Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcbee798-a7c4-44b4-baa4-dc4df388d54e.roa
File:                     dcbee798-a7c4-44b4-baa4-dc4df388d54e.roa (raw, json)
Hash identifier:          cCrxk2dxPRN1oO20/ggtAzvBN8crMtzkUt/Do1e05E0=
Subject key identifier:   AD:48:86:0E:72:3A:62:01:DB:0D:9D:58:42:08:AF:4E:75:E4:51:A5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6814474E5F79661132A160BBA35628B6EC5825B5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcbee798-a7c4-44b4-baa4-dc4df388d54e.roa
Signing time:             Sun 24 Dec 2023 00:00:00 +0000
ROA not before:           Sun 24 Dec 2023 00:00:00 +0000
ROA not after:            Sun 28 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:14:47:4e:5f:79:66:11:32:a1:60:bb:a3:56:28:b6:ec:58:25:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 24 00:00:00 2023 GMT
            Not After : Jan 28 23:59:59 2024 GMT
        Subject: serialNumber=9b52fe1386545dfedafa9ec830d5dc2c5b26df5e0cae1ee98078abdfd3ee3ab9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:90:21:93:30:51:3c:cf:fd:5c:d8:2b:af:d0:
                    a7:cb:01:1c:9a:7d:8f:4e:7f:c0:c0:4f:48:a8:a0:
                    3a:a0:6b:f7:d5:e0:08:5a:e8:be:3a:c7:6d:a8:80:
                    5a:69:8f:53:e7:71:62:9c:ae:eb:ce:e5:10:5b:7c:
                    03:a0:6b:8b:f1:9d:4d:4a:47:3d:ef:de:36:04:9d:
                    41:7e:1e:74:fc:da:16:9d:59:b8:6d:27:61:00:0b:
                    3a:55:a8:e5:9f:73:59:07:c5:69:bc:4c:1e:07:4c:
                    5a:ad:5b:f3:a9:67:d5:7a:0d:23:19:3c:ec:0b:10:
                    8b:c9:a8:56:90:71:49:7c:2f:af:95:c7:eb:c7:2d:
                    10:fa:d0:2e:e5:a7:20:8a:da:72:68:c3:24:9b:f9:
                    27:2d:ab:dd:28:f6:29:ab:a5:fe:11:71:94:f5:2b:
                    c1:54:b1:be:47:c3:cd:1f:9f:ae:ca:93:15:55:0d:
                    15:ff:a7:d5:43:4d:27:76:31:e6:5e:d5:2d:6d:ee:
                    02:7d:d2:31:29:74:79:a4:28:f9:2e:04:b2:86:b3:
                    1c:97:d1:21:fa:f2:7c:6b:d3:cf:16:82:fa:45:c9:
                    32:c1:ec:75:b3:b0:7b:42:42:3b:32:fc:74:39:b8:
                    4f:76:d9:1f:a1:a9:d9:43:a2:8a:b7:a7:f7:f3:d0:
                    86:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:48:86:0E:72:3A:62:01:DB:0D:9D:58:42:08:AF:4E:75:E4:51:A5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcbee798-a7c4-44b4-baa4-dc4df388d54e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:82:42:09:cd:23:44:5e:7e:5c:a0:f5:e8:1e:85:46:e9:22:
         e0:a7:2a:d9:bc:22:35:3a:60:b3:20:82:2d:12:d4:eb:1f:3b:
         2e:e4:20:f1:bf:ab:b1:1a:29:85:98:f7:9d:14:51:49:87:63:
         82:0e:83:98:3d:1d:f5:f7:77:17:b1:e3:bf:5c:44:91:cf:eb:
         db:78:5e:2a:89:32:e9:df:b3:f8:50:f7:74:eb:e0:65:74:15:
         31:a1:9e:31:39:4c:07:dd:77:83:5c:63:9b:91:69:a6:6d:cd:
         07:37:af:a8:b9:f9:4f:98:d7:b0:f0:26:6b:fd:aa:32:56:0f:
         2b:82:ef:31:23:d2:3b:f6:b3:52:fe:ae:37:77:69:d4:1c:31:
         6f:6a:94:7b:c0:0b:2a:b0:bc:db:96:cd:42:55:b1:bf:00:a8:
         3e:ff:6a:fc:a9:61:b3:a8:09:bd:c7:fc:da:f7:8b:61:54:10:
         ae:b4:15:51:b4:82:28:91:85:e4:cc:bc:17:14:e1:0b:fd:f5:
         21:0a:15:bd:4b:20:f3:01:57:15:05:22:8c:68:5d:eb:b5:05:
         8b:b1:b0:29:84:56:09:ec:47:92:03:ae:f4:33:8f:8a:6d:a7:
         b1:ce:06:bf:43:97:fd:c9:9d:5a:c4:33:da:d5:0d:7b:f8:c9:
         38:af:96:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaBRHTl95ZhEyoWC7o1YotuxYJbUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjI0MDAwMDAwWhcNMjQwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjUyZmUxMzg2NTQ1ZGZlZGFmYTllYzgzMGQ1ZGMyYzVi
MjZkZjVlMGNhZTFlZTk4MDc4YWJkZmQzZWUzYWI5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1kCGTMFE8z/1c2Cuv0KfLARyafY9Of8DAT0iooDqga/fV
4Aha6L46x22ogFppj1PncWKcruvO5RBbfAOga4vxnU1KRz3v3jYEnUF+HnT82had
WbhtJ2EACzpVqOWfc1kHxWm8TB4HTFqtW/OpZ9V6DSMZPOwLEIvJqFaQcUl8L6+V
x+vHLRD60C7lpyCK2nJowySb+Sctq90o9imrpf4RcZT1K8FUsb5Hw80fn67KkxVV
DRX/p9VDTSd2MeZe1S1t7gJ90jEpdHmkKPkuBLKGsxyX0SH68nxr088WgvpFyTLB
7HWzsHtCQjsy/HQ5uE922R+hqdlDooq3p/fz0Ib1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrUiGDnI6YgHbDZ1YQgivTnXkUaUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RjYmVlNzk4LWE3YzQtNDRiNC1iYWE0LWRjNGRmMzg4ZDU0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFOCQgnNI0Reflyg9egehUbpIuCn
Ktm8IjU6YLMggi0S1OsfOy7kIPG/q7EaKYWY950UUUmHY4IOg5g9HfX3dxex479c
RJHP69t4XiqJMunfs/hQ93Tr4GV0FTGhnjE5TAfdd4NcY5uRaaZtzQc3r6i5+U+Y
17DwJmv9qjJWDyuC7zEj0jv2s1L+rjd3adQcMW9qlHvACyqwvNuWzUJVsb8AqD7/
avypYbOoCb3H/Nr3i2FUEK60FVG0giiRheTMvBcU4Qv99SEKFb1LIPMBVxUFIoxo
Xeu1BYuxsCmEVgnsR5IDrvQzj4ptp7HOBr9Dl/3JnVrEM9rVDXv4yTivlus=
-----END CERTIFICATE-----