Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/98dd3707-4c63-4218-b72a-8b568cc69b3d.roa
File:                     98dd3707-4c63-4218-b72a-8b568cc69b3d.roa (raw, json)
Hash identifier:          G6WKjTatHAqb375cOsupFgMUeKbzyj+a2VDTNzpBg/k=
Subject key identifier:   AF:70:13:0B:46:6F:0C:65:84:61:C6:6F:C4:4C:2A:18:FA:42:CC:97
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7CD890F3E75C25AB39ECFFA2160D3EE5144FABAB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/98dd3707-4c63-4218-b72a-8b568cc69b3d.roa
Signing time:             Fri 14 Jul 2023 00:00:00 +0000
ROA not before:           Fri 14 Jul 2023 00:00:00 +0000
ROA not after:            Fri 18 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:d8:90:f3:e7:5c:25:ab:39:ec:ff:a2:16:0d:3e:e5:14:4f:ab:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 14 00:00:00 2023 GMT
            Not After : Aug 18 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b1:91:11:36:f4:01:76:47:fe:b7:c6:d0:f8:
                    b4:77:ee:5c:7a:ab:ed:b9:fc:eb:51:fd:d6:b9:fe:
                    1e:7b:88:09:7b:3c:eb:49:92:04:5d:66:73:fb:81:
                    d9:ac:fe:19:46:f0:51:e5:7c:cb:52:8c:2d:11:29:
                    a9:c3:41:ed:5d:16:32:0b:49:49:65:bb:80:48:29:
                    34:7d:01:90:a0:28:ac:7f:82:2e:c1:75:51:df:db:
                    79:a4:a3:89:d1:89:25:69:18:94:23:e7:e4:07:5b:
                    b5:45:5c:8b:89:0f:1b:2e:39:e1:80:00:c6:f9:69:
                    17:e3:bd:01:09:8b:86:19:1e:38:6e:7f:83:43:c0:
                    d6:95:83:64:f8:17:8f:77:90:3a:ae:01:12:ac:5d:
                    70:83:f1:86:ab:e3:f6:b5:9e:5f:02:84:42:68:1d:
                    e0:32:51:b2:de:5a:5e:57:e8:a8:a1:10:05:3b:e3:
                    6b:71:be:34:ad:11:e5:85:a6:9a:68:a9:16:91:16:
                    e5:be:a6:38:eb:eb:e1:ee:fe:54:36:34:e5:89:9e:
                    c0:0e:fc:cf:10:0d:47:1a:01:3c:14:55:c8:91:e2:
                    b1:f0:24:ce:c0:71:c1:30:64:da:65:6e:aa:40:4b:
                    9e:bb:67:6c:47:65:86:ec:12:c1:4f:b5:af:da:76:
                    47:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:70:13:0B:46:6F:0C:65:84:61:C6:6F:C4:4C:2A:18:FA:42:CC:97
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/98dd3707-4c63-4218-b72a-8b568cc69b3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:89:61:e6:46:6f:f8:88:3a:e2:d0:db:3b:64:07:41:26:17:
         47:bd:51:1b:b3:d9:0b:64:2b:04:be:6e:b4:07:32:63:a7:4b:
         89:e2:a7:a9:2b:ca:c8:0c:80:29:fa:7e:08:d0:a0:b2:60:43:
         5d:b1:6a:e4:0f:5e:4c:1b:b1:01:0f:d7:d7:2d:69:c5:c2:14:
         62:87:0e:79:6b:77:07:52:23:50:1b:6c:47:1f:7a:89:04:58:
         d8:dc:6c:5d:0b:4c:16:52:27:3f:0d:67:a0:c8:67:ba:a6:67:
         aa:df:4e:cd:21:f1:1e:99:36:25:a1:e5:4c:96:d9:be:e8:92:
         c2:13:cb:25:b9:e3:94:c6:be:4f:38:a8:ec:32:d0:12:7f:74:
         0a:9d:2e:98:fe:16:78:c0:14:56:da:c3:61:f9:9d:c1:2c:18:
         96:e6:cd:28:3d:47:7d:46:ee:78:db:1d:97:80:1a:ed:15:71:
         41:b2:6a:00:cf:fb:56:01:a8:36:cc:98:5e:6d:18:34:92:6e:
         7f:0d:ba:fb:6f:ca:d2:34:da:9b:20:df:88:8e:ce:c7:c8:6b:
         9c:a9:b1:3d:d1:8a:ef:9a:dd:07:64:6c:2e:84:1b:a8:4b:b7:
         cb:c4:f9:52:be:12:9c:91:fe:02:c3:bf:db:e7:a1:73:40:87:
         74:21:3f:4c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfNiQ8+dcJas57P+iFg0+5RRPq6swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE0MDAwMDAwWhcNMjMwODE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMWEyNmM2NmM2YTVjMGQzY2U4ZjRjODU1ZWE0Y2UzYjNi
ZjE3NWE2NDc4NzliZmMxMWQ2NmY4M2ExM2NlZTJiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/sZERNvQBdkf+t8bQ+LR37lx6q+25/OtR/da5/h57iAl7
POtJkgRdZnP7gdms/hlG8FHlfMtSjC0RKanDQe1dFjILSUllu4BIKTR9AZCgKKx/
gi7BdVHf23mko4nRiSVpGJQj5+QHW7VFXIuJDxsuOeGAAMb5aRfjvQEJi4YZHjhu
f4NDwNaVg2T4F493kDquARKsXXCD8Yar4/a1nl8ChEJoHeAyUbLeWl5X6KihEAU7
42txvjStEeWFpppoqRaRFuW+pjjr6+Hu/lQ2NOWJnsAO/M8QDUcaATwUVciR4rHw
JM7AccEwZNplbqpAS567Z2xHZYbsEsFPta/adkd7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUr3ATC0ZvDGWEYcZvxEwqGPpCzJcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk4ZGQzNzA3LTRjNjMtNDIxOC1iNzJhLThiNTY4Y2M2OWIzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACWJYeZGb/iIOuLQ2ztkB0EmF0e9
URuz2QtkKwS+brQHMmOnS4nip6krysgMgCn6fgjQoLJgQ12xauQPXkwbsQEP19ct
acXCFGKHDnlrdwdSI1AbbEcfeokEWNjcbF0LTBZSJz8NZ6DIZ7qmZ6rfTs0h8R6Z
NiWh5UyW2b7oksITyyW545TGvk84qOwy0BJ/dAqdLpj+FnjAFFbaw2H5ncEsGJbm
zSg9R31G7njbHZeAGu0VcUGyagDP+1YBqDbMmF5tGDSSbn8NuvtvytI02psg34iO
zsfIa5ypsT3Riu+a3QdkbC6EG6hLt8vE+VK+EpyR/gLDv9vnoXNAh3QhP0w=
-----END CERTIFICATE-----