Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1f83e366-a8a7-4447-abb0-f50e56d93b1e.roa
File:                     1f83e366-a8a7-4447-abb0-f50e56d93b1e.roa (raw, json)
Hash identifier:          rPf+nbu/i4i746Yoj9okb6VFkth4c3GAvtYoGBoxfB0=
Subject key identifier:   00:3C:7C:6E:17:27:A6:88:AA:E1:19:CA:0C:80:22:29:25:26:BD:4E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       64C083F42082267AB8619CA5A4C68E057B9A1D9F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1f83e366-a8a7-4447-abb0-f50e56d93b1e.roa
Signing time:             Tue 28 Nov 2023 00:00:00 +0000
ROA not before:           Tue 28 Nov 2023 00:00:00 +0000
ROA not after:            Tue 02 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:c0:83:f4:20:82:26:7a:b8:61:9c:a5:a4:c6:8e:05:7b:9a:1d:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 28 00:00:00 2023 GMT
            Not After : Jan  2 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:51:79:60:63:1d:5b:17:96:70:47:24:ab:fb:
                    14:cc:fc:b8:19:7f:5d:97:6c:f6:9f:d1:f7:73:6e:
                    16:2e:98:fd:55:6d:96:c0:27:1d:2f:cb:89:25:b0:
                    f7:1a:36:f0:70:56:cd:b4:dd:53:a9:4b:8e:71:24:
                    02:81:54:66:35:33:06:a7:ce:51:66:86:10:f4:8a:
                    50:e4:da:cc:74:ea:57:c7:10:36:af:42:42:0d:97:
                    39:7c:49:54:ad:fc:4f:3f:5d:3b:ba:ed:ed:e6:ed:
                    9a:3a:cb:21:1e:92:cb:3d:3c:10:b2:76:72:a9:68:
                    23:60:73:20:f8:1c:ae:4a:7c:b2:e3:94:89:e0:51:
                    0e:21:18:da:f1:3b:a3:fd:c5:72:3e:f7:21:21:29:
                    c7:42:af:b8:72:29:8e:1d:de:ee:34:0e:f4:93:59:
                    0b:0c:e3:8f:5c:fc:71:ba:05:df:14:28:5c:77:cb:
                    f7:d6:03:38:46:51:ae:eb:a7:99:af:3d:14:25:12:
                    e2:23:12:f7:16:17:8a:b0:d2:3f:1c:4d:cf:5c:af:
                    5f:bf:ae:fe:94:b3:76:12:2a:de:da:98:20:f4:43:
                    e9:7f:f8:e0:b3:3a:e7:b8:1d:6b:d7:5e:20:c9:3e:
                    5c:cb:bb:3e:2b:4c:93:da:ed:b0:ba:9a:00:52:75:
                    bd:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:3C:7C:6E:17:27:A6:88:AA:E1:19:CA:0C:80:22:29:25:26:BD:4E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1f83e366-a8a7-4447-abb0-f50e56d93b1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:bc:4f:ec:d3:61:d9:71:2d:98:3a:59:fd:0b:64:e7:1d:82:
         39:74:09:82:f9:0d:18:d9:ee:31:e3:0c:72:3a:2b:84:e5:c6:
         4b:dc:2f:5c:8b:a5:11:13:8d:42:42:09:49:f2:64:7d:8f:a9:
         35:fd:d9:00:be:81:fe:7b:ec:c1:0c:a6:64:57:ea:ee:99:d0:
         92:75:bd:5f:44:3e:10:47:73:bc:31:30:5d:21:75:ab:6f:2f:
         3c:49:49:f1:1e:1c:f1:5c:96:ad:03:dc:65:a4:8a:8e:b9:f0:
         66:36:b8:7f:9c:e2:70:70:33:cd:a2:67:2c:ee:e3:75:43:e8:
         38:fe:58:87:b4:f0:66:01:f0:92:85:c9:ef:fd:2e:ae:99:f2:
         93:41:3d:51:45:5a:ae:a2:51:04:3b:61:2b:4f:c9:34:d9:ee:
         85:48:7d:eb:0a:84:cc:45:50:3f:e1:ac:6e:39:9a:63:ee:7e:
         1f:07:ee:68:a9:e1:98:16:88:70:b9:21:6d:6c:74:80:91:b5:
         f7:c7:2c:9f:7e:0a:4d:09:ee:f1:b3:95:4f:fa:f0:15:86:f2:
         19:35:3f:d2:fa:2f:89:5e:3e:e6:81:e2:d7:45:9b:b8:28:12:
         e0:32:ca:93:cf:52:45:91:60:c6:af:a4:7d:f1:07:5e:88:33:
         d0:8d:92:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZMCD9CCCJnq4YZylpMaOBXuaHZ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTI4MDAwMDAwWhcNMjQwMTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNjBlYjU0ZDNjYjY5NzcwYzhmYTg2YzkxN2VkMmQ4YjUx
OGNjMjJmNjFkM2IyNjI5NDUzNzdhYTFjYTIxODQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkUXlgYx1bF5ZwRySr+xTM/LgZf12XbPaf0fdzbhYumP1V
bZbAJx0vy4klsPcaNvBwVs203VOpS45xJAKBVGY1MwanzlFmhhD0ilDk2sx06lfH
EDavQkINlzl8SVSt/E8/XTu67e3m7Zo6yyEekss9PBCydnKpaCNgcyD4HK5KfLLj
lIngUQ4hGNrxO6P9xXI+9yEhKcdCr7hyKY4d3u40DvSTWQsM449c/HG6Bd8UKFx3
y/fWAzhGUa7rp5mvPRQlEuIjEvcWF4qw0j8cTc9cr1+/rv6Us3YSKt7amCD0Q+l/
+OCzOue4HWvXXiDJPlzLuz4rTJPa7bC6mgBSdb3vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUADx8bhcnpoiq4RnKDIAiKSUmvU4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFmODNlMzY2LWE4YTctNDQ0Ny1hYmIwLWY1MGU1NmQ5M2IxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKW8T+zTYdlxLZg6Wf0LZOcdgjl0
CYL5DRjZ7jHjDHI6K4TlxkvcL1yLpRETjUJCCUnyZH2PqTX92QC+gf577MEMpmRX
6u6Z0JJ1vV9EPhBHc7wxMF0hdatvLzxJSfEeHPFclq0D3GWkio658GY2uH+c4nBw
M82iZyzu43VD6Dj+WIe08GYB8JKFye/9Lq6Z8pNBPVFFWq6iUQQ7YStPyTTZ7oVI
fesKhMxFUD/hrG45mmPufh8H7mip4ZgWiHC5IW1sdICRtffHLJ9+Ck0J7vGzlU/6
8BWG8hk1P9L6L4lePuaB4tdFm7goEuAyypPPUkWRYMavpH3xB16IM9CNko8=
-----END CERTIFICATE-----