Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17efb9cd-8803-4948-ad14-db8938264ef5.roa
File:                     17efb9cd-8803-4948-ad14-db8938264ef5.roa (raw, json)
Hash identifier:          Y0SpYmNvjUq8poV6PYyF+b59GuUGy27FsyJcSjvqX/Q=
Subject key identifier:   E1:A5:0B:94:5B:D2:23:B2:53:1A:9A:BD:03:11:54:62:24:DB:0B:7B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6340A551074D61A54658650A583E18C1346C0DE2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17efb9cd-8803-4948-ad14-db8938264ef5.roa
Signing time:             Fri 16 Jun 2023 00:00:00 +0000
ROA not before:           Fri 16 Jun 2023 00:00:00 +0000
ROA not after:            Fri 21 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:40:a5:51:07:4d:61:a5:46:58:65:0a:58:3e:18:c1:34:6c:0d:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 16 00:00:00 2023 GMT
            Not After : Jul 21 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a0:c3:cd:71:a2:53:d4:88:b0:e8:80:f6:01:
                    dc:9e:48:d2:75:03:0a:1e:ef:2d:31:be:1b:77:82:
                    38:e6:33:0b:18:84:b5:11:64:49:db:6d:bd:3d:04:
                    83:53:e0:65:3a:1e:84:14:91:b8:67:e1:ac:13:09:
                    82:b8:34:f2:0c:1e:21:1e:58:41:41:9b:ae:5a:83:
                    37:1d:e9:ff:38:ba:2d:94:a1:cd:48:c9:0a:f5:f3:
                    45:cc:be:78:4e:f1:2f:eb:77:3c:e6:af:d4:b1:41:
                    ae:dc:37:04:85:90:e1:38:ad:c5:1b:95:71:73:43:
                    9a:8b:f0:7b:d9:f7:2d:b3:35:83:d2:97:9f:d5:09:
                    aa:21:d9:96:68:69:85:ef:d8:55:2c:32:75:55:cf:
                    ed:c4:f2:5a:76:4c:eb:e1:31:3c:b1:84:b6:0a:a1:
                    eb:60:c9:29:1b:85:34:78:76:3e:16:4e:3d:bf:3d:
                    77:ba:1c:81:49:13:f6:33:e8:cc:86:b6:d1:89:dc:
                    77:75:d9:88:00:cd:72:39:7a:63:52:76:0d:6f:7b:
                    45:88:dc:e2:d5:ae:8e:4c:96:90:50:25:48:da:7e:
                    fc:23:5f:71:76:cd:7b:35:81:c7:c3:ef:ca:48:ed:
                    b1:a9:60:bd:b1:3a:ef:0a:2a:ef:f5:66:d8:39:b9:
                    18:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:A5:0B:94:5B:D2:23:B2:53:1A:9A:BD:03:11:54:62:24:DB:0B:7B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17efb9cd-8803-4948-ad14-db8938264ef5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:6c:cb:d5:2d:63:9a:dd:70:14:8b:01:b0:84:2b:a8:99:6b:
         f5:ec:27:5d:5b:b1:c8:86:9a:fc:cd:2a:d8:17:d6:b1:48:c4:
         17:fd:cd:68:e3:81:c2:bb:8c:59:96:86:66:5d:f0:22:52:2f:
         2e:51:29:c3:ec:65:e6:7b:66:cc:59:c2:40:2a:49:1b:93:69:
         3b:25:f9:70:7e:23:6c:ca:3e:0b:99:23:6e:ba:88:04:38:ff:
         10:0c:fc:75:c7:0c:97:09:95:69:7e:16:c7:35:1a:da:bc:99:
         97:f2:cd:92:0e:b2:7d:eb:cd:6e:95:e2:70:61:ea:6b:93:fc:
         3c:aa:3c:7e:24:7f:f7:fb:f5:67:55:a0:59:2d:30:af:9f:12:
         d3:53:ff:c7:c2:a5:99:9e:60:dc:aa:a7:0a:27:90:ac:f7:36:
         87:c2:a2:f4:fe:e3:57:1d:72:d6:d9:96:c8:55:cf:eb:03:4a:
         b2:23:c2:ab:ba:32:97:1a:a6:76:fe:d9:b8:71:55:8f:d4:40:
         fe:09:d9:c5:c1:10:65:8e:19:98:a3:ad:26:32:c2:04:b4:04:
         53:63:32:f3:01:ae:0e:99:27:24:68:be:14:78:01:30:ae:1e:
         8b:95:57:e8:e6:0c:73:df:4a:e3:8c:a3:4a:2b:7e:f3:84:d1:
         e6:d1:8a:80
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY0ClUQdNYaVGWGUKWD4YwTRsDeIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjE2MDAwMDAwWhcNMjMwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMDEwOWMyNDQ0MWIyNGY0OTUzM2I2NDM5NmM4OTdlMDI0
NjdmOGZlMGE4Njg3YTQ0NTNhMmI5NmU4YTE1NWY2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdoMPNcaJT1Iiw6ID2AdyeSNJ1Awoe7y0xvht3gjjmMwsY
hLURZEnbbb09BINT4GU6HoQUkbhn4awTCYK4NPIMHiEeWEFBm65agzcd6f84ui2U
oc1IyQr180XMvnhO8S/rdzzmr9SxQa7cNwSFkOE4rcUblXFzQ5qL8HvZ9y2zNYPS
l5/VCaoh2ZZoaYXv2FUsMnVVz+3E8lp2TOvhMTyxhLYKoetgySkbhTR4dj4WTj2/
PXe6HIFJE/Yz6MyGttGJ3Hd12YgAzXI5emNSdg1ve0WI3OLVro5MlpBQJUjafvwj
X3F2zXs1gcfD78pI7bGpYL2xOu8KKu/1Ztg5uRgLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4aULlFvSI7JTGpq9AxFUYiTbC3swHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE3ZWZiOWNkLTg4MDMtNDk0OC1hZDE0LWRiODkzODI2NGVmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI5sy9UtY5rdcBSLAbCEK6iZa/Xs
J11bsciGmvzNKtgX1rFIxBf9zWjjgcK7jFmWhmZd8CJSLy5RKcPsZeZ7ZsxZwkAq
SRuTaTsl+XB+I2zKPguZI266iAQ4/xAM/HXHDJcJlWl+Fsc1Gtq8mZfyzZIOsn3r
zW6V4nBh6muT/DyqPH4kf/f79WdVoFktMK+fEtNT/8fCpZmeYNyqpwonkKz3NofC
ovT+41cdctbZlshVz+sDSrIjwqu6Mpcapnb+2bhxVY/UQP4J2cXBEGWOGZijrSYy
wgS0BFNjMvMBrg6ZJyRovhR4ATCuHouVV+jmDHPfSuOMo0orfvOE0ebRioA=
-----END CERTIFICATE-----