Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e118e40-c6db-4325-a65a-11ed1826c057.roa
File:                     8e118e40-c6db-4325-a65a-11ed1826c057.roa (raw, json)
Hash identifier:          d7nqPXzQSiJCWUAXDqItVaBAzPr7D3yUzbpNZyN6klQ=
Subject key identifier:   6F:53:31:15:A0:A6:4F:94:53:5E:2C:8C:74:94:DF:DA:60:58:21:72
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5CCEAF71CE7313821268932EDA51D15296E17FF0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e118e40-c6db-4325-a65a-11ed1826c057.roa
Signing time:             Mon 13 Nov 2023 00:00:00 +0000
ROA not before:           Mon 13 Nov 2023 00:00:00 +0000
ROA not after:            Mon 18 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:ce:af:71:ce:73:13:82:12:68:93:2e:da:51:d1:52:96:e1:7f:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 13 00:00:00 2023 GMT
            Not After : Dec 18 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:08:48:d8:e5:43:98:29:79:c4:b2:f4:55:11:
                    63:6a:d3:1b:aa:9a:bb:a3:84:27:0e:5a:a6:8b:95:
                    ab:0c:36:a8:75:16:80:7c:1b:b0:11:22:3e:80:12:
                    b6:03:24:5c:53:4d:05:af:fa:87:ec:8a:d0:96:5d:
                    f2:f5:39:7d:67:d7:f0:55:94:9a:1e:8a:e5:d7:5d:
                    77:a8:48:cf:f9:d1:dc:fa:0c:dd:55:1c:4d:8f:55:
                    51:e8:d9:85:f7:61:f3:2e:ba:be:5a:8f:e8:06:52:
                    2c:db:ce:48:7d:ee:70:3f:60:f2:ed:6f:56:d4:c8:
                    93:5a:5b:6f:f8:ea:09:6e:75:3f:3a:7e:c7:0d:ce:
                    4a:ef:01:78:1e:54:ae:52:4f:53:96:07:5a:45:77:
                    6a:2f:a7:73:10:fb:d5:54:be:e3:22:2d:6b:28:79:
                    a8:0f:5d:3f:c5:a7:a8:bd:33:ef:90:cf:84:a6:bb:
                    53:f5:7d:22:96:a4:be:b0:dc:09:3a:36:52:02:29:
                    eb:5a:79:65:21:f3:23:87:c0:3c:98:d6:ba:a0:69:
                    3c:7f:e2:fc:e9:29:bb:e7:bf:ee:3c:39:99:9b:ac:
                    ea:82:56:58:85:2a:e7:dd:82:a6:87:1d:36:ff:b4:
                    25:6b:5e:19:7c:03:6c:97:70:e3:86:ff:bf:56:eb:
                    0f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:53:31:15:A0:A6:4F:94:53:5E:2C:8C:74:94:DF:DA:60:58:21:72
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e118e40-c6db-4325-a65a-11ed1826c057.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:7f:25:10:ae:8c:a6:08:6b:2f:13:0e:43:29:ad:ed:db:7f:
         16:ca:79:e6:b7:38:32:6e:11:6e:a4:8b:97:d0:3f:6b:7c:80:
         53:a9:a5:69:c6:37:06:3f:15:66:db:ee:31:aa:24:46:12:0d:
         12:21:61:60:f6:9a:66:c6:cf:4a:93:00:07:04:1e:ba:48:6b:
         1e:ec:1c:0a:33:7f:d1:85:4d:d9:6e:a4:8e:97:db:f4:47:95:
         16:04:9f:ac:0f:b8:5e:b7:22:24:1a:eb:ed:22:9a:2b:97:79:
         2a:97:36:2d:3d:e2:6d:78:9e:4d:0e:18:50:39:2c:ca:1a:62:
         c6:ee:10:cb:ce:cd:6c:31:5c:c9:35:c0:17:ca:1b:a6:62:80:
         7f:fe:3a:ce:5d:d9:3f:43:83:b8:4d:49:82:f3:cc:c9:ae:3b:
         74:bb:f4:38:b1:89:06:a9:e2:d4:ff:ba:44:2e:bc:3a:d6:18:
         cd:24:a8:ba:f2:b4:24:48:7c:92:50:d2:41:b0:4c:a9:64:fd:
         3c:d1:50:24:b1:f9:d2:86:4f:5e:f7:21:c5:79:3a:9a:a2:59:
         98:83:d0:ec:c8:e1:7f:c2:8f:b1:aa:42:4d:a8:2f:e5:67:eb:
         67:9c:16:4e:02:9f:ce:11:c2:3d:fb:3d:fe:cb:8d:2c:c4:c2:
         65:a6:bd:77
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXM6vcc5zE4ISaJMu2lHRUpbhf/AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTEzMDAwMDAwWhcNMjMxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZTJkMTQ2YWEzNzVlMGZmMzIyNGY1NWM1ZDkwZjBlY2Rj
N2FkMmQwNGZlYjAxNGNmODgzNzlkNTc1Mjc0Yzg3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8CEjY5UOYKXnEsvRVEWNq0xuqmrujhCcOWqaLlasMNqh1
FoB8G7ARIj6AErYDJFxTTQWv+ofsitCWXfL1OX1n1/BVlJoeiuXXXXeoSM/50dz6
DN1VHE2PVVHo2YX3YfMuur5aj+gGUizbzkh97nA/YPLtb1bUyJNaW2/46gludT86
fscNzkrvAXgeVK5ST1OWB1pFd2ovp3MQ+9VUvuMiLWsoeagPXT/Fp6i9M++Qz4Sm
u1P1fSKWpL6w3Ak6NlICKetaeWUh8yOHwDyY1rqgaTx/4vzpKbvnv+48OZmbrOqC
VliFKufdgqaHHTb/tCVrXhl8A2yXcOOG/79W6w8tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUb1MxFaCmT5RTXiyMdJTf2mBYIXIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhlMTE4ZTQwLWM2ZGItNDMyNS1hNjVhLTExZWQxODI2YzA1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADp/JRCujKYIay8TDkMpre3bfxbK
eea3ODJuEW6ki5fQP2t8gFOppWnGNwY/FWbb7jGqJEYSDRIhYWD2mmbGz0qTAAcE
HrpIax7sHAozf9GFTdlupI6X2/RHlRYEn6wPuF63IiQa6+0imiuXeSqXNi094m14
nk0OGFA5LMoaYsbuEMvOzWwxXMk1wBfKG6ZigH/+Os5d2T9Dg7hNSYLzzMmuO3S7
9DixiQap4tT/ukQuvDrWGM0kqLrytCRIfJJQ0kGwTKlk/TzRUCSx+dKGT173IcV5
OpqiWZiD0OzI4X/Cj7GqQk2oL+Vn62ecFk4Cn84Rwj37Pf7LjSzEwmWmvXc=
-----END CERTIFICATE-----