Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17256af6-7881-4d4d-a2a7-e2981c44798a.roa
File:                     17256af6-7881-4d4d-a2a7-e2981c44798a.roa (raw, json)
Hash identifier:          0MHBJRkpbv1gZdrXIRGaqTodGEb3zlbr9ORrE9VinPo=
Subject key identifier:   CD:97:83:0D:54:E6:60:80:72:BC:C0:B4:67:3D:4D:4E:79:88:05:AF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4164B4F6C953CF9BF791E10F4687BB45249674E8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17256af6-7881-4d4d-a2a7-e2981c44798a.roa
Signing time:             Sat 09 Sep 2023 00:00:00 +0000
ROA not before:           Sat 09 Sep 2023 00:00:00 +0000
ROA not after:            Sat 14 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:64:b4:f6:c9:53:cf:9b:f7:91:e1:0f:46:87:bb:45:24:96:74:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  9 00:00:00 2023 GMT
            Not After : Oct 14 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4f:98:40:e6:1f:50:65:93:72:c7:1f:af:11:
                    87:36:a0:08:a4:7c:b7:f5:72:77:9f:15:a0:33:ba:
                    28:02:89:f7:bf:16:68:24:02:f4:4f:50:2e:5a:eb:
                    c7:9d:a1:af:41:45:d3:69:d2:a1:4e:68:c2:ec:70:
                    bd:f4:c5:50:03:c1:38:b1:7a:e1:71:5d:47:a5:ad:
                    fa:3a:28:52:d5:3c:73:51:4d:c1:e9:16:7f:d5:10:
                    b5:04:4e:f6:be:4d:1d:d8:f5:e0:dc:fd:26:a0:54:
                    fe:0a:5d:17:38:07:dc:7e:14:51:58:80:a7:b3:ed:
                    9c:c9:7f:b6:7c:10:d3:eb:72:69:54:e9:c9:55:3d:
                    25:ba:d2:bd:4e:91:0e:29:30:db:69:cd:3c:bb:13:
                    91:7f:46:c4:dd:e0:6e:5a:7b:df:07:d8:dc:f7:84:
                    a8:42:6a:e9:3b:75:bb:9e:65:a8:84:b9:f8:af:38:
                    af:cf:e2:f9:c9:e8:41:3b:33:0e:55:f9:49:43:ea:
                    c6:fe:3e:18:2e:34:43:c1:20:db:30:24:35:74:3b:
                    22:cf:ee:be:b7:bd:ae:cf:5d:68:f7:4c:0b:ff:3d:
                    ac:e1:78:b4:34:30:89:e5:8f:b1:7f:0d:ad:32:8f:
                    5a:a3:04:55:fe:21:7c:79:ae:82:b4:b5:13:02:db:
                    8d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:97:83:0D:54:E6:60:80:72:BC:C0:B4:67:3D:4D:4E:79:88:05:AF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17256af6-7881-4d4d-a2a7-e2981c44798a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:86:c1:dc:eb:d5:d6:f8:b7:bb:6e:37:2a:f7:99:69:fa:3d:
         6d:55:ea:6d:02:46:8f:e2:78:f5:cc:c5:38:9f:ba:ea:08:eb:
         5b:9d:71:35:4c:fa:ca:b7:8e:47:68:57:bf:04:75:aa:04:9d:
         1f:93:ff:e1:bd:83:ba:bc:ae:fb:6e:49:24:42:e5:4a:5f:e8:
         d7:f8:2b:51:84:74:29:3d:50:04:7c:95:a7:38:b6:3c:28:d7:
         e5:9c:83:93:06:16:cb:ef:19:1e:b4:fd:75:af:f4:a1:4a:33:
         a5:89:b2:b8:40:93:40:5e:c7:ca:10:76:2d:d8:e0:d3:db:62:
         60:5a:da:25:2a:c0:aa:7d:42:41:51:a7:84:be:a7:bc:6a:82:
         2d:ee:ab:eb:e9:d0:ef:fe:6c:5d:1c:51:d4:8e:1a:41:13:57:
         4f:10:b8:cd:c9:0b:2f:82:f2:9b:fb:0c:38:b6:2e:c2:bb:c5:
         3d:e4:f5:9c:80:b9:d8:f2:ec:5d:3b:bc:a7:62:30:14:f5:f6:
         46:cd:53:68:86:8c:6c:a3:e8:d3:42:20:59:44:e5:2b:b5:70:
         61:5c:e8:28:ab:29:e2:e9:99:df:45:fc:87:cc:8e:5c:1f:5d:
         9e:89:a5:68:69:e6:eb:7e:87:6d:70:4b:85:6b:07:10:f0:d4:
         bd:9e:51:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQWS09slTz5v3keEPRoe7RSSWdOgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA5MDAwMDAwWhcNMjMxMDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzBhMGFlMzVjNWNmMzdlYjc1NDE4ZmIzY2M5ZjE1ZGJm
OWFiYTU1NzNlMzhhZmM4ZDhkMzA4M2I1ODgwOWZhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUT5hA5h9QZZNyxx+vEYc2oAikfLf1cnefFaAzuigCife/
FmgkAvRPUC5a68edoa9BRdNp0qFOaMLscL30xVADwTixeuFxXUelrfo6KFLVPHNR
TcHpFn/VELUETva+TR3Y9eDc/SagVP4KXRc4B9x+FFFYgKez7ZzJf7Z8ENPrcmlU
6clVPSW60r1OkQ4pMNtpzTy7E5F/RsTd4G5ae98H2Nz3hKhCauk7dbueZaiEufiv
OK/P4vnJ6EE7Mw5V+UlD6sb+PhguNEPBINswJDV0OyLP7r63va7PXWj3TAv/Pazh
eLQ0MInlj7F/Da0yj1qjBFX+IXx5roK0tRMC240TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzZeDDVTmYIByvMC0Zz1NTnmIBa8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE3MjU2YWY2LTc4ODEtNGQ0ZC1hMmE3LWUyOTgxYzQ0Nzk4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFCGwdzr1db4t7tuNyr3mWn6PW1V
6m0CRo/iePXMxTifuuoI61udcTVM+sq3jkdoV78EdaoEnR+T/+G9g7q8rvtuSSRC
5Upf6Nf4K1GEdCk9UAR8lac4tjwo1+Wcg5MGFsvvGR60/XWv9KFKM6WJsrhAk0Be
x8oQdi3Y4NPbYmBa2iUqwKp9QkFRp4S+p7xqgi3uq+vp0O/+bF0cUdSOGkETV08Q
uM3JCy+C8pv7DDi2LsK7xT3k9ZyAudjy7F07vKdiMBT19kbNU2iGjGyj6NNCIFlE
5Su1cGFc6CirKeLpmd9F/IfMjlwfXZ6JpWhp5ut+h21wS4VrBxDw1L2eUbg=
-----END CERTIFICATE-----