Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7126a061-5d81-4cc1-9a53-b45ee9848ee4.roa
File:                     7126a061-5d81-4cc1-9a53-b45ee9848ee4.roa (raw, json)
Hash identifier:          QwGI+1ial/sZ8hwWJ7zgiW0H4qjrpyX6pfa19WaJ2tc=
Subject key identifier:   F9:28:7A:6F:D5:0B:74:DD:7F:D2:4A:F9:04:17:C2:38:36:29:33:CF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       10B042AE7E9BD5CD91EDB7E0201724DFE59369ED
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7126a061-5d81-4cc1-9a53-b45ee9848ee4.roa
Signing time:             Fri 28 Jul 2023 00:00:00 +0000
ROA not before:           Fri 28 Jul 2023 00:00:00 +0000
ROA not after:            Fri 01 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:b0:42:ae:7e:9b:d5:cd:91:ed:b7:e0:20:17:24:df:e5:93:69:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 28 00:00:00 2023 GMT
            Not After : Sep  1 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:5b:f2:9c:94:a7:d6:dc:06:32:fd:6f:b7:c8:
                    b1:c6:c2:bb:dd:29:ea:fb:d0:11:40:6b:b2:68:7b:
                    80:6e:8d:ea:ee:82:fd:92:7c:64:4f:13:33:f8:a8:
                    3c:72:da:79:40:cf:58:de:1c:a0:9c:a0:41:ea:00:
                    33:9e:f8:62:94:dc:00:ca:7a:60:fc:c3:7a:a9:83:
                    b0:5b:50:2c:05:af:1c:a6:70:50:fe:1e:e1:fd:34:
                    04:54:ba:55:aa:e6:a0:0c:72:88:e0:23:4b:c0:dc:
                    e6:2e:8f:a1:02:c9:9a:f3:fa:ea:e2:42:10:10:f0:
                    d8:93:92:25:e7:1d:2a:1e:8e:c4:c1:9e:6a:a0:93:
                    fe:da:3c:a4:1c:25:b9:35:3c:72:cb:d5:39:f6:71:
                    1e:90:49:79:9d:fb:e7:70:b9:a3:2d:1e:8f:66:6a:
                    3b:78:a6:47:48:36:9a:72:34:60:a1:17:8c:22:7a:
                    93:cd:b9:bf:b2:19:37:f9:70:ff:d1:0d:c2:e3:c6:
                    47:e3:65:4a:52:9b:1a:d1:24:a3:db:ba:d9:0f:11:
                    d6:23:7c:19:8b:c2:7d:fd:90:99:d3:38:4d:fc:d1:
                    a7:1e:8e:ea:e5:bb:60:1b:0e:4f:b2:50:a2:7c:54:
                    75:1d:d4:31:8d:9f:05:6f:23:ab:8e:5c:43:c8:b2:
                    d5:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:28:7A:6F:D5:0B:74:DD:7F:D2:4A:F9:04:17:C2:38:36:29:33:CF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7126a061-5d81-4cc1-9a53-b45ee9848ee4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:6a:f6:69:c5:49:e9:0d:86:3d:55:d1:02:30:1d:36:37:f5:
         5f:db:a5:f4:7d:e1:64:2f:df:47:59:9a:d0:0f:fb:14:29:6b:
         58:00:b8:67:5f:c3:bc:1e:ca:61:ef:3c:de:49:9d:3c:e3:a4:
         fc:c8:92:5c:a2:7c:5c:d9:90:be:73:f4:c4:19:ce:bb:47:10:
         c2:7f:18:cd:b0:e2:1b:96:9f:67:91:75:c7:e3:3a:5a:55:36:
         f2:1f:56:7a:e6:9c:63:95:75:32:93:38:c2:40:7c:55:79:d2:
         78:a7:d0:ee:ba:23:08:87:6c:9e:cd:67:f4:9b:7b:b0:16:93:
         74:91:4f:82:e7:6e:b7:1e:bd:c3:ac:7e:24:d7:e8:6f:a6:b0:
         13:05:a2:83:fb:7b:c6:90:40:55:39:83:e5:20:a5:9d:52:27:
         8d:c0:95:36:17:12:9c:14:42:57:7f:82:b0:3a:a7:08:8a:e9:
         3e:3a:17:69:bb:be:2b:26:b1:af:02:7f:6e:99:89:bb:9d:5b:
         9a:02:6e:bc:4f:c4:13:d2:e2:11:96:4a:d6:5d:3e:93:f1:e7:
         57:52:93:d8:1c:bc:5e:a2:27:f5:43:5b:55:7b:98:40:5a:af:
         81:eb:24:12:34:0e:c4:35:88:e7:5d:13:cc:29:c5:be:8b:20:
         c5:d0:04:b0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUELBCrn6b1c2R7bfgIBck3+WTae0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzI4MDAwMDAwWhcNMjMwOTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjUyNzIwYmVhOGFjNjZhYjI4NThiM2MwNWFhMDQ5NjJj
YmI5NTk5MGFlMGQzNzYyOGUzNmZhNTU3NjkzZjlkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWW/KclKfW3AYy/W+3yLHGwrvdKer70BFAa7Joe4Bujeru
gv2SfGRPEzP4qDxy2nlAz1jeHKCcoEHqADOe+GKU3ADKemD8w3qpg7BbUCwFrxym
cFD+HuH9NARUulWq5qAMcojgI0vA3OYuj6ECyZrz+uriQhAQ8NiTkiXnHSoejsTB
nmqgk/7aPKQcJbk1PHLL1Tn2cR6QSXmd++dwuaMtHo9majt4pkdINppyNGChF4wi
epPNub+yGTf5cP/RDcLjxkfjZUpSmxrRJKPbutkPEdYjfBmLwn39kJnTOE380ace
jurlu2AbDk+yUKJ8VHUd1DGNnwVvI6uOXEPIstXxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+Sh6b9ULdN1/0kr5BBfCODYpM88wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcxMjZhMDYxLTVkODEtNGNjMS05YTUzLWI0NWVlOTg0OGVlNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAVq9mnFSekNhj1V0QIwHTY39V/b
pfR94WQv30dZmtAP+xQpa1gAuGdfw7weymHvPN5JnTzjpPzIklyifFzZkL5z9MQZ
zrtHEMJ/GM2w4huWn2eRdcfjOlpVNvIfVnrmnGOVdTKTOMJAfFV50nin0O66IwiH
bJ7NZ/Sbe7AWk3SRT4LnbrcevcOsfiTX6G+msBMFooP7e8aQQFU5g+UgpZ1SJ43A
lTYXEpwUQld/grA6pwiK6T46F2m7vismsa8Cf26ZibudW5oCbrxPxBPS4hGWStZd
PpPx51dSk9gcvF6iJ/VDW1V7mEBar4HrJBI0DsQ1iOddE8wpxb6LIMXQBLA=
-----END CERTIFICATE-----