Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aa82664b-6623-429d-a116-323af775c589.roa
File:                     aa82664b-6623-429d-a116-323af775c589.roa (raw, json)
Hash identifier:          4+nXHTzur71+X0T5ltmHEVMfRfpcExNzq0lF7RRTIpc=
Subject key identifier:   97:3F:64:1B:06:DD:65:86:54:6C:30:E4:15:8A:7C:7C:61:2B:41:C4
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       571CCE29648FBFFF215C623599B0E19A88285392
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aa82664b-6623-429d-a116-323af775c589.roa
Signing time:             Mon 04 Dec 2023 00:00:00 +0000
ROA not before:           Mon 04 Dec 2023 00:00:00 +0000
ROA not after:            Mon 08 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:1c:ce:29:64:8f:bf:ff:21:5c:62:35:99:b0:e1:9a:88:28:53:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  4 00:00:00 2023 GMT
            Not After : Jan  8 23:59:59 2024 GMT
        Subject: serialNumber=423e05e5b017ea5bd29a1d6942575a50835cd51b1d49e51e55c9183f37adbc92, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:10:ad:01:1a:33:6b:e0:85:ac:04:e5:bb:27:
                    3e:96:98:38:78:26:75:b8:81:63:19:68:1e:41:e7:
                    f5:78:42:41:7b:6c:a9:97:48:a0:8f:cc:e9:2d:8e:
                    63:a5:70:ee:f8:96:01:cd:1a:38:1a:c8:18:37:7a:
                    65:c8:4a:15:6a:f1:03:6d:82:c1:1e:1b:31:57:4e:
                    66:43:0b:8b:34:53:4b:98:c7:5f:4b:62:39:d6:a9:
                    df:dd:01:a4:89:2a:87:7c:1a:64:99:77:ea:98:06:
                    21:f0:41:09:fc:39:50:86:23:2e:f6:90:29:09:73:
                    c2:3c:2f:c2:80:11:6d:06:4e:58:3b:23:6f:f7:32:
                    90:97:38:6d:4e:c4:69:35:d9:ba:ca:a1:f8:76:64:
                    49:9a:a0:a5:b7:4c:e6:65:14:ab:bd:84:e4:f2:cb:
                    5e:9c:3d:c9:ff:9d:62:3c:e6:e2:72:01:45:1f:f6:
                    76:38:e8:da:bd:63:57:76:80:66:8d:30:2b:c0:e0:
                    8e:92:c2:c9:ec:3d:e9:ca:ac:06:7d:75:cf:53:0a:
                    0c:73:ec:58:ee:6d:0b:09:75:ac:ab:42:9b:bb:4a:
                    d3:df:6e:f9:60:4e:9a:3a:54:3b:0c:a1:fb:ec:a8:
                    ba:d2:27:f5:11:b0:da:a9:58:eb:a9:98:61:7f:05:
                    64:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:3F:64:1B:06:DD:65:86:54:6C:30:E4:15:8A:7C:7C:61:2B:41:C4
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aa82664b-6623-429d-a116-323af775c589.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:73:c2:c2:11:4d:d5:c9:d9:1d:e4:dd:50:bd:5e:bf:b1:f0:
         b2:ef:50:ce:96:90:9e:7b:2b:a0:49:ce:5a:20:ff:13:56:84:
         bf:3b:67:f5:b4:03:8d:35:80:98:3d:49:39:46:26:f1:2f:9e:
         93:6b:4f:ab:b8:1b:ba:9b:45:0f:a5:92:03:33:a7:ea:eb:d6:
         52:95:32:b9:82:c8:fa:83:9f:80:df:c4:81:b7:d2:06:17:ec:
         b8:00:f5:c9:15:6e:d3:6f:60:c6:08:56:c3:4b:0d:d0:c1:76:
         20:ad:42:62:47:c5:ab:44:4d:06:7e:06:ba:9e:f6:f5:5f:f6:
         60:e4:bc:ae:49:72:17:ec:95:60:f3:ef:82:3a:0c:36:01:0c:
         5a:62:c9:67:bb:d4:af:2f:31:19:00:6f:80:e5:d0:c8:d9:bf:
         b2:ed:3c:d9:5b:a2:b0:60:79:6c:e2:88:7e:ae:7d:8c:a1:d8:
         9a:8d:09:79:e1:db:16:bf:a9:d5:24:82:c6:f1:87:ec:24:b7:
         ea:bd:9b:6b:f5:07:a2:19:68:a3:d6:6e:49:06:f9:31:ce:be:
         d0:03:5b:db:08:53:a3:8e:d0:17:6b:23:b2:05:96:0f:57:a7:
         05:08:9f:dd:68:c8:d0:80:57:da:94:ed:7f:a8:c0:23:e0:07:
         84:ab:ef:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVxzOKWSPv/8hXGI1mbDhmogoU5IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjA0MDAwMDAwWhcNMjQwMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MjNlMDVlNWIwMTdlYTViZDI5YTFkNjk0MjU3NWE1MDgz
NWNkNTFiMWQ0OWU1MWU1NWM5MTgzZjM3YWRiYzkyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSEK0BGjNr4IWsBOW7Jz6WmDh4JnW4gWMZaB5B5/V4QkF7
bKmXSKCPzOktjmOlcO74lgHNGjgayBg3emXIShVq8QNtgsEeGzFXTmZDC4s0U0uY
x19LYjnWqd/dAaSJKod8GmSZd+qYBiHwQQn8OVCGIy72kCkJc8I8L8KAEW0GTlg7
I2/3MpCXOG1OxGk12brKofh2ZEmaoKW3TOZlFKu9hOTyy16cPcn/nWI85uJyAUUf
9nY46Nq9Y1d2gGaNMCvA4I6SwsnsPenKrAZ9dc9TCgxz7FjubQsJdayrQpu7StPf
bvlgTpo6VDsMofvsqLrSJ/URsNqpWOupmGF/BWTBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlz9kGwbdZYZUbDDkFYp8fGErQcQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FhODI2NjRiLTY2MjMtNDI5ZC1hMTE2LTMyM2FmNzc1YzU4OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAItzwsIRTdXJ2R3k3VC9Xr+x8LLv
UM6WkJ57K6BJzlog/xNWhL87Z/W0A401gJg9STlGJvEvnpNrT6u4G7qbRQ+lkgMz
p+rr1lKVMrmCyPqDn4DfxIG30gYX7LgA9ckVbtNvYMYIVsNLDdDBdiCtQmJHxatE
TQZ+Brqe9vVf9mDkvK5JchfslWDz74I6DDYBDFpiyWe71K8vMRkAb4Dl0MjZv7Lt
PNlborBgeWziiH6ufYyh2JqNCXnh2xa/qdUkgsbxh+wkt+q9m2v1B6IZaKPWbkkG
+THOvtADW9sIU6OO0BdrI7IFlg9XpwUIn91oyNCAV9qU7X+owCPgB4Sr78I=
-----END CERTIFICATE-----