Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4862236f-cb14-45a2-b902-c56a0733fb45.roa
File:                     4862236f-cb14-45a2-b902-c56a0733fb45.roa (raw, json)
Hash identifier:          yC8g65Zr1wgp/+4nCqWNCzLWxqQiSC26Bo3W0ccLXh8=
Subject key identifier:   68:B6:61:BC:C0:6B:D3:EA:E3:04:F7:33:34:B2:86:C8:CF:B5:92:A9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1A7476AEC5E757E5F940DE191B71CA93F988F40B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4862236f-cb14-45a2-b902-c56a0733fb45.roa
Signing time:             Fri 15 Sep 2023 00:00:00 +0000
ROA not before:           Fri 15 Sep 2023 00:00:00 +0000
ROA not after:            Fri 20 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:74:76:ae:c5:e7:57:e5:f9:40:de:19:1b:71:ca:93:f9:88:f4:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 15 00:00:00 2023 GMT
            Not After : Oct 20 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:42:a3:fa:25:15:3a:89:fa:15:b1:d4:21:73:
                    8c:df:ae:a3:45:85:c7:40:33:9b:07:57:a4:e3:cb:
                    8b:00:d7:6a:96:08:5a:ce:27:32:72:13:32:d8:73:
                    f8:5c:c9:8d:c9:03:8b:92:7f:5f:92:94:ac:77:09:
                    3f:5c:1c:de:34:1d:38:20:3d:52:0d:b3:1b:f5:17:
                    da:5b:35:e2:fa:61:0e:09:40:53:3c:b5:bd:75:77:
                    02:85:9c:bb:24:3b:f9:00:2e:b6:05:8a:c1:93:ab:
                    86:e3:b6:47:c1:48:bd:7e:57:1e:25:c8:c6:1e:ff:
                    0a:c8:16:8f:b7:70:71:11:ff:c3:2b:7f:81:56:8d:
                    a2:69:57:25:98:be:0a:98:f1:6b:0b:98:f5:0e:78:
                    c1:67:ac:ff:35:8c:f7:52:8d:00:3d:70:dd:72:dd:
                    c2:16:20:a8:5e:15:21:ad:27:01:96:f4:36:0c:0e:
                    a4:24:c4:51:a8:a6:fe:5f:01:19:ef:a7:a0:eb:f9:
                    2d:3f:12:82:3b:87:13:ad:71:89:38:4a:f9:a5:6e:
                    25:39:97:3f:89:1e:8e:3e:54:ce:ab:29:02:3f:0a:
                    05:48:4c:06:3e:24:ca:f9:d5:8e:d6:9c:6a:21:62:
                    49:af:27:74:55:eb:d3:51:e2:f3:b1:82:f2:16:07:
                    87:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:B6:61:BC:C0:6B:D3:EA:E3:04:F7:33:34:B2:86:C8:CF:B5:92:A9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4862236f-cb14-45a2-b902-c56a0733fb45.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:0b:f4:9c:3e:66:b6:3f:82:c7:52:00:56:c4:75:63:43:34:
         0d:1b:bd:df:55:2a:d9:6d:ed:bc:8e:d7:51:e5:16:e1:a7:e3:
         04:07:ea:af:d1:f8:ce:c4:6b:bb:c4:d3:82:89:7a:cf:b6:68:
         33:ef:53:ca:64:3f:5f:2f:12:7c:a0:b4:63:74:f8:8f:ec:a0:
         1e:b5:13:17:97:ea:c7:29:05:d2:c2:26:4c:e9:60:0c:da:dd:
         1a:e3:81:bd:89:69:2d:77:0e:49:f6:7b:36:73:15:41:66:a1:
         6f:19:ae:c7:46:15:51:fd:81:64:ae:06:ca:f1:80:c4:e6:cb:
         a4:2d:c0:bd:df:0f:c6:c2:65:7f:8b:f6:c2:da:eb:bd:0e:e5:
         3c:d3:84:05:2f:da:ad:b1:6e:41:cb:5b:38:bc:c4:58:fa:70:
         57:a5:1a:9f:e4:d9:37:14:ef:58:55:da:89:fe:9f:2e:c1:52:
         ab:63:2a:b3:58:3b:66:61:bb:ce:f3:25:db:fc:88:39:e3:bc:
         26:bb:37:bc:13:b2:33:5b:fa:03:f2:e1:20:e3:75:68:cc:0f:
         f1:c0:0c:8b:c8:87:3a:d2:31:00:8c:51:c4:7c:3a:13:02:bd:
         47:81:d2:24:5d:90:55:39:24:39:d1:f4:87:89:f4:1c:5a:d8:
         c6:10:f2:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGnR2rsXnV+X5QN4ZG3HKk/mI9AswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE1MDAwMDAwWhcNMjMxMDIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiOGU1NmEwZTg5Mjc3OGNlMjQ5NmE0ZjdlY2NkMDMyZThm
NmFhMjVlNDQ1NjFkYmQ3ODgxMzI4OWMzZTc1MDJiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1QqP6JRU6ifoVsdQhc4zfrqNFhcdAM5sHV6Tjy4sA12qW
CFrOJzJyEzLYc/hcyY3JA4uSf1+SlKx3CT9cHN40HTggPVINsxv1F9pbNeL6YQ4J
QFM8tb11dwKFnLskO/kALrYFisGTq4bjtkfBSL1+Vx4lyMYe/wrIFo+3cHER/8Mr
f4FWjaJpVyWYvgqY8WsLmPUOeMFnrP81jPdSjQA9cN1y3cIWIKheFSGtJwGW9DYM
DqQkxFGopv5fARnvp6Dr+S0/EoI7hxOtcYk4SvmlbiU5lz+JHo4+VM6rKQI/CgVI
TAY+JMr51Y7WnGohYkmvJ3RV69NR4vOxgvIWB4eDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaLZhvMBr0+rjBPczNLKGyM+1kqkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ4NjIyMzZmLWNiMTQtNDVhMi1iOTAyLWM1NmEwNzMzZmI0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGEL9Jw+ZrY/gsdSAFbEdWNDNA0b
vd9VKtlt7byO11HlFuGn4wQH6q/R+M7Ea7vE04KJes+2aDPvU8pkP18vEnygtGN0
+I/soB61ExeX6scpBdLCJkzpYAza3Rrjgb2JaS13Dkn2ezZzFUFmoW8ZrsdGFVH9
gWSuBsrxgMTmy6QtwL3fD8bCZX+L9sLa670O5TzThAUv2q2xbkHLWzi8xFj6cFel
Gp/k2TcU71hV2on+ny7BUqtjKrNYO2Zhu87zJdv8iDnjvCa7N7wTsjNb+gPy4SDj
dWjMD/HADIvIhzrSMQCMUcR8OhMCvUeB0iRdkFU5JDnR9IeJ9Bxa2MYQ8sA=
-----END CERTIFICATE-----