Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/46b98053-af6f-4d60-9f1f-7f50e2bb1448.roa
File:                     46b98053-af6f-4d60-9f1f-7f50e2bb1448.roa (raw, json)
Hash identifier:          vhxvUWe0ezqWvpePaogNgEgVFF6tU1FUy2fxhVrQECc=
Subject key identifier:   FB:83:64:E4:D7:1E:7E:C6:B0:8B:2A:98:3F:A0:68:0E:48:2A:BC:70
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7446243B017DE8ED725CA17F128E8898BB1F6D4B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/46b98053-af6f-4d60-9f1f-7f50e2bb1448.roa
Signing time:             Thu 06 Jul 2023 00:00:00 +0000
ROA not before:           Thu 06 Jul 2023 00:00:00 +0000
ROA not after:            Thu 10 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:46:24:3b:01:7d:e8:ed:72:5c:a1:7f:12:8e:88:98:bb:1f:6d:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  6 00:00:00 2023 GMT
            Not After : Aug 10 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:16:fb:0f:5b:da:a3:a5:6a:ee:2e:b5:81:19:
                    be:16:b4:ea:77:4e:e4:b9:16:ca:20:2d:58:d3:8d:
                    43:da:d2:61:e7:14:2a:a2:0f:de:16:dd:cd:34:a9:
                    f8:11:06:48:73:5c:d9:57:cc:95:d7:4f:0d:c0:ac:
                    85:cb:86:65:81:dc:92:0b:02:a2:14:6f:fa:d3:57:
                    d7:6a:c9:35:f6:60:f7:1d:51:03:31:17:46:88:7d:
                    6e:89:be:12:a6:70:4a:a8:ff:f0:a2:ff:70:cd:5d:
                    f5:5a:fa:a2:49:13:dc:49:f6:8e:e8:c2:1c:24:18:
                    ba:1c:aa:f1:2c:eb:c3:c0:00:89:e3:fa:c3:78:92:
                    c4:06:5f:20:b8:24:05:5f:ca:be:3f:87:f6:d4:15:
                    52:2a:22:34:97:99:27:f5:fc:45:45:e1:9e:d0:d2:
                    7b:df:0e:24:34:da:a5:d6:7a:d3:ff:b7:36:10:d1:
                    e3:34:d7:7e:e1:ad:16:31:38:dc:52:89:e7:4b:32:
                    f7:8d:8f:bd:e9:28:f8:dd:cb:11:fc:5a:2d:78:c2:
                    03:ae:1f:dc:b6:23:84:51:f4:77:82:eb:19:38:01:
                    d2:c0:4f:16:c1:41:8a:65:f5:c8:25:ee:c0:20:d0:
                    c5:73:6f:33:f6:25:0c:09:44:36:98:5b:4d:3b:96:
                    0d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:83:64:E4:D7:1E:7E:C6:B0:8B:2A:98:3F:A0:68:0E:48:2A:BC:70
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/46b98053-af6f-4d60-9f1f-7f50e2bb1448.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:be:5b:27:8a:c7:f8:bb:7c:37:04:a3:86:57:b1:5b:67:55:
         46:8c:2d:9a:a2:96:6f:a8:89:20:16:b4:e2:cb:e8:9f:e0:c3:
         d8:a5:91:e6:62:df:07:d5:73:3a:5b:7b:5f:2e:9b:e8:f1:bf:
         3e:ac:b6:b9:6e:27:55:c6:79:dc:83:a2:73:da:8c:73:1a:b0:
         4d:34:db:56:0c:ab:e7:00:d9:e1:60:63:8a:d6:6a:44:54:90:
         19:a5:d0:eb:3c:4b:3d:3b:73:4d:75:26:3d:ff:fb:07:91:05:
         ac:57:e6:8b:22:44:aa:72:ce:9a:77:9f:f7:fb:13:0f:a6:52:
         c9:7f:36:bc:76:10:45:48:61:6b:0d:61:1b:d4:21:2e:17:bd:
         9d:28:e8:36:b4:a1:b5:b8:0b:ea:87:ae:5a:87:6f:51:c8:53:
         06:89:ec:d5:0a:57:ff:71:68:09:34:63:d4:e4:4b:d2:d1:c4:
         19:4d:a6:67:d6:88:8a:72:cd:63:62:45:e1:ed:84:52:41:71:
         2a:15:f5:b6:d7:c8:46:f2:d6:7f:33:87:68:62:b7:15:23:63:
         56:63:ed:d2:8e:e4:ac:b2:5e:99:4f:80:78:e2:9f:ad:cc:97:
         38:0f:c3:78:42:bf:c4:e3:71:a9:0c:36:fd:df:52:67:03:f0:
         0d:29:6c:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdEYkOwF96O1yXKF/Eo6ImLsfbUswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzA2MDAwMDAwWhcNMjMwODEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNzU5ZDU2ZjIxMWI4NzIzZWI5MzIzMWJlMmRhM2ZmNzU0
Mzg4MzFjNzZmOThjY2Q5NjA0ZmVlNDY0YWRmNjczMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoFvsPW9qjpWruLrWBGb4WtOp3TuS5FsogLVjTjUPa0mHn
FCqiD94W3c00qfgRBkhzXNlXzJXXTw3ArIXLhmWB3JILAqIUb/rTV9dqyTX2YPcd
UQMxF0aIfW6JvhKmcEqo//Ci/3DNXfVa+qJJE9xJ9o7owhwkGLocqvEs68PAAInj
+sN4ksQGXyC4JAVfyr4/h/bUFVIqIjSXmSf1/EVF4Z7Q0nvfDiQ02qXWetP/tzYQ
0eM0137hrRYxONxSiedLMveNj73pKPjdyxH8Wi14wgOuH9y2I4RR9HeC6xk4AdLA
TxbBQYpl9cgl7sAg0MVzbzP2JQwJRDaYW007lg2ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+4Nk5NcefsawiyqYP6BoDkgqvHAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ2Yjk4MDUzLWFmNmYtNGQ2MC05ZjFmLTdmNTBlMmJiMTQ0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC++WyeKx/i7fDcEo4ZXsVtnVUaM
LZqilm+oiSAWtOLL6J/gw9ilkeZi3wfVczpbe18um+jxvz6strluJ1XGedyDonPa
jHMasE0021YMq+cA2eFgY4rWakRUkBml0Os8Sz07c011Jj3/+weRBaxX5osiRKpy
zpp3n/f7Ew+mUsl/Nrx2EEVIYWsNYRvUIS4XvZ0o6Da0obW4C+qHrlqHb1HIUwaJ
7NUKV/9xaAk0Y9TkS9LRxBlNpmfWiIpyzWNiReHthFJBcSoV9bbXyEby1n8zh2hi
txUjY1Zj7dKO5KyyXplPgHjin63MlzgPw3hCv8TjcakMNv3fUmcD8A0pbMI=
-----END CERTIFICATE-----