Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a5b57068-cbec-4573-aec8-656b9b11fb9d.roa
File:                     a5b57068-cbec-4573-aec8-656b9b11fb9d.roa (raw, json)
Hash identifier:          qrmYAB3LOKCa69XlA5j17hGXhDCa7aLwlGV8B2BxRQE=
Subject key identifier:   8C:16:49:B4:FC:8F:59:06:35:0B:CD:EB:BE:A0:3C:30:D6:98:3D:B6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       023982895D00C0F5DE0FD6EC57C60303340E69C9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a5b57068-cbec-4573-aec8-656b9b11fb9d.roa
Signing time:             Tue 27 Jun 2023 00:00:00 +0000
ROA not before:           Tue 27 Jun 2023 00:00:00 +0000
ROA not after:            Tue 01 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:39:82:89:5d:00:c0:f5:de:0f:d6:ec:57:c6:03:03:34:0e:69:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 27 00:00:00 2023 GMT
            Not After : Aug  1 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:f9:a3:52:30:e2:4c:bf:8f:e3:37:71:8c:22:
                    49:4a:10:40:b9:80:da:82:eb:d7:9c:a5:2b:96:65:
                    6c:7f:7f:ab:e3:f8:b9:2c:38:17:16:c0:b8:16:d1:
                    42:73:46:94:47:3b:c9:dd:c1:c0:19:82:5b:85:a1:
                    54:81:23:71:24:13:c3:97:06:d9:6d:5a:62:47:d8:
                    f6:fb:6a:7b:ba:fa:b1:1b:c0:58:ed:27:9f:e6:4d:
                    f8:00:dc:2c:da:fa:c8:f4:57:8b:b3:14:c8:88:49:
                    8f:3a:21:fd:1e:31:35:82:25:fb:3a:14:e9:a2:9e:
                    ad:7b:f6:06:ad:dc:fa:ec:ec:a7:b2:b4:f1:34:fc:
                    75:ef:4b:1a:17:30:f7:8d:4d:ef:7a:21:84:2c:66:
                    1f:c2:86:c1:94:d7:84:08:c7:97:5b:8b:5a:8c:06:
                    9e:d0:55:e6:01:dd:5b:d4:2d:8d:05:4d:e9:de:b9:
                    7e:ce:3c:f3:4f:3f:21:61:a2:bc:03:e3:85:f5:22:
                    57:6c:fe:e9:dd:99:d6:18:e0:50:c7:4d:a3:56:79:
                    2f:37:da:88:e6:3b:e2:15:66:39:2a:a5:79:10:09:
                    48:ce:f0:62:89:6b:96:f1:b1:62:4c:a8:27:26:04:
                    6c:6c:9c:cc:1f:2e:c3:33:33:ae:90:8c:60:20:06:
                    bf:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:16:49:B4:FC:8F:59:06:35:0B:CD:EB:BE:A0:3C:30:D6:98:3D:B6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a5b57068-cbec-4573-aec8-656b9b11fb9d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:a8:3c:40:23:0e:bf:61:97:6f:0a:c9:0f:60:ed:c9:5c:00:
         39:86:77:72:46:1b:40:b6:2a:30:58:2d:40:f5:a2:e9:4a:40:
         44:16:e5:cd:73:66:fd:2b:56:49:b1:99:31:5a:d2:65:b3:c7:
         88:c3:86:50:e8:b2:bc:55:62:eb:ad:83:8f:37:47:6e:40:1b:
         3d:bd:8a:41:17:75:78:b4:b1:11:3c:3f:31:ef:6b:f0:87:cc:
         d0:5e:d7:c3:8f:38:e8:33:89:f9:b1:d9:3a:5e:f9:00:3d:06:
         16:c0:31:c0:70:db:0f:90:b5:8e:12:a0:e9:97:82:14:1a:d9:
         b1:20:72:35:33:74:af:68:c8:1c:ea:55:db:06:7e:fd:80:7b:
         3f:fd:41:0d:31:a6:0d:ec:7b:7f:18:64:50:c5:cd:e4:d1:48:
         bd:a8:e6:65:ec:fe:1f:91:fa:10:3a:25:d8:eb:08:b5:31:c1:
         d2:4f:3b:b9:1e:5b:9e:93:c4:b3:b8:87:f8:f3:90:40:86:0c:
         9b:89:58:24:21:7f:38:7f:5e:fe:de:38:55:f5:2a:65:89:dd:
         0c:76:00:74:f4:6d:19:8a:15:3d:c3:1b:b9:88:c3:cd:9d:b8:
         4a:95:47:f8:0b:94:28:85:de:9b:33:c1:32:58:e0:e8:62:e0:
         eb:d4:99:70
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAjmCiV0AwPXeD9bsV8YDAzQOackwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI3MDAwMDAwWhcNMjMwODAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMmMwZGVkZWRkYmI2MWM2NmJkNTJjYzc4ZTQxMjNkZmUx
YWEwMWIzOTI3ZGUyMjMwM2RiNmY3MDVmMWIyNGNjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDn+aNSMOJMv4/jN3GMIklKEEC5gNqC69ecpSuWZWx/f6vj
+LksOBcWwLgW0UJzRpRHO8ndwcAZgluFoVSBI3EkE8OXBtltWmJH2Pb7anu6+rEb
wFjtJ5/mTfgA3Cza+sj0V4uzFMiISY86If0eMTWCJfs6FOminq179gat3Prs7Key
tPE0/HXvSxoXMPeNTe96IYQsZh/ChsGU14QIx5dbi1qMBp7QVeYB3VvULY0FTene
uX7OPPNPPyFhorwD44X1Ilds/undmdYY4FDHTaNWeS832ojmO+IVZjkqpXkQCUjO
8GKJa5bxsWJMqCcmBGxsnMwfLsMzM66QjGAgBr/vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjBZJtPyPWQY1C83rvqA8MNaYPbYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E1YjU3MDY4LWNiZWMtNDU3My1hZWM4LTY1NmI5YjExZmI5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI+oPEAjDr9hl28KyQ9g7clcADmG
d3JGG0C2KjBYLUD1oulKQEQW5c1zZv0rVkmxmTFa0mWzx4jDhlDosrxVYuutg483
R25AGz29ikEXdXi0sRE8PzHva/CHzNBe18OPOOgzifmx2Tpe+QA9BhbAMcBw2w+Q
tY4SoOmXghQa2bEgcjUzdK9oyBzqVdsGfv2Aez/9QQ0xpg3se38YZFDFzeTRSL2o
5mXs/h+R+hA6JdjrCLUxwdJPO7keW56TxLO4h/jzkECGDJuJWCQhfzh/Xv7eOFX1
KmWJ3Qx2AHT0bRmKFT3DG7mIw82duEqVR/gLlCiF3pszwTJY4Ohi4OvUmXA=
-----END CERTIFICATE-----