Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3161e40b-f363-4ecc-89d4-05f857cf7b56.roa
File:                     3161e40b-f363-4ecc-89d4-05f857cf7b56.roa (raw, json)
Hash identifier:          iOHSkuq7xmO4HAWNB0nhn5tYC5LqbXOExknCaYr8n3Q=
Subject key identifier:   C3:82:6D:AD:2C:55:3A:A6:CC:7E:1A:A7:5F:82:E3:DC:C2:04:81:98
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       481C8CE947A7D1DD0C832C41FABD70BB460E2CBE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3161e40b-f363-4ecc-89d4-05f857cf7b56.roa
Signing time:             Sun 03 Dec 2023 00:00:00 +0000
ROA not before:           Sun 03 Dec 2023 00:00:00 +0000
ROA not after:            Sun 07 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:1c:8c:e9:47:a7:d1:dd:0c:83:2c:41:fa:bd:70:bb:46:0e:2c:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  3 00:00:00 2023 GMT
            Not After : Jan  7 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:02:31:89:c2:7f:20:a2:0b:00:72:0c:95:85:
                    c9:6b:9c:87:6b:76:81:4d:05:7b:53:77:36:bc:e9:
                    c5:e5:16:65:ac:a8:37:f7:6f:cc:23:14:c8:b7:d7:
                    6e:38:8e:54:e8:fc:73:ca:2c:da:73:48:8d:41:31:
                    42:e9:3a:18:f2:18:09:51:6e:d6:63:b9:61:79:74:
                    f5:ef:f0:02:d4:7f:62:2f:a1:fd:d7:5a:41:ef:e7:
                    30:f5:c4:7f:24:28:55:37:47:8e:69:2b:b5:5e:46:
                    a7:bf:56:42:68:a9:db:19:0e:2b:37:1c:dc:11:50:
                    6e:a2:59:e2:62:fb:12:5b:98:57:03:a4:f5:8c:14:
                    15:60:5f:5e:3a:27:0a:66:8d:73:64:b3:2e:f7:a7:
                    07:aa:da:46:dd:ab:fd:8b:9f:07:2f:da:6c:05:1d:
                    d9:f0:b9:17:fc:40:1c:d0:8b:5f:ad:11:95:27:8c:
                    06:cf:4d:53:f6:10:44:28:99:32:c3:7e:91:06:d6:
                    a1:34:aa:ad:f6:a5:47:89:50:fa:ae:5c:25:01:39:
                    64:69:a8:04:26:a0:f8:ec:0a:e5:11:97:46:14:25:
                    5d:95:7d:05:18:b1:a1:a7:5d:ea:40:4c:21:8a:33:
                    ed:bb:83:d7:01:fe:0f:c3:4c:5b:08:aa:5e:28:8d:
                    75:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:82:6D:AD:2C:55:3A:A6:CC:7E:1A:A7:5F:82:E3:DC:C2:04:81:98
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3161e40b-f363-4ecc-89d4-05f857cf7b56.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:db:87:24:f8:85:19:89:d2:55:49:79:b7:94:ff:fc:09:f4:
         49:4e:fe:d7:bf:ad:43:d4:dd:b9:de:06:96:80:5e:d7:5b:f3:
         35:22:ef:13:e2:e2:1f:54:61:d5:89:87:96:8f:cc:ad:a9:8c:
         60:36:02:7f:3f:ef:bf:7b:73:d7:91:d1:8d:fa:d6:03:d8:5b:
         f8:41:ca:f5:fd:ea:45:07:10:a5:76:2a:02:81:d0:b3:11:b0:
         3b:c9:f5:de:30:7b:1a:5d:dd:f6:88:9d:16:f5:b0:ba:36:cb:
         59:87:14:b8:0c:b6:e2:12:79:bb:24:2d:71:f5:f8:57:3f:a3:
         f3:02:2d:e2:35:d1:84:18:51:a6:d4:77:ad:f6:19:94:a2:1c:
         e5:c3:0b:72:28:3d:38:e3:bf:b9:47:d6:b8:65:94:8a:b3:ca:
         e3:b5:30:05:b6:3a:ae:06:8a:56:8a:fa:8d:19:a9:ae:7e:5a:
         83:b0:27:fb:f8:f3:c7:e6:04:9b:8d:f4:d7:ca:5d:e9:a1:37:
         10:d3:58:bb:a8:c8:3f:03:19:ca:50:bb:75:fd:e3:10:e9:cc:
         a3:bd:c5:46:47:6b:e8:d3:f6:74:60:07:24:32:e3:9d:c5:09:
         df:9b:ef:54:f3:59:a3:6d:76:e8:b3:c8:cd:10:d5:74:39:f8:
         96:9e:43:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSByM6Uen0d0MgyxB+r1wu0YOLL4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjAzMDAwMDAwWhcNMjQwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MjNiZGY1M2M1OTMxNDBhYjVkM2RiYTRjYWJkYmQxMDdl
MGVhNGRjMjBhMTYzMDgyNDBiYzhmNTRiNjNhNDg5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIAjGJwn8gogsAcgyVhclrnIdrdoFNBXtTdza86cXlFmWs
qDf3b8wjFMi31244jlTo/HPKLNpzSI1BMULpOhjyGAlRbtZjuWF5dPXv8ALUf2Iv
of3XWkHv5zD1xH8kKFU3R45pK7VeRqe/VkJoqdsZDis3HNwRUG6iWeJi+xJbmFcD
pPWMFBVgX146JwpmjXNksy73pweq2kbdq/2Lnwcv2mwFHdnwuRf8QBzQi1+tEZUn
jAbPTVP2EEQomTLDfpEG1qE0qq32pUeJUPquXCUBOWRpqAQmoPjsCuURl0YUJV2V
fQUYsaGnXepATCGKM+27g9cB/g/DTFsIql4ojXUdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUw4JtrSxVOqbMfhqnX4Lj3MIEgZgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMxNjFlNDBiLWYzNjMtNGVjYy04OWQ0LTA1Zjg1N2NmN2I1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI3bhyT4hRmJ0lVJebeU//wJ9ElO
/te/rUPU3bneBpaAXtdb8zUi7xPi4h9UYdWJh5aPzK2pjGA2An8/7797c9eR0Y36
1gPYW/hByvX96kUHEKV2KgKB0LMRsDvJ9d4wexpd3faInRb1sLo2y1mHFLgMtuIS
ebskLXH1+Fc/o/MCLeI10YQYUabUd632GZSiHOXDC3IoPTjjv7lH1rhllIqzyuO1
MAW2Oq4GilaK+o0Zqa5+WoOwJ/v488fmBJuN9NfKXemhNxDTWLuoyD8DGcpQu3X9
4xDpzKO9xUZHa+jT9nRgByQy453FCd+b71TzWaNtduizyM0Q1XQ5+JaeQ8k=
-----END CERTIFICATE-----