Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e07fecb0-9205-4116-81c7-942a26229fd9.roa
File:                     e07fecb0-9205-4116-81c7-942a26229fd9.roa (raw, json)
Hash identifier:          kWwCAUiGSVbFB190g8UL8u+PScrZiRhiUPyim3PbepM=
Subject key identifier:   37:6B:F3:41:9C:32:8E:2A:DF:6D:5E:F5:14:00:08:9B:06:E5:7F:DE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       282041131A37DF8F823A3AEF3B7DE93B7CE6D593
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e07fecb0-9205-4116-81c7-942a26229fd9.roa
Signing time:             Thu 19 Oct 2023 00:00:00 +0000
ROA not before:           Thu 19 Oct 2023 00:00:00 +0000
ROA not after:            Thu 23 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:20:41:13:1a:37:df:8f:82:3a:3a:ef:3b:7d:e9:3b:7c:e6:d5:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 19 00:00:00 2023 GMT
            Not After : Nov 23 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:47:bf:c0:80:23:ad:ca:91:4b:39:df:4d:dc:
                    bd:97:6a:f1:6b:9f:a1:d8:0f:28:b9:c7:7d:97:08:
                    45:fa:c9:57:5f:96:55:3a:54:ac:dd:dc:e1:26:e7:
                    2a:34:ab:bf:c5:a4:a0:bf:f0:b9:93:96:ca:93:a6:
                    be:e5:a7:16:aa:4c:ec:85:9d:07:1d:27:65:b2:4e:
                    22:b2:a1:fb:c9:ae:71:46:4f:32:e1:b1:be:d0:22:
                    30:38:ff:d2:d4:cb:e0:9b:56:63:fe:9b:15:3a:2f:
                    36:c3:ec:2e:4a:86:ba:61:b8:1f:16:86:51:8e:f2:
                    5c:ac:b8:b7:43:d7:85:34:99:7f:d2:a7:c1:01:32:
                    1a:24:54:3d:5b:d7:90:25:e7:9d:fb:33:e7:cb:2e:
                    7a:f0:7e:36:3a:02:bc:b6:bc:c8:ad:af:5e:a7:08:
                    e8:33:69:53:0f:44:0f:71:95:a1:18:7c:ed:01:ff:
                    eb:45:2c:4b:49:34:a0:0e:e0:82:9f:79:b2:c1:57:
                    04:c1:3d:9f:40:fa:2b:3a:cf:7d:32:01:4c:12:b2:
                    03:84:26:08:69:3f:c8:dc:f4:aa:2d:db:02:b9:12:
                    ff:07:cb:08:40:7d:c0:82:b3:9b:da:77:d1:ba:3d:
                    ef:0d:16:f3:bd:10:58:c5:cf:d6:e6:80:c9:ee:f7:
                    44:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6B:F3:41:9C:32:8E:2A:DF:6D:5E:F5:14:00:08:9B:06:E5:7F:DE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e07fecb0-9205-4116-81c7-942a26229fd9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:8b:9a:13:35:10:42:88:8a:27:bc:36:50:88:39:65:f5:93:
         a1:d6:9e:88:e5:83:28:93:32:cd:b6:6e:45:43:bc:6b:4a:cb:
         ca:71:0d:0a:e0:b5:bd:da:cc:8d:0c:41:6a:18:a1:b0:56:b0:
         a0:0f:6a:b0:d4:1d:60:a0:84:50:5d:8c:bf:b0:59:e6:48:22:
         49:b3:01:12:23:9a:5b:91:17:cc:49:aa:fd:99:3d:bf:f5:4c:
         37:79:d2:87:d4:6c:7f:15:d8:73:60:95:15:aa:dd:7e:87:82:
         10:b6:77:59:42:86:46:67:c5:55:bb:aa:cf:f7:27:72:01:32:
         ff:0c:3b:61:9b:5d:bf:1d:f0:a2:5e:0c:bb:d0:20:90:b3:79:
         05:e9:74:69:71:4a:bd:67:9d:01:c7:ca:75:dc:2d:d4:f2:19:
         57:ca:34:68:7c:58:f3:10:a3:5e:d1:20:e5:ab:e3:3b:85:bc:
         02:95:28:0e:3d:ea:61:1a:21:a3:43:93:88:5e:77:45:0b:0a:
         7a:81:63:a2:8f:ea:1b:d0:2a:5c:2b:c9:36:89:04:28:9a:64:
         1a:7e:e1:95:c6:06:f6:94:e4:10:78:91:f4:7d:6b:4e:6f:33:
         6a:01:2f:12:97:cd:65:9b:11:cc:df:d7:61:80:10:82:ba:ba:
         ff:df:b6:9f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKCBBExo334+COjrvO33pO3zm1ZMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE5MDAwMDAwWhcNMjMxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmODM0ODdkNzY3YzE5NmViNWI5ODliZTcxODhkYzZhYTBj
MmY1OTBlMGI2YmRhMTY5MWE4NDgwODUxNGY3ZGRjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrR7/AgCOtypFLOd9N3L2XavFrn6HYDyi5x32XCEX6yVdf
llU6VKzd3OEm5yo0q7/FpKC/8LmTlsqTpr7lpxaqTOyFnQcdJ2WyTiKyofvJrnFG
TzLhsb7QIjA4/9LUy+CbVmP+mxU6LzbD7C5KhrphuB8WhlGO8lysuLdD14U0mX/S
p8EBMhokVD1b15Al5537M+fLLnrwfjY6Ary2vMitr16nCOgzaVMPRA9xlaEYfO0B
/+tFLEtJNKAO4IKfebLBVwTBPZ9A+is6z30yAUwSsgOEJghpP8jc9Kot2wK5Ev8H
ywhAfcCCs5vad9G6Pe8NFvO9EFjFz9bmgMnu90R9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUN2vzQZwyjirfbV71FAAImwblf94wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2UwN2ZlY2IwLTkyMDUtNDExNi04MWM3LTk0MmEyNjIyOWZkOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACqLmhM1EEKIiie8NlCIOWX1k6HW
nojlgyiTMs22bkVDvGtKy8pxDQrgtb3azI0MQWoYobBWsKAParDUHWCghFBdjL+w
WeZIIkmzARIjmluRF8xJqv2ZPb/1TDd50ofUbH8V2HNglRWq3X6HghC2d1lChkZn
xVW7qs/3J3IBMv8MO2GbXb8d8KJeDLvQIJCzeQXpdGlxSr1nnQHHynXcLdTyGVfK
NGh8WPMQo17RIOWr4zuFvAKVKA496mEaIaNDk4hed0ULCnqBY6KP6hvQKlwryTaJ
BCiaZBp+4ZXGBvaU5BB4kfR9a05vM2oBLxKXzWWbEczf12GAEIK6uv/ftp8=
-----END CERTIFICATE-----