Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1c4829a7-54da-45fd-862c-26e0bc8e6fe4.roa
File:                     1c4829a7-54da-45fd-862c-26e0bc8e6fe4.roa (raw, json)
Hash identifier:          3G23NbOOQrxKxns/pjAGUCx4GE30o5Lw69fh0qyhQcI=
Subject key identifier:   C9:5B:94:9E:1D:8C:56:5D:8A:E5:33:CA:04:1D:79:DF:8B:91:90:6A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       038AD4E5598902171A71CA1B65BDF630E5BF8083
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1c4829a7-54da-45fd-862c-26e0bc8e6fe4.roa
Signing time:             Thu 22 Jun 2023 00:00:00 +0000
ROA not before:           Thu 22 Jun 2023 00:00:00 +0000
ROA not after:            Thu 27 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:8a:d4:e5:59:89:02:17:1a:71:ca:1b:65:bd:f6:30:e5:bf:80:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 22 00:00:00 2023 GMT
            Not After : Jul 27 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:56:0e:54:07:20:90:47:00:e9:f8:b8:85:73:
                    30:a7:85:1f:1b:1f:e8:05:3a:7f:77:38:34:0e:a9:
                    b4:12:55:c0:50:1e:b8:51:18:f5:48:0f:64:fd:d5:
                    cb:84:33:98:ed:8a:1f:7f:72:e2:82:ce:bd:66:57:
                    dc:d7:b7:b6:ed:7c:b9:5c:1b:fe:57:72:37:8e:55:
                    d7:46:f7:1c:03:a7:f2:b8:47:2b:d1:4e:ba:99:f3:
                    67:f5:46:ac:a3:a3:81:88:ea:75:a4:20:5b:47:26:
                    72:bf:06:81:f6:b6:2b:fa:65:e3:5e:e8:29:ab:07:
                    b2:43:3f:02:28:f3:e5:5e:72:85:3f:bb:b8:59:b1:
                    b4:67:19:93:b4:ec:1b:b1:d7:ed:a1:95:53:a5:8c:
                    64:15:d2:6f:9d:39:99:8a:28:f0:b4:7b:4f:79:f0:
                    64:f7:94:d0:d9:05:74:ff:b4:d2:60:49:bc:ee:b3:
                    dd:e5:db:10:80:e6:96:2f:c4:1c:c9:6d:6a:5c:ed:
                    11:9b:c3:93:ac:25:d7:90:cc:0f:73:b6:63:22:6d:
                    63:c9:3d:b3:07:1b:13:4c:e1:a2:a1:96:c7:e7:76:
                    77:30:b4:32:95:0a:e6:50:16:7e:76:7a:72:fa:d9:
                    64:ad:39:07:60:c8:2a:8c:89:3a:67:d0:e8:1c:2f:
                    8a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:5B:94:9E:1D:8C:56:5D:8A:E5:33:CA:04:1D:79:DF:8B:91:90:6A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1c4829a7-54da-45fd-862c-26e0bc8e6fe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:54:46:52:c9:dd:30:e9:57:e5:6d:2f:1b:5b:8e:de:a3:0f:
         b5:74:23:6e:5f:96:dc:9a:9c:4d:1b:4d:d1:19:5c:cd:ef:4b:
         ca:ac:48:15:f8:8a:6c:0c:c8:13:65:fd:85:14:e4:b4:d5:51:
         10:16:56:0b:41:fe:0b:7b:05:9b:13:cf:f1:4e:f0:5d:04:aa:
         2c:ce:ca:74:d2:ed:df:f4:bb:ef:ce:1d:ad:7f:5c:8f:e0:cb:
         26:89:71:b8:f4:41:9b:02:d4:28:e5:df:0d:67:06:49:05:cd:
         de:01:60:aa:fc:ce:c7:26:df:44:f9:55:2b:75:d7:f1:cb:1e:
         ca:58:65:33:4e:cf:ec:b5:54:c6:65:85:0a:b1:bd:8d:f8:33:
         bf:f5:46:99:94:43:03:f0:88:d3:2b:c2:7d:d5:90:f6:69:b8:
         85:ef:ea:ae:a7:d8:cc:d1:55:f5:f5:c4:1d:05:b0:39:a9:e0:
         7a:6d:dc:8f:60:f9:12:52:8b:ef:1d:cb:2f:5f:74:e6:48:2a:
         86:ee:b0:ce:e7:20:b5:27:8c:ef:bc:d5:ce:b3:4e:24:04:4e:
         db:f9:1d:89:5a:44:7b:6f:91:5a:c9:e2:f8:fc:17:8c:57:03:
         18:d7:7e:95:32:65:c4:fd:04:24:3c:d4:6b:8f:9a:43:e6:40:
         42:88:0c:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA4rU5VmJAhcaccobZb32MOW/gIMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjIyMDAwMDAwWhcNMjMwNzI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiOTAxNTFlMGY1MjgzNWZlYmJmZDU2YjQ4Zjc3ZTY1YmY4
ZWY2NWVhNzk2MWNhZTAxOTI4YzMxMWE0MTQ0OTQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbVg5UByCQRwDp+LiFczCnhR8bH+gFOn93ODQOqbQSVcBQ
HrhRGPVID2T91cuEM5jtih9/cuKCzr1mV9zXt7btfLlcG/5XcjeOVddG9xwDp/K4
RyvRTrqZ82f1Rqyjo4GI6nWkIFtHJnK/BoH2tiv6ZeNe6CmrB7JDPwIo8+VecoU/
u7hZsbRnGZO07Bux1+2hlVOljGQV0m+dOZmKKPC0e0958GT3lNDZBXT/tNJgSbzu
s93l2xCA5pYvxBzJbWpc7RGbw5OsJdeQzA9ztmMibWPJPbMHGxNM4aKhlsfndncw
tDKVCuZQFn52enL62WStOQdgyCqMiTpn0OgcL4rhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyVuUnh2MVl2K5TPKBB1534uRkGowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFjNDgyOWE3LTU0ZGEtNDVmZC04NjJjLTI2ZTBiYzhlNmZlNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD9URlLJ3TDpV+VtLxtbjt6jD7V0
I25fltyanE0bTdEZXM3vS8qsSBX4imwMyBNl/YUU5LTVURAWVgtB/gt7BZsTz/FO
8F0EqizOynTS7d/0u+/OHa1/XI/gyyaJcbj0QZsC1Cjl3w1nBkkFzd4BYKr8zscm
30T5VSt11/HLHspYZTNOz+y1VMZlhQqxvY34M7/1RpmUQwPwiNMrwn3VkPZpuIXv
6q6n2MzRVfX1xB0FsDmp4Hpt3I9g+RJSi+8dyy9fdOZIKobusM7nILUnjO+81c6z
TiQETtv5HYlaRHtvkVrJ4vj8F4xXAxjXfpUyZcT9BCQ81GuPmkPmQEKIDGY=
-----END CERTIFICATE-----