Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f6dbfcbc-7f6f-476c-88ac-1d21bfc77cf2.roa
File:                     f6dbfcbc-7f6f-476c-88ac-1d21bfc77cf2.roa (raw, json)
Hash identifier:          qincRCz2w2WlnXCG+Iz64D5hhRQOyM+n+LTBf7GWpxc=
Subject key identifier:   CA:B5:70:5A:4A:37:13:70:34:B2:4B:44:AA:30:F5:4F:93:16:89:DD
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       64CF3E8F59316078DDF60527611CEB0E10BF5F2A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f6dbfcbc-7f6f-476c-88ac-1d21bfc77cf2.roa
Signing time:             Wed 08 Nov 2023 00:00:00 +0000
ROA not before:           Wed 08 Nov 2023 00:00:00 +0000
ROA not after:            Wed 13 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:cf:3e:8f:59:31:60:78:dd:f6:05:27:61:1c:eb:0e:10:bf:5f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  8 00:00:00 2023 GMT
            Not After : Dec 13 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ea:8c:6c:6e:85:0c:41:0d:fc:84:59:b6:79:
                    65:a6:4a:b3:36:93:93:a3:0a:87:92:d3:96:10:4e:
                    31:a9:19:e4:bf:98:2a:cd:a2:7b:db:b7:66:58:34:
                    0d:f2:19:aa:28:bc:a4:11:66:ad:f4:48:a0:a0:0e:
                    33:50:12:57:44:3e:99:f9:86:46:cd:3a:37:45:9c:
                    84:ab:a5:68:b5:9c:81:5b:7c:82:61:4d:d2:3b:df:
                    5e:44:10:db:35:c5:6a:c5:9c:eb:4b:1c:5d:ea:ff:
                    58:26:72:3d:5a:51:29:81:b2:5b:40:d8:ea:01:6e:
                    c4:c2:36:4d:0a:ee:a8:6d:77:69:8e:8f:9b:8f:da:
                    f9:55:02:53:8f:45:c7:e3:cc:e1:e0:c7:b7:d7:85:
                    2d:14:27:15:c1:cb:2f:94:72:b1:ea:bf:37:1e:4a:
                    6b:61:b9:b4:86:8d:68:12:5b:f3:9f:8d:6b:9e:db:
                    5c:da:3f:ae:e9:f9:20:ab:44:59:99:d0:1c:9f:8a:
                    10:a2:2b:81:33:8f:81:32:0b:67:53:74:56:ed:c6:
                    46:5a:06:a8:e0:f2:d1:e6:98:10:ce:1e:a1:b8:a6:
                    54:2a:49:bb:67:bc:e9:af:2c:15:3c:21:8b:28:9a:
                    7e:be:40:10:49:4f:fe:cd:e8:4b:8a:7f:09:cf:5c:
                    88:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:B5:70:5A:4A:37:13:70:34:B2:4B:44:AA:30:F5:4F:93:16:89:DD
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f6dbfcbc-7f6f-476c-88ac-1d21bfc77cf2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:a1:2c:c4:39:45:05:ef:06:d0:6f:c6:79:06:7b:b6:f2:38:
         a7:10:bd:85:83:40:02:59:61:f9:97:b3:e0:c3:9d:ff:67:b4:
         8f:ac:52:16:3b:2b:65:81:51:5c:54:c6:ce:b1:4e:2d:0d:73:
         fc:a3:48:5e:1f:5c:8b:ab:48:b4:44:14:23:f6:3c:89:3c:4f:
         f2:f8:1a:3e:eb:4e:15:d7:0b:f2:1f:76:b7:88:3f:1c:56:38:
         db:a9:a5:ca:a2:a9:81:fe:25:b0:4e:34:10:08:6d:42:95:05:
         37:12:96:bd:e9:47:db:87:78:68:84:2d:1d:d8:a7:ea:c2:88:
         15:b9:d3:18:1c:8f:60:bf:3a:4b:3f:ef:53:db:9a:58:a3:24:
         5a:2a:80:73:bd:8c:01:91:1b:91:e2:dc:db:a7:a1:54:c3:2e:
         18:dd:42:bb:70:b0:cc:7e:93:36:09:92:64:6d:08:6e:be:64:
         e8:53:9f:b4:31:97:47:db:84:59:ca:43:d2:ab:0a:4e:c1:48:
         08:71:3b:bf:99:46:c4:bd:c4:c0:ee:8a:3f:e0:b0:8c:74:de:
         0b:53:99:f5:a2:80:e7:26:d9:6b:07:b0:e4:7b:bb:43:69:18:
         63:ae:a0:2c:7f:4c:8d:f2:9e:15:ac:42:d9:77:b3:2f:85:50:
         91:9b:30:7e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZM8+j1kxYHjd9gUnYRzrDhC/XyowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA4MDAwMDAwWhcNMjMxMjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTliOWJkZmI2YTNiOWYzMDFiZTY2ZThkYzAxMzg0N2U0
ZDdiMDNhZGNiMzdkNmFkYjAzOGM3ZTNmODJkNTJmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz6oxsboUMQQ38hFm2eWWmSrM2k5OjCoeS05YQTjGpGeS/
mCrNonvbt2ZYNA3yGaoovKQRZq30SKCgDjNQEldEPpn5hkbNOjdFnISrpWi1nIFb
fIJhTdI7315EENs1xWrFnOtLHF3q/1gmcj1aUSmBsltA2OoBbsTCNk0K7qhtd2mO
j5uP2vlVAlOPRcfjzOHgx7fXhS0UJxXByy+UcrHqvzceSmthubSGjWgSW/OfjWue
21zaP67p+SCrRFmZ0ByfihCiK4Ezj4EyC2dTdFbtxkZaBqjg8tHmmBDOHqG4plQq
SbtnvOmvLBU8IYsomn6+QBBJT/7N6EuKfwnPXIiZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyrVwWko3E3A0sktEqjD1T5MWid0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y2ZGJmY2JjLTdmNmYtNDc2Yy04OGFjLTFkMjFiZmM3N2NmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKihLMQ5RQXvBtBvxnkGe7byOKcQ
vYWDQAJZYfmXs+DDnf9ntI+sUhY7K2WBUVxUxs6xTi0Nc/yjSF4fXIurSLREFCP2
PIk8T/L4Gj7rThXXC/IfdreIPxxWONuppcqiqYH+JbBONBAIbUKVBTcSlr3pR9uH
eGiELR3Yp+rCiBW50xgcj2C/Oks/71PbmlijJFoqgHO9jAGRG5Hi3NunoVTDLhjd
QrtwsMx+kzYJkmRtCG6+ZOhTn7Qxl0fbhFnKQ9KrCk7BSAhxO7+ZRsS9xMDuij/g
sIx03gtTmfWigOcm2WsHsOR7u0NpGGOuoCx/TI3ynhWsQtl3sy+FUJGbMH4=
-----END CERTIFICATE-----