Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0aeb16ec-0bc6-407e-92a9-8a2d7b48cacc.roa
File:                     0aeb16ec-0bc6-407e-92a9-8a2d7b48cacc.roa (raw, json)
Hash identifier:          S23E8zbFBRqtOS48OVhkdk4ZWXlGnm2BxHRWiL9ShjE=
Subject key identifier:   6A:C1:75:BF:BE:0E:88:43:1A:AC:4B:C3:BD:9A:93:45:45:25:AB:14
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5367C885CAA9AA53FFE61FCE5419DFC87F8C3685
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0aeb16ec-0bc6-407e-92a9-8a2d7b48cacc.roa
Signing time:             Sun 10 Sep 2023 00:00:00 +0000
ROA not before:           Sun 10 Sep 2023 00:00:00 +0000
ROA not after:            Sun 15 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:67:c8:85:ca:a9:aa:53:ff:e6:1f:ce:54:19:df:c8:7f:8c:36:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 10 00:00:00 2023 GMT
            Not After : Oct 15 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:df:f5:b1:41:0e:b7:02:9a:52:22:e0:1e:73:
                    2b:b1:9c:04:1c:b9:0e:05:69:0e:c4:71:b0:ec:95:
                    2f:90:30:d3:5e:7b:ad:70:bb:b5:8e:c2:ea:94:5d:
                    2a:06:70:97:dd:6c:75:e7:3b:86:76:b1:45:7a:dc:
                    78:35:b0:61:a6:9b:61:3c:23:0b:0c:da:76:1c:c4:
                    f6:7d:d1:af:e0:31:a6:5a:8f:95:90:d2:8e:7e:ea:
                    c5:61:10:1f:4c:4e:49:98:30:b7:86:c4:da:d9:40:
                    3a:44:2f:bd:4e:d7:63:35:22:37:bc:ea:ec:ed:dc:
                    24:0b:ce:af:b3:c3:2a:3e:c5:f6:e9:8a:c9:84:9e:
                    93:9e:2f:e3:27:8d:fd:b3:aa:ea:4f:74:b9:db:99:
                    b7:c0:52:69:a0:fb:a5:81:d3:e9:3e:fc:88:7e:48:
                    2f:44:8a:10:97:ba:64:dd:68:9f:9c:23:b1:5d:1b:
                    5e:fb:d0:81:bb:b5:6d:4c:87:62:9e:d9:46:06:5c:
                    cf:4e:45:e3:0b:8e:e8:55:7e:b8:fc:24:fa:56:27:
                    55:58:5e:1d:1a:e7:e7:f2:e0:5f:07:33:e6:0e:eb:
                    42:12:e3:25:cd:17:76:ed:6d:62:16:e5:5f:1a:be:
                    10:ba:27:64:13:ad:30:47:fd:91:10:1a:df:4d:b5:
                    74:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:C1:75:BF:BE:0E:88:43:1A:AC:4B:C3:BD:9A:93:45:45:25:AB:14
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0aeb16ec-0bc6-407e-92a9-8a2d7b48cacc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:0f:d5:24:6b:b4:cd:cf:f1:1c:cb:4e:e9:a6:b8:1a:ff:2c:
         61:48:e5:c8:00:32:40:49:25:e6:9d:50:35:05:ec:4e:b8:f2:
         8f:71:68:c5:61:b8:5c:83:a5:40:bf:e9:30:e1:df:c7:ed:ab:
         af:ac:20:35:14:dd:bb:0d:31:a5:5a:22:98:8d:e7:6f:e1:04:
         9c:dd:53:20:a0:e2:c8:2d:9d:3e:3f:54:5e:e1:0e:cc:fb:a1:
         73:16:64:88:9e:28:92:f2:bb:c8:30:e8:3a:35:a0:d9:74:f1:
         23:25:81:13:af:2b:74:30:70:83:19:88:f8:10:fa:2a:5f:06:
         ff:ab:9c:1c:fa:5d:46:1b:5a:62:f3:b0:84:a4:ac:94:e1:23:
         86:85:1d:5c:a1:f5:bc:78:c3:b9:0b:b1:c1:81:35:1f:76:76:
         83:0e:cd:db:c6:47:5a:c5:e5:09:71:94:98:45:a8:55:4f:0d:
         d9:7f:43:43:37:90:1c:07:e1:1a:0c:8a:10:ee:a9:08:bc:ed:
         8a:c1:be:38:5d:69:85:3c:dd:68:07:9e:b6:c1:55:1b:69:99:
         65:4c:57:1e:7a:cb:46:72:17:1a:e7:10:e0:f6:db:a7:2a:b5:
         27:9d:f1:02:ec:56:42:dc:0e:80:8f:c7:b4:f5:ea:a0:f5:62:
         f5:9b:0b:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU2fIhcqpqlP/5h/OVBnfyH+MNoUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTEwMDAwMDAwWhcNMjMxMDE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Zjg5OTBmMThjMjQyMjY4MGViZjRlNGExYTg1Nzc1M2Qx
YWQzOTY0Y2Y5YzNhM2ZkMTlmZDU3MzAzZWI5NzI0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC83/WxQQ63AppSIuAecyuxnAQcuQ4FaQ7EcbDslS+QMNNe
e61wu7WOwuqUXSoGcJfdbHXnO4Z2sUV63Hg1sGGmm2E8IwsM2nYcxPZ90a/gMaZa
j5WQ0o5+6sVhEB9MTkmYMLeGxNrZQDpEL71O12M1Ije86uzt3CQLzq+zwyo+xfbp
ismEnpOeL+Mnjf2zqupPdLnbmbfAUmmg+6WB0+k+/Ih+SC9EihCXumTdaJ+cI7Fd
G1770IG7tW1Mh2Ke2UYGXM9OReMLjuhVfrj8JPpWJ1VYXh0a5+fy4F8HM+YO60IS
4yXNF3btbWIW5V8avhC6J2QTrTBH/ZEQGt9NtXSbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUasF1v74OiEMarEvDvZqTRUUlqxQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBhZWIxNmVjLTBiYzYtNDA3ZS05MmE5LThhMmQ3YjQ4Y2FjYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIQP1SRrtM3P8RzLTummuBr/LGFI
5cgAMkBJJeadUDUF7E648o9xaMVhuFyDpUC/6TDh38ftq6+sIDUU3bsNMaVaIpiN
52/hBJzdUyCg4sgtnT4/VF7hDsz7oXMWZIieKJLyu8gw6Do1oNl08SMlgROvK3Qw
cIMZiPgQ+ipfBv+rnBz6XUYbWmLzsISkrJThI4aFHVyh9bx4w7kLscGBNR92doMO
zdvGR1rF5QlxlJhFqFVPDdl/Q0M3kBwH4RoMihDuqQi87YrBvjhdaYU83WgHnrbB
VRtpmWVMVx56y0ZyFxrnEOD226cqtSed8QLsVkLcDoCPx7T16qD1YvWbC38=
-----END CERTIFICATE-----