Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0fa00050-a856-44dd-9f7e-879f71d58e63.roa
File:                     0fa00050-a856-44dd-9f7e-879f71d58e63.roa (raw, json)
Hash identifier:          ZU2V2H4warVqv+8HqK2/7SBhPivAkaVfm5MRv1eglSM=
Subject key identifier:   20:ED:9E:E7:BE:0F:C5:C0:3F:FB:FB:8A:A1:31:71:BB:34:40:5A:9E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0B4907C1D4181640E591596CFC345B172FCE0CDF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0fa00050-a856-44dd-9f7e-879f71d58e63.roa
Signing time:             Sun 10 Dec 2023 00:00:00 +0000
ROA not before:           Sun 10 Dec 2023 00:00:00 +0000
ROA not after:            Sun 14 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:49:07:c1:d4:18:16:40:e5:91:59:6c:fc:34:5b:17:2f:ce:0c:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 10 00:00:00 2023 GMT
            Not After : Jan 14 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:29:f0:66:48:2e:12:2d:01:01:ab:28:43:1c:
                    78:6f:10:87:99:4d:32:48:3d:22:d3:47:48:2f:10:
                    e2:1d:c6:6b:e9:20:83:0d:b0:d4:4c:40:b1:76:a1:
                    25:67:99:02:1f:c9:53:59:f0:70:96:88:e0:71:ad:
                    c3:45:e2:1b:16:cf:98:49:98:a6:aa:61:7a:7c:45:
                    60:d6:a5:28:35:03:59:69:e3:cc:49:e2:9a:98:73:
                    bc:2e:30:6c:ee:5b:43:04:52:75:c0:52:cf:b9:15:
                    a0:83:c8:da:a5:42:ca:1a:b7:86:12:6e:c9:65:c2:
                    e7:4b:11:70:d2:cc:4b:60:05:14:8f:70:a3:3e:0d:
                    a8:1b:9a:f1:60:3e:4e:35:f9:15:3b:25:fe:cc:8c:
                    eb:12:3f:80:7c:f1:18:7e:3f:5d:ce:4f:fb:b0:b8:
                    74:5a:19:7b:a7:99:c3:31:de:09:82:b4:e7:f4:45:
                    32:0a:5a:0b:f6:26:49:c4:ae:62:22:88:d6:0f:ae:
                    0b:d9:83:ea:fc:74:63:b9:36:d5:61:b8:2e:be:ad:
                    3b:bb:64:37:5f:7f:67:de:c0:d1:cf:22:2c:91:17:
                    ad:80:25:ce:82:63:9c:28:a3:9a:51:93:90:72:9e:
                    1d:a2:d4:66:b0:4a:ec:a6:88:ea:19:39:17:80:53:
                    fc:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:ED:9E:E7:BE:0F:C5:C0:3F:FB:FB:8A:A1:31:71:BB:34:40:5A:9E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0fa00050-a856-44dd-9f7e-879f71d58e63.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:26:f2:dc:19:df:2e:f3:c2:52:a1:21:50:84:52:a7:82:78:
         7a:eb:92:d8:54:bd:ac:0c:41:db:5c:d3:1e:56:8c:55:56:72:
         45:e9:52:c3:c5:99:47:39:e3:8d:ec:41:de:d7:8b:85:19:9c:
         e2:d9:1e:4f:ab:57:ff:4a:0a:23:7c:52:76:20:e4:7d:68:e4:
         54:c6:fe:34:50:5c:e8:c0:f9:ef:68:fe:8c:3b:76:f8:97:24:
         e2:4a:55:8b:54:9f:a5:b6:b3:35:ae:10:62:c6:a6:f4:8d:80:
         6e:ff:8f:d4:58:f1:37:cd:8c:e1:24:c2:41:a3:44:a9:df:35:
         f3:d0:8b:e3:bd:01:e7:93:82:a0:93:38:80:02:0c:1e:86:ec:
         2c:50:c1:1d:a9:69:5c:21:a3:0e:d3:16:24:ab:85:45:58:7a:
         ce:60:e4:f6:40:bf:c8:95:12:66:fe:63:e3:27:a1:0e:ab:5b:
         a8:93:45:bf:15:cc:7e:f8:95:83:a3:b4:c4:a4:61:64:4e:fa:
         6f:ff:1a:76:15:55:d1:6b:cb:ed:e0:4f:c0:b6:12:9a:45:d9:
         54:d3:9b:8c:fd:39:fa:ad:30:34:d1:42:0f:7e:fa:6a:90:df:
         20:33:86:0c:a7:3c:ae:15:f9:d9:23:c8:76:51:3b:f7:56:06:
         83:29:cd:f2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC0kHwdQYFkDlkVls/DRbFy/ODN8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjEwMDAwMDAwWhcNMjQwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYmI4MmRmM2QxNmZhZDJlZmRjM2JhMGNhZjM2YThlMGQw
ODcwOTA2ZTA3MWNkMTU0OWQ5MzgzM2FjOTJlMjNlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaKfBmSC4SLQEBqyhDHHhvEIeZTTJIPSLTR0gvEOIdxmvp
IIMNsNRMQLF2oSVnmQIfyVNZ8HCWiOBxrcNF4hsWz5hJmKaqYXp8RWDWpSg1A1lp
48xJ4pqYc7wuMGzuW0MEUnXAUs+5FaCDyNqlQsoat4YSbsllwudLEXDSzEtgBRSP
cKM+DagbmvFgPk41+RU7Jf7MjOsSP4B88Rh+P13OT/uwuHRaGXunmcMx3gmCtOf0
RTIKWgv2JknErmIiiNYPrgvZg+r8dGO5NtVhuC6+rTu7ZDdff2fewNHPIiyRF62A
Jc6CY5woo5pRk5Bynh2i1GawSuymiOoZOReAU/wTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIO2e574PxcA/+/uKoTFxuzRAWp4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBmYTAwMDUwLWE4NTYtNDRkZC05ZjdlLTg3OWY3MWQ1OGU2My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHwm8twZ3y7zwlKhIVCEUqeCeHrr
kthUvawMQdtc0x5WjFVWckXpUsPFmUc5443sQd7Xi4UZnOLZHk+rV/9KCiN8UnYg
5H1o5FTG/jRQXOjA+e9o/ow7dviXJOJKVYtUn6W2szWuEGLGpvSNgG7/j9RY8TfN
jOEkwkGjRKnfNfPQi+O9AeeTgqCTOIACDB6G7CxQwR2paVwhow7TFiSrhUVYes5g
5PZAv8iVEmb+Y+MnoQ6rW6iTRb8VzH74lYOjtMSkYWRO+m//GnYVVdFry+3gT8C2
EppF2VTTm4z9OfqtMDTRQg9++mqQ3yAzhgynPK4V+dkjyHZRO/dWBoMpzfI=
-----END CERTIFICATE-----