Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c3522bf4-9f0e-49b7-833b-cbd3eecb32ab.roa
File:                     c3522bf4-9f0e-49b7-833b-cbd3eecb32ab.roa (raw, json)
Hash identifier:          N2XrE9FBqdfw6WSABKWtZy2rwKzz2I3RARyXLUyRAw8=
Subject key identifier:   4A:BE:3F:90:2B:00:25:B0:F4:A3:4B:E8:B5:09:38:30:55:C3:2A:40
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       660E1D88D72BFF33928C7431BEEAD9F72E39B523
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c3522bf4-9f0e-49b7-833b-cbd3eecb32ab.roa
Signing time:             Sat 29 Jul 2023 00:00:00 +0000
ROA not before:           Sat 29 Jul 2023 00:00:00 +0000
ROA not after:            Sat 02 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:0e:1d:88:d7:2b:ff:33:92:8c:74:31:be:ea:d9:f7:2e:39:b5:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 29 00:00:00 2023 GMT
            Not After : Sep  2 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4d:94:c9:0e:31:1b:80:19:ef:5c:2a:15:5f:
                    91:50:3e:73:29:98:e8:39:f7:86:51:ee:2a:f6:06:
                    a3:7b:cb:d1:15:c5:fa:48:48:ab:c6:53:e7:8c:72:
                    8a:2a:61:00:37:94:e0:bb:1d:57:74:73:43:b3:05:
                    64:96:d7:4b:b7:4a:00:86:50:70:f8:f3:98:58:7e:
                    11:63:e5:2d:1c:b2:6a:c8:c7:64:79:5a:40:d3:2c:
                    64:9f:1e:70:e3:95:89:a8:0d:ab:76:14:64:68:c4:
                    61:44:26:ef:ef:5f:12:b9:5c:28:11:b2:97:a4:f5:
                    0b:e1:ba:1f:c8:5e:41:90:b4:eb:01:b8:c1:db:c4:
                    86:f9:f9:6b:6b:58:90:96:0c:64:fa:ab:26:21:8b:
                    33:f9:14:a9:4c:33:25:51:50:61:55:5d:8d:3d:f1:
                    13:3d:5a:0a:cb:55:56:b1:1d:41:69:e4:7e:29:f6:
                    f8:fe:ab:2d:22:32:70:5a:80:88:ef:ed:98:db:05:
                    26:c5:35:5e:79:59:fc:23:df:a5:91:c6:40:be:c0:
                    51:24:53:50:f2:7b:d0:b0:e1:45:df:1b:a8:7a:5c:
                    4c:c6:b4:9a:15:9b:16:26:b5:f9:ac:f7:f4:31:7b:
                    a1:f9:80:c9:f2:5b:05:5c:47:ff:33:08:5b:2f:e7:
                    41:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:BE:3F:90:2B:00:25:B0:F4:A3:4B:E8:B5:09:38:30:55:C3:2A:40
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c3522bf4-9f0e-49b7-833b-cbd3eecb32ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:0b:1f:ab:14:29:9c:d0:b9:19:84:e8:6f:01:a0:7b:92:1a:
         94:34:e6:ca:11:85:30:d2:87:e3:f4:c8:b7:8b:80:b2:a4:5e:
         17:da:03:4f:45:a6:95:ef:12:2b:8a:d0:36:c7:05:37:88:09:
         88:96:7c:69:74:ce:97:00:29:4f:97:9a:b1:f7:94:ea:43:93:
         20:5f:e6:59:84:70:6e:bd:f9:ad:f5:d7:98:fe:ec:26:91:fd:
         da:91:10:53:f7:01:af:d1:f1:13:88:1a:8e:e0:70:08:da:09:
         e8:68:0c:16:39:b4:e9:14:56:0d:ab:dc:c5:1c:09:ee:78:07:
         b6:f0:d4:af:ab:62:4d:fa:3a:e8:dc:36:23:51:1a:a0:71:4c:
         ba:78:a9:c7:94:27:cf:5e:63:74:83:d1:e8:ff:a3:cc:28:17:
         b9:6c:f6:c2:00:0f:cc:1a:5e:d0:9a:b8:46:3a:6c:85:7a:38:
         eb:b3:d8:45:02:7a:69:9d:36:f4:dd:9d:0a:c6:b3:5a:cb:aa:
         7c:e1:b2:fa:79:f7:cb:7b:9d:ff:23:f1:35:cb:e3:b5:cf:78:
         70:91:c3:75:ee:b0:9c:4e:d1:d3:69:f9:d0:fa:7c:37:82:c9:
         92:cf:e6:24:a4:03:f5:2b:fe:d4:ba:4e:94:cf:4d:1d:dd:c2:
         5b:d7:6d:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZg4diNcr/zOSjHQxvurZ9y45tSMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzI5MDAwMDAwWhcNMjMwOTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzRiNjUxMWNiYjI3OWQ1MTExMzc1ODAyNTMzODNhNDA4
ZTRlMmU0YzUzM2Y2MTk0MDkzNjZiMGFkOTY4ZTU3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPTZTJDjEbgBnvXCoVX5FQPnMpmOg594ZR7ir2BqN7y9EV
xfpISKvGU+eMcooqYQA3lOC7HVd0c0OzBWSW10u3SgCGUHD485hYfhFj5S0csmrI
x2R5WkDTLGSfHnDjlYmoDat2FGRoxGFEJu/vXxK5XCgRspek9Qvhuh/IXkGQtOsB
uMHbxIb5+WtrWJCWDGT6qyYhizP5FKlMMyVRUGFVXY098RM9WgrLVVaxHUFp5H4p
9vj+qy0iMnBagIjv7ZjbBSbFNV55Wfwj36WRxkC+wFEkU1Dye9Cw4UXfG6h6XEzG
tJoVmxYmtfms9/Qxe6H5gMnyWwVcR/8zCFsv50FVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSr4/kCsAJbD0o0votQk4MFXDKkAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2MzNTIyYmY0LTlmMGUtNDliNy04MzNiLWNiZDNlZWNiMzJhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF8LH6sUKZzQuRmE6G8BoHuSGpQ0
5soRhTDSh+P0yLeLgLKkXhfaA09FppXvEiuK0DbHBTeICYiWfGl0zpcAKU+XmrH3
lOpDkyBf5lmEcG69+a3115j+7CaR/dqREFP3Aa/R8ROIGo7gcAjaCehoDBY5tOkU
Vg2r3MUcCe54B7bw1K+rYk36OujcNiNRGqBxTLp4qceUJ89eY3SD0ej/o8woF7ls
9sIAD8waXtCauEY6bIV6OOuz2EUCemmdNvTdnQrGs1rLqnzhsvp598t7nf8j8TXL
47XPeHCRw3XusJxO0dNp+dD6fDeCyZLP5iSkA/Ur/tS6TpTPTR3dwlvXbfg=
-----END CERTIFICATE-----