Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d376ab5d-1ee3-4403-8ccc-a48b863fd279.roa
File:                     d376ab5d-1ee3-4403-8ccc-a48b863fd279.roa (raw, json)
Hash identifier:          QZ9GAI71Tu0S4iHt5VViuQpKoBB5adpIjRp4uzeCsYo=
Subject key identifier:   53:4D:33:7E:57:DB:40:99:4E:3F:B0:86:4D:AD:81:FD:48:8B:0A:51
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       49E263B1A085E4DB80EB9720E0B1D83F2DF01532
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d376ab5d-1ee3-4403-8ccc-a48b863fd279.roa
Signing time:             Sat 24 Jun 2023 00:00:00 +0000
ROA not before:           Sat 24 Jun 2023 00:00:00 +0000
ROA not after:            Sat 29 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:e2:63:b1:a0:85:e4:db:80:eb:97:20:e0:b1:d8:3f:2d:f0:15:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 24 00:00:00 2023 GMT
            Not After : Jul 29 23:59:59 2023 GMT
        Subject: serialNumber=c1189ca6518dfdc9d9718dbbe05767913685ef17ee0ce9b647169c40dac9af88, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:1c:47:06:0b:09:1c:48:fe:87:d9:5f:69:dc:
                    53:67:82:91:96:c1:c0:41:90:95:03:f0:1e:db:f8:
                    c3:4b:c3:8c:98:d3:f6:5f:cd:14:ff:c3:2a:33:ec:
                    21:ec:d9:97:20:79:b2:77:ed:ae:ac:7f:5b:d9:98:
                    c1:db:52:a9:af:11:41:5f:18:f0:78:eb:a3:20:c0:
                    42:16:a1:68:53:82:3b:f4:10:89:cf:ea:e7:a3:1e:
                    5a:27:7f:66:69:08:20:62:65:af:0c:a0:2e:44:44:
                    d8:83:9a:33:49:7f:e4:a4:9b:43:df:4e:72:42:b5:
                    f6:d4:a7:03:32:8a:e4:e9:ca:ec:8f:9f:64:b1:7f:
                    c5:32:6e:fc:96:35:28:49:df:8b:0c:53:cf:37:26:
                    8e:54:10:f1:5e:69:f4:c4:9c:b9:4e:e4:fe:c7:4a:
                    19:11:73:f0:f3:48:75:be:12:8f:33:85:c4:b6:5a:
                    14:d9:39:1a:4b:d0:fe:4c:01:b1:21:49:7b:15:7a:
                    66:75:66:e1:ea:f2:98:ba:47:fb:56:47:89:b7:92:
                    2d:93:32:3f:b0:43:f6:54:23:89:f0:de:25:56:b2:
                    ff:f3:9c:64:67:07:c1:c4:04:72:35:5a:4d:ef:34:
                    bd:06:ed:f8:ef:27:40:dc:d0:09:66:7f:7e:14:cf:
                    0a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:4D:33:7E:57:DB:40:99:4E:3F:B0:86:4D:AD:81:FD:48:8B:0A:51
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d376ab5d-1ee3-4403-8ccc-a48b863fd279.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:f7:c6:b5:03:48:b0:45:e3:26:1f:69:d0:78:29:aa:51:ba:
         d0:6c:83:b7:66:1f:3c:b4:2b:db:27:f4:31:de:4b:8d:5d:2d:
         60:59:1b:2b:51:5a:c9:7d:8c:a0:ac:1f:4a:e3:98:6d:ef:dc:
         2e:b8:57:83:db:dc:5f:1a:23:99:01:40:98:f1:ab:dd:68:ea:
         a5:b2:7f:0b:32:57:7b:42:1b:87:e9:bc:19:62:72:6a:ce:8e:
         14:3d:a8:7c:d4:f0:6f:95:b4:db:ed:51:ea:db:3b:66:5b:e2:
         b7:13:f8:ef:3f:16:54:02:a5:c2:c5:20:1d:88:d7:b5:5c:3e:
         5c:2f:17:af:2d:8e:3a:4e:f1:bb:c5:5a:7a:52:a0:61:89:80:
         2c:b1:99:2e:51:4a:af:f6:82:23:b8:5c:83:a7:5e:14:f8:fc:
         63:a1:fa:dc:00:46:74:d5:f1:4f:35:1a:e0:41:8a:14:15:0c:
         a7:3f:87:46:e1:f9:d2:77:6c:6d:be:df:2d:bc:6d:99:4e:6c:
         3a:9d:ba:53:9d:c3:ba:03:b8:44:2d:9d:46:62:25:8a:43:e3:
         99:b5:59:f4:6e:d1:21:f6:91:e9:31:a6:dd:d9:91:18:79:de:
         51:53:4d:bf:c6:09:aa:76:bd:ee:73:86:78:28:ba:c7:08:86:
         75:f3:1b:e5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSeJjsaCF5NuA65cg4LHYPy3wFTIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI0MDAwMDAwWhcNMjMwNzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMTE4OWNhNjUxOGRmZGM5ZDk3MThkYmJlMDU3Njc5MTM2
ODVlZjE3ZWUwY2U5YjY0NzE2OWM0MGRhYzlhZjg4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmHEcGCwkcSP6H2V9p3FNngpGWwcBBkJUD8B7b+MNLw4yY
0/ZfzRT/wyoz7CHs2ZcgebJ37a6sf1vZmMHbUqmvEUFfGPB466MgwEIWoWhTgjv0
EInP6uejHlonf2ZpCCBiZa8MoC5ERNiDmjNJf+Skm0PfTnJCtfbUpwMyiuTpyuyP
n2Sxf8UybvyWNShJ34sMU883Jo5UEPFeafTEnLlO5P7HShkRc/DzSHW+Eo8zhcS2
WhTZORpL0P5MAbEhSXsVemZ1ZuHq8pi6R/tWR4m3ki2TMj+wQ/ZUI4nw3iVWsv/z
nGRnB8HEBHI1Wk3vNL0G7fjvJ0Dc0Almf34UzwrPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUU00zflfbQJlOP7CGTa2B/UiLClEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QzNzZhYjVkLTFlZTMtNDQwMy04Y2NjLWE0OGI4NjNmZDI3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC/3xrUDSLBF4yYfadB4KapRutBs
g7dmHzy0K9sn9DHeS41dLWBZGytRWsl9jKCsH0rjmG3v3C64V4Pb3F8aI5kBQJjx
q91o6qWyfwsyV3tCG4fpvBlicmrOjhQ9qHzU8G+VtNvtUerbO2Zb4rcT+O8/FlQC
pcLFIB2I17VcPlwvF68tjjpO8bvFWnpSoGGJgCyxmS5RSq/2giO4XIOnXhT4/GOh
+twARnTV8U81GuBBihQVDKc/h0bh+dJ3bG2+3y28bZlObDqdulOdw7oDuEQtnUZi
JYpD45m1WfRu0SH2kekxpt3ZkRh53lFTTb/GCap2ve5zhngouscIhnXzG+U=
-----END CERTIFICATE-----