Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/de204b5e-4f9e-4f37-b913-21344ba85146.roa
File:                     de204b5e-4f9e-4f37-b913-21344ba85146.roa (raw, json)
Hash identifier:          gdEEKXYKEyN9OOGbb7b14uU6MYlvX0DTAeRJbuKqkHc=
Subject key identifier:   A3:8D:B8:0C:CF:ED:D1:F3:40:B0:82:D0:BA:32:AB:79:15:D2:4D:D7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       703D74CC7327DF3AB47692C31E68DC7EAC28F4EF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/de204b5e-4f9e-4f37-b913-21344ba85146.roa
Signing time:             Wed 13 Dec 2023 00:00:00 +0000
ROA not before:           Wed 13 Dec 2023 00:00:00 +0000
ROA not after:            Wed 17 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:3d:74:cc:73:27:df:3a:b4:76:92:c3:1e:68:dc:7e:ac:28:f4:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 13 00:00:00 2023 GMT
            Not After : Jan 17 23:59:59 2024 GMT
        Subject: serialNumber=9f6f5ba5eb244973b4e9019cd937ee34224a0b6771df242de2bf8f22ca0339d1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ad:99:b8:9c:48:83:65:43:e9:f7:55:bf:f6:
                    58:49:e4:88:a3:e2:39:28:98:e6:38:b0:ce:27:ee:
                    4d:b4:c3:b1:ea:d7:01:23:f3:30:a3:8e:2a:84:55:
                    c1:50:ac:e0:3c:5e:51:41:28:c9:fb:32:e4:e2:77:
                    f3:ce:6a:cf:35:e4:5b:a1:e7:3e:08:ea:f7:07:44:
                    f5:63:72:8c:e3:65:f7:be:1f:3c:8d:73:55:c5:05:
                    c0:0e:93:da:f0:73:2a:88:30:ad:a1:8c:57:b0:7e:
                    3c:d4:a9:78:9e:b8:f5:40:eb:4b:06:7f:2b:5f:e7:
                    9a:1c:e1:d4:0e:55:29:5d:ac:3c:cf:b1:11:39:24:
                    5a:6f:f5:a0:3c:ca:8c:e1:67:57:f2:67:9f:2b:b8:
                    7d:35:22:41:56:c5:d3:a4:5b:13:f2:4b:32:81:cb:
                    23:af:91:7a:99:c6:fc:8e:e9:f7:42:f1:7a:20:b6:
                    e4:89:b0:4f:0d:46:f3:51:fd:3b:37:6b:ff:4d:13:
                    79:ad:a7:99:a4:e7:81:2d:14:da:fe:ac:d1:6d:f6:
                    7e:32:09:ce:91:14:e5:13:33:3b:ff:83:a3:b3:29:
                    26:6b:be:fa:60:33:c3:36:ab:09:96:31:1a:38:43:
                    0f:3b:8a:8a:7b:8e:26:9c:87:6b:df:8d:33:5e:61:
                    5b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:8D:B8:0C:CF:ED:D1:F3:40:B0:82:D0:BA:32:AB:79:15:D2:4D:D7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/de204b5e-4f9e-4f37-b913-21344ba85146.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:e7:d5:e9:80:6e:3b:4f:0c:7c:69:46:08:66:c0:de:61:07:
         2b:e2:c1:94:db:6a:67:ec:27:f6:bc:43:b9:1e:c9:52:11:47:
         fd:cd:3a:9c:66:69:3b:a3:ef:96:fc:a4:e9:b3:9a:2f:f8:42:
         a3:e6:5b:e4:81:ae:8a:73:61:4e:06:a2:9c:df:fe:fd:03:70:
         df:ef:15:46:85:65:5f:24:c2:b9:bf:d4:ff:91:84:70:8b:a7:
         f5:16:5c:86:ef:b4:eb:f3:5f:8d:a8:bd:a5:f4:b2:60:e7:d3:
         e9:90:52:72:b4:78:c0:99:5a:6d:7c:67:e4:6b:a7:07:84:66:
         ad:25:dd:41:ba:e9:ff:48:b1:45:2b:4c:e2:c2:4e:f9:4a:6d:
         6d:f5:52:0f:b6:93:d5:af:f4:6f:9e:0a:fa:75:3b:31:08:0c:
         9d:c3:53:82:96:64:57:74:64:8b:c7:f0:14:37:e3:d6:8d:17:
         94:1d:e5:f7:16:65:f6:63:77:1c:2c:00:91:c9:3e:f0:df:ad:
         27:15:95:bd:92:d0:18:c3:93:bb:e3:af:6e:61:56:38:13:e9:
         0d:0d:f9:f8:97:ac:b5:e0:67:79:a6:96:01:73:6d:1a:66:c5:
         84:11:a7:87:28:e9:e3:4e:58:d1:0a:77:28:d2:bf:d0:00:da:
         64:81:f7:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcD10zHMn3zq0dpLDHmjcfqwo9O8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjEzMDAwMDAwWhcNMjQwMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjZmNWJhNWViMjQ0OTczYjRlOTAxOWNkOTM3ZWUzNDIy
NGEwYjY3NzFkZjI0MmRlMmJmOGYyMmNhMDMzOWQxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvrZm4nEiDZUPp91W/9lhJ5Iij4jkomOY4sM4n7k20w7Hq
1wEj8zCjjiqEVcFQrOA8XlFBKMn7MuTid/POas815Fuh5z4I6vcHRPVjcozjZfe+
HzyNc1XFBcAOk9rwcyqIMK2hjFewfjzUqXieuPVA60sGfytf55oc4dQOVSldrDzP
sRE5JFpv9aA8yozhZ1fyZ58ruH01IkFWxdOkWxPySzKByyOvkXqZxvyO6fdC8Xog
tuSJsE8NRvNR/Ts3a/9NE3mtp5mk54EtFNr+rNFt9n4yCc6RFOUTMzv/g6OzKSZr
vvpgM8M2qwmWMRo4Qw87iop7jiach2vfjTNeYVuJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUo424DM/t0fNAsILQujKreRXSTdcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RlMjA0YjVlLTRmOWUtNGYzNy1iOTEzLTIxMzQ0YmE4NTE0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHfn1emAbjtPDHxpRghmwN5hByvi
wZTbamfsJ/a8Q7keyVIRR/3NOpxmaTuj75b8pOmzmi/4QqPmW+SBropzYU4Gopzf
/v0DcN/vFUaFZV8kwrm/1P+RhHCLp/UWXIbvtOvzX42ovaX0smDn0+mQUnK0eMCZ
Wm18Z+RrpweEZq0l3UG66f9IsUUrTOLCTvlKbW31Ug+2k9Wv9G+eCvp1OzEIDJ3D
U4KWZFd0ZIvH8BQ349aNF5Qd5fcWZfZjdxwsAJHJPvDfrScVlb2S0BjDk7vjr25h
VjgT6Q0N+fiXrLXgZ3mmlgFzbRpmxYQRp4co6eNOWNEKdyjSv9AA2mSB9xU=
-----END CERTIFICATE-----