Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c8f0de18-738d-47d9-93c1-2fac53dd26dc.roa
File:                     c8f0de18-738d-47d9-93c1-2fac53dd26dc.roa (raw, json)
Hash identifier:          GBvACx79IfEOSFgPBKGMMnsZnvHhQbkUjDIKvO4PEx0=
Subject key identifier:   EF:A6:05:AD:05:D0:10:FC:12:44:03:CA:C2:D8:F0:21:F5:73:C0:6E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       549ABE273711079D64B774A854531410CC1E353C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c8f0de18-738d-47d9-93c1-2fac53dd26dc.roa
Signing time:             Fri 07 Jul 2023 00:00:00 +0000
ROA not before:           Fri 07 Jul 2023 00:00:00 +0000
ROA not after:            Fri 11 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:9a:be:27:37:11:07:9d:64:b7:74:a8:54:53:14:10:cc:1e:35:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  7 00:00:00 2023 GMT
            Not After : Aug 11 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4e:d9:7e:9e:47:7d:88:21:cf:bf:77:d3:3a:
                    c7:ca:4c:c0:7a:0d:14:0f:c5:a2:9e:0f:e4:47:33:
                    a2:ad:91:56:59:92:96:3b:e2:05:8e:ff:9f:60:01:
                    3b:36:13:3f:4a:bb:18:9c:9b:09:74:d7:52:2a:df:
                    e7:4c:61:ac:8d:5d:0d:a7:41:48:6d:b5:e4:20:63:
                    9d:a8:cc:6c:fd:35:4f:1e:a8:51:0f:17:8c:11:63:
                    d9:4f:e8:03:24:e5:c2:26:35:34:8c:63:d9:5e:6e:
                    d4:2b:09:b5:09:96:8c:e6:78:11:b3:1b:2c:fc:39:
                    77:7b:a3:60:72:92:a1:c6:7a:56:27:57:1f:5c:8c:
                    02:e9:cc:bf:96:06:b5:a3:ee:da:84:38:75:ff:73:
                    6b:68:35:f3:6d:14:a5:2a:87:b6:85:cf:11:9d:bd:
                    d4:94:e1:91:9e:d9:dc:64:e1:55:bc:6f:28:2e:84:
                    4d:f4:1a:81:40:ce:02:e3:c3:72:27:46:e2:44:43:
                    03:f7:b9:c6:b8:09:dd:a0:e4:37:23:fc:cb:fd:59:
                    d1:db:c0:e3:99:1c:26:32:ea:5f:98:19:c8:9c:e4:
                    97:1e:d6:a1:0f:e6:44:3e:96:b4:d1:3b:61:ec:5a:
                    b7:51:40:78:eb:f8:40:62:06:93:52:89:cf:c6:40:
                    c4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:A6:05:AD:05:D0:10:FC:12:44:03:CA:C2:D8:F0:21:F5:73:C0:6E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c8f0de18-738d-47d9-93c1-2fac53dd26dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:e2:56:a3:be:94:43:a3:40:74:a3:45:bf:04:ff:ae:77:c7:
         0c:36:15:a0:d8:e3:69:ff:d3:da:51:c2:ad:f1:e3:2d:47:13:
         46:71:c3:60:45:da:42:67:e1:a9:05:58:f2:fb:fc:fa:f8:88:
         fb:1a:3e:7c:22:71:8d:de:98:3b:2a:9b:f8:a1:30:48:8d:96:
         d1:97:be:a1:bf:b5:38:dc:5c:9f:3f:69:19:4b:8f:29:85:fd:
         12:8f:da:99:b8:be:6e:34:46:bd:17:27:6e:49:40:85:2f:8d:
         8f:99:0c:4c:e1:a8:11:04:fd:14:42:8f:2f:52:32:3a:1d:bb:
         f3:5e:04:d2:bd:23:95:ed:bf:81:cf:3b:9e:18:9a:8c:b1:90:
         4d:7f:c6:06:6b:81:81:86:45:ed:2b:f7:90:2e:fc:db:b4:ac:
         7c:f0:2b:22:69:5e:cc:31:45:96:31:a2:43:1e:b2:9f:00:c7:
         7b:57:6c:6e:16:e7:18:0b:5c:f4:2d:89:42:8f:7a:21:0c:97:
         7e:50:34:8d:7e:b7:75:38:7a:c1:3d:f8:30:e9:66:31:dd:6b:
         5f:16:28:8d:a3:53:00:35:af:33:4e:71:35:dc:77:76:ec:87:
         ea:c4:d4:00:43:e2:56:a2:eb:0d:54:e5:ec:a1:eb:7b:29:5a:
         7b:09:e3:ee
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVJq+JzcRB51kt3SoVFMUEMweNTwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzA3MDAwMDAwWhcNMjMwODExMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMjAyNGNiOGMyZmY3Y2YxOTY0YjNiNjIwMGRiN2NmZGQw
NDUxNDY2ODA5MzdiYTllNmJlOWVkMTllM2UzYmMzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzTtl+nkd9iCHPv3fTOsfKTMB6DRQPxaKeD+RHM6KtkVZZ
kpY74gWO/59gATs2Ez9Kuxicmwl011Iq3+dMYayNXQ2nQUhtteQgY52ozGz9NU8e
qFEPF4wRY9lP6AMk5cImNTSMY9lebtQrCbUJlozmeBGzGyz8OXd7o2BykqHGelYn
Vx9cjALpzL+WBrWj7tqEOHX/c2toNfNtFKUqh7aFzxGdvdSU4ZGe2dxk4VW8bygu
hE30GoFAzgLjw3InRuJEQwP3uca4Cd2g5Dcj/Mv9WdHbwOOZHCYy6l+YGcic5Jce
1qEP5kQ+lrTRO2HsWrdRQHjr+EBiBpNSic/GQMRVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU76YFrQXQEPwSRAPKwtjwIfVzwG4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2M4ZjBkZTE4LTczOGQtNDdkOS05M2MxLTJmYWM1M2RkMjZkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJDiVqO+lEOjQHSjRb8E/653xww2
FaDY42n/09pRwq3x4y1HE0Zxw2BF2kJn4akFWPL7/Pr4iPsaPnwicY3emDsqm/ih
MEiNltGXvqG/tTjcXJ8/aRlLjymF/RKP2pm4vm40Rr0XJ25JQIUvjY+ZDEzhqBEE
/RRCjy9SMjodu/NeBNK9I5Xtv4HPO54YmoyxkE1/xgZrgYGGRe0r95Au/Nu0rHzw
KyJpXswxRZYxokMesp8Ax3tXbG4W5xgLXPQtiUKPeiEMl35QNI1+t3U4esE9+DDp
ZjHda18WKI2jUwA1rzNOcTXcd3bsh+rE1ABD4lai6w1U5eyh63spWnsJ4+4=
-----END CERTIFICATE-----