352-8584-5a51a8bf9765.roa (raw, json)
Hash identifier:          xZ3kVfLSlCjF5FG0u/Y8L+mLo8xUE877PPd1qYzHf88=
Subject key identifier:   09:D8:20:00:82:13:75:F6:5F:A7:4F:A5:E7:48:7E:81:36:7D:AD:BA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       36768921A1522D03088EB54A514D43D9B249AC24
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a11321e1-b7ec-4352-8584-5a51a8bf9765.roa
Signing time:             Sat 08 Jul 2023 00:00:00 +0000
ROA not before:           Sat 08 Jul 2023 00:00:00 +0000
ROA not after:            Sat 12 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:76:89:21:a1:52:2d:03:08:8e:b5:4a:51:4d:43:d9:b2:49:ac:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  8 00:00:00 2023 GMT
            Not After : Aug 12 23:59:59 2023 GMT
        Subject: serialNumber=eb2aaff08fc3a668d7e697b8bf1d220506e654aeee7aab9264886a3b4b7de917, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:98:64:03:7f:42:d6:01:57:19:b7:0f:ce:18:
                    78:da:c4:a0:4c:b9:c7:91:b9:99:54:7e:05:a0:a0:
                    50:c2:6d:d8:93:ae:eb:e2:13:7c:30:88:bb:91:c4:
                    f5:3d:b3:62:ab:05:67:e4:31:95:d6:1d:38:fe:ac:
                    34:b8:70:90:53:01:1d:50:b5:3e:2a:86:0d:f4:d5:
                    fa:78:33:59:e7:37:c7:72:e8:44:26:6f:b1:b7:69:
                    e1:dc:38:a6:af:20:e1:c2:26:8b:bb:8c:83:cc:16:
                    18:d3:54:61:86:b6:15:a9:f6:dd:5c:48:16:5f:8a:
                    0a:af:d7:a5:b5:41:ff:97:27:d5:7f:3b:6c:ac:ef:
                    a7:96:c4:ab:99:7e:e2:c5:22:af:ac:ee:d2:84:8b:
                    40:b9:ea:e5:f0:51:c0:7d:1d:02:2d:74:aa:90:26:
                    05:0a:66:14:c0:0a:fb:4a:69:cb:3d:0f:61:5d:3e:
                    c3:bb:cd:f2:dc:0a:76:74:d5:78:5c:68:fa:00:a8:
                    40:2a:92:ea:dc:54:9b:85:f7:5f:62:90:82:6f:a5:
                    c5:ae:fb:ea:03:ab:c0:4e:c8:4e:a0:8d:aa:c6:c0:
                    5b:39:60:38:aa:d3:11:c9:e4:fa:ca:f7:14:9b:24:
                    92:57:bd:93:9c:af:1d:a5:c1:de:7c:9a:b5:9f:b5:
                    81:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D8:20:00:82:13:75:F6:5F:A7:4F:A5:E7:48:7E:81:36:7D:AD:BA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a11321e1-b7ec-4352-8584-5a51a8bf9765.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:bd:a0:d5:ee:95:1b:9d:e7:90:cc:2b:45:1d:91:ff:96:10:
         f0:48:7d:60:10:66:3f:99:b8:dc:11:de:d3:07:b4:2c:33:28:
         b9:41:4b:da:c2:d7:17:01:1b:3b:a7:ef:9c:49:00:eb:c6:b0:
         20:fd:af:a2:e3:32:e0:cd:d5:52:e3:29:14:42:15:ad:e6:59:
         cc:09:94:02:16:23:89:d9:4a:25:e6:c1:f2:00:b8:bd:50:70:
         9d:d2:64:62:92:f5:08:e0:11:94:55:bb:5b:7c:0d:bf:89:c8:
         55:ec:62:e0:17:96:7b:02:cf:90:d8:dc:e7:94:84:a0:35:76:
         7d:80:45:15:e8:6d:76:78:13:5c:d1:03:53:11:6d:5a:c7:cd:
         fc:cd:e2:92:bf:fc:68:98:8e:cd:de:a2:e4:ff:48:da:8f:e3:
         65:a3:af:c6:b1:78:8f:6d:05:35:05:67:fd:8b:88:48:32:7d:
         9b:03:9b:c5:ce:40:79:c7:03:f1:19:77:e1:14:94:ec:b4:e5:
         d3:55:95:e5:b9:3c:a9:53:71:2d:42:41:35:bf:ba:b9:63:8a:
         a8:51:68:9c:19:1d:af:72:81:32:68:f5:65:f3:49:5d:a3:78:
         39:e4:7c:44:d4:ce:4b:ef:9c:de:0d:6b:8d:0c:64:ee:c7:13:
         1c:a7:e5:7c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNnaJIaFSLQMIjrVKUU1D2bJJrCQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzA4MDAwMDAwWhcNMjMwODEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjJhYWZmMDhmYzNhNjY4ZDdlNjk3YjhiZjFkMjIwNTA2
ZTY1NGFlZWU3YWFiOTI2NDg4NmEzYjRiN2RlOTE3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbmGQDf0LWAVcZtw/OGHjaxKBMuceRuZlUfgWgoFDCbdiT
ruviE3wwiLuRxPU9s2KrBWfkMZXWHTj+rDS4cJBTAR1QtT4qhg301fp4M1nnN8dy
6EQmb7G3aeHcOKavIOHCJou7jIPMFhjTVGGGthWp9t1cSBZfigqv16W1Qf+XJ9V/
O2ys76eWxKuZfuLFIq+s7tKEi0C56uXwUcB9HQItdKqQJgUKZhTACvtKacs9D2Fd
PsO7zfLcCnZ01XhcaPoAqEAqkurcVJuF919ikIJvpcWu++oDq8BOyE6gjarGwFs5
YDiq0xHJ5PrK9xSbJJJXvZOcrx2lwd58mrWftYFvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCdggAIITdfZfp0+l50h+gTZ9rbowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ExMTMyMWUxLWI3ZWMtNDM1Mi04NTg0LTVhNTFhOGJmOTc2NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFS9oNXulRud55DMK0Udkf+WEPBI
fWAQZj+ZuNwR3tMHtCwzKLlBS9rC1xcBGzun75xJAOvGsCD9r6LjMuDN1VLjKRRC
Fa3mWcwJlAIWI4nZSiXmwfIAuL1QcJ3SZGKS9QjgEZRVu1t8Db+JyFXsYuAXlnsC
z5DY3OeUhKA1dn2ARRXobXZ4E1zRA1MRbVrHzfzN4pK//GiYjs3eouT/SNqP42Wj
r8axeI9tBTUFZ/2LiEgyfZsDm8XOQHnHA/EZd+EUlOy05dNVleW5PKlTcS1CQTW/
urljiqhRaJwZHa9ygTJo9WXzSV2jeDnkfETUzkvvnN4Na40MZO7HExyn5Xw=
-----END CERTIFICATE-----