Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c4aa2012-10e5-4b41-b048-616d0124dadf.roa
File:                     c4aa2012-10e5-4b41-b048-616d0124dadf.roa (raw, json)
Hash identifier:          9gY9Z5Cid2FkQZhmlTU1cSULNJCWTWTHgGN0Q1URz5U=
Subject key identifier:   2F:59:D2:CE:38:25:61:CA:8E:A5:8D:E6:29:2F:3A:B1:FE:66:08:8F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       68BFD07C58927B81A2393711BF11A54C2C7F5557
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c4aa2012-10e5-4b41-b048-616d0124dadf.roa
Signing time:             Sun 30 Jul 2023 00:00:00 +0000
ROA not before:           Sun 30 Jul 2023 00:00:00 +0000
ROA not after:            Sun 03 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:bf:d0:7c:58:92:7b:81:a2:39:37:11:bf:11:a5:4c:2c:7f:55:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 30 00:00:00 2023 GMT
            Not After : Sep  3 23:59:59 2023 GMT
        Subject: serialNumber=52171ec0a538c8e699572fd51a5dc8adb877b5d9b1911b283d0af3a529b01c58, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:28:16:c7:dc:50:69:56:8a:70:de:71:32:93:
                    0f:f6:7c:92:92:2e:f7:74:a6:11:e5:d1:96:1f:84:
                    94:45:d3:45:fb:7c:1e:a9:96:f8:07:83:2d:56:b1:
                    45:58:73:b0:90:4e:f8:68:cb:59:5e:36:27:40:fc:
                    bb:b6:6c:3c:c2:43:72:9d:9f:6e:f2:70:c0:90:1a:
                    c8:4e:91:40:01:47:4e:0a:8a:1d:13:e7:7f:14:cf:
                    9e:8c:33:7d:de:d3:d0:43:48:5c:cb:a3:13:e2:dd:
                    82:04:da:ae:1d:79:37:14:7a:fa:22:e3:10:30:7c:
                    61:da:9d:2a:4b:25:e2:90:49:e5:10:b0:28:a2:95:
                    d1:c6:a3:c7:af:e0:50:24:7b:b8:62:c6:63:55:bb:
                    9d:fc:27:c0:75:a7:ea:b7:96:23:cb:80:41:f4:3c:
                    a1:a8:65:f9:0a:c9:ac:6c:81:87:15:37:d0:ec:a1:
                    91:b0:b9:56:18:13:c1:8e:4d:8b:f7:73:9b:18:17:
                    37:4c:90:29:28:5f:85:00:a0:59:56:65:0c:20:19:
                    75:85:df:7e:0e:c1:9e:30:32:4d:09:6c:67:e3:ca:
                    ad:4c:ba:ae:47:a0:4b:2a:f2:4f:cb:a5:1b:e5:13:
                    d9:93:67:ea:47:1e:77:a5:88:6c:63:05:f2:65:25:
                    a1:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:59:D2:CE:38:25:61:CA:8E:A5:8D:E6:29:2F:3A:B1:FE:66:08:8F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c4aa2012-10e5-4b41-b048-616d0124dadf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:d7:05:0a:bf:c4:c2:06:9a:2f:89:99:2e:24:5d:57:17:68:
         63:66:c1:a0:ec:14:2d:a0:af:03:e5:0d:1e:00:c3:48:90:e4:
         20:21:c2:b6:61:88:e8:b8:3d:c7:76:a0:09:71:0c:3c:21:b3:
         0b:c9:e0:aa:f2:41:6c:93:b5:66:19:7f:44:84:da:60:46:a0:
         d7:e8:29:0a:36:d3:73:67:46:51:a4:27:dc:f5:aa:84:c7:35:
         5d:db:88:21:b3:37:7b:69:6d:8c:cf:a2:f3:7a:1c:43:bb:07:
         1e:19:7d:48:fc:d8:25:45:6f:5c:7c:ba:2f:13:af:1f:6d:b5:
         90:c7:16:26:e3:05:f8:59:11:09:e4:1c:7b:e2:39:dc:86:10:
         75:6e:6c:94:4c:21:5e:e4:b2:92:d9:b4:93:c9:6b:c8:c0:fc:
         87:b3:5a:a5:2e:d9:ce:0e:a6:c0:c3:8f:a4:94:a2:97:28:aa:
         18:6f:eb:ee:8e:0f:d2:24:be:15:4a:d1:f7:9c:c4:fd:c3:ee:
         e9:ac:e7:6b:78:f8:6b:95:1b:de:0e:db:41:45:8e:a9:f8:32:
         fd:11:b7:9e:65:73:0e:3c:5d:64:2d:11:f1:3a:be:c0:0e:80:
         10:cc:b7:a2:43:da:5b:4c:7b:dd:a5:ac:6d:59:bb:27:09:d6:
         71:af:f7:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaL/QfFiSe4GiOTcRvxGlTCx/VVcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzMwMDAwMDAwWhcNMjMwOTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MjE3MWVjMGE1MzhjOGU2OTk1NzJmZDUxYTVkYzhhZGI4
NzdiNWQ5YjE5MTFiMjgzZDBhZjNhNTI5YjAxYzU4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiKBbH3FBpVopw3nEykw/2fJKSLvd0phHl0ZYfhJRF00X7
fB6plvgHgy1WsUVYc7CQTvhoy1leNidA/Lu2bDzCQ3Kdn27ycMCQGshOkUABR04K
ih0T538Uz56MM33e09BDSFzLoxPi3YIE2q4deTcUevoi4xAwfGHanSpLJeKQSeUQ
sCiildHGo8ev4FAke7hixmNVu538J8B1p+q3liPLgEH0PKGoZfkKyaxsgYcVN9Ds
oZGwuVYYE8GOTYv3c5sYFzdMkCkoX4UAoFlWZQwgGXWF334OwZ4wMk0JbGfjyq1M
uq5HoEsq8k/LpRvlE9mTZ+pHHneliGxjBfJlJaGrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUL1nSzjglYcqOpY3mKS86sf5mCI8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2M0YWEyMDEyLTEwZTUtNGI0MS1iMDQ4LTYxNmQwMTI0ZGFkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADXXBQq/xMIGmi+JmS4kXVcXaGNm
waDsFC2grwPlDR4Aw0iQ5CAhwrZhiOi4Pcd2oAlxDDwhswvJ4KryQWyTtWYZf0SE
2mBGoNfoKQo203NnRlGkJ9z1qoTHNV3biCGzN3tpbYzPovN6HEO7Bx4ZfUj82CVF
b1x8ui8Trx9ttZDHFibjBfhZEQnkHHviOdyGEHVubJRMIV7kspLZtJPJa8jA/Iez
WqUu2c4OpsDDj6SUopcoqhhv6+6OD9IkvhVK0fecxP3D7ums52t4+GuVG94O20FF
jqn4Mv0Rt55lcw48XWQtEfE6vsAOgBDMt6JD2ltMe92lrG1ZuycJ1nGv910=
-----END CERTIFICATE-----