Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f9cd2109-6829-4bf4-ae52-44ddee546837.roa
File:                     f9cd2109-6829-4bf4-ae52-44ddee546837.roa (raw, json)
Hash identifier:          D9hZplraaLs4mDZAArieSa9jAcJJ5hYA+Ht+KjQGarc=
Subject key identifier:   7C:32:71:84:EB:49:3C:68:39:2E:3F:5D:C4:D0:17:4F:1C:5D:93:7F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5BF2BE6C4C75209D182B4BCF58699E5DE5135F2C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f9cd2109-6829-4bf4-ae52-44ddee546837.roa
Signing time:             Fri 18 Aug 2023 00:00:00 +0000
ROA not before:           Fri 18 Aug 2023 00:00:00 +0000
ROA not after:            Fri 22 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:f2:be:6c:4c:75:20:9d:18:2b:4b:cf:58:69:9e:5d:e5:13:5f:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 18 00:00:00 2023 GMT
            Not After : Sep 22 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6a:8b:fb:37:e3:9c:c7:af:7c:90:d7:15:75:
                    2a:ed:85:6d:6c:f3:78:e7:1d:bc:d4:90:61:6e:40:
                    00:85:bf:75:16:0d:68:56:86:de:fe:b0:f3:66:4c:
                    75:c6:45:24:ea:3e:2b:13:e2:df:a7:f0:58:e6:47:
                    24:0f:0d:41:01:2e:fb:87:52:09:4e:15:16:8c:97:
                    a3:a3:21:91:01:ab:b0:6a:0c:75:94:58:29:c0:b4:
                    eb:71:9c:c3:3b:b9:3f:52:fc:f9:b8:26:b5:a3:07:
                    5b:9d:0a:1d:64:2c:79:2f:fe:92:65:e9:22:22:da:
                    bb:b8:98:c8:88:01:6c:98:a7:47:33:5f:5a:17:41:
                    09:c4:e1:0f:78:e7:3d:cd:28:fa:c7:a9:90:4f:25:
                    fe:af:8b:ea:10:68:3f:5d:f3:b0:73:74:74:b2:e3:
                    24:31:ce:97:44:04:2e:14:d4:bb:4b:f5:27:77:f9:
                    50:77:1b:86:4e:43:ed:93:ec:9f:6e:a8:4f:32:be:
                    b1:04:eb:6a:42:8f:9f:da:15:fa:a9:ad:cd:dc:c7:
                    91:bf:4e:38:d6:59:55:44:6e:d2:0b:47:5b:be:ea:
                    35:d4:59:60:0b:e0:50:8d:7f:6f:41:29:e8:c5:d6:
                    56:d0:7e:da:e0:a2:26:a5:8d:8d:79:ac:bb:a7:82:
                    92:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:32:71:84:EB:49:3C:68:39:2E:3F:5D:C4:D0:17:4F:1C:5D:93:7F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f9cd2109-6829-4bf4-ae52-44ddee546837.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:f8:79:63:47:e2:e3:21:bc:87:51:77:c8:5e:a8:20:41:d9:
         48:a3:cd:c3:e6:c2:7f:b5:54:e7:a0:29:62:a6:83:27:f9:4e:
         eb:79:f9:3c:25:cb:4f:2a:a2:cb:de:1d:1c:e4:02:32:35:4e:
         61:8b:70:d5:cc:57:09:21:98:50:9e:37:1d:89:41:81:29:bf:
         ae:b6:0e:a9:32:a5:3a:04:1f:8a:4e:22:8f:14:ec:9b:5b:63:
         3b:fb:58:99:fd:ab:32:f6:f8:f1:d4:6f:29:1e:87:18:1f:17:
         1a:97:bb:f3:47:5e:e5:4f:13:82:5c:44:a0:4c:2e:cd:f3:43:
         e7:7e:38:17:22:47:07:20:03:d6:6e:c9:fa:34:91:c4:c7:84:
         7a:04:9a:04:2b:d1:71:67:5c:ae:dd:24:c9:2e:8d:e4:d9:2b:
         27:b1:cd:43:d7:75:f7:81:b4:94:28:29:2c:e4:60:5d:e7:a5:
         c2:4c:1b:c9:45:0d:4c:8a:ac:bd:14:1d:84:c0:96:8b:6c:8c:
         1b:98:b1:01:d4:cb:f6:db:5e:1c:99:cc:ef:a8:ca:ab:42:20:
         a2:cd:5f:b2:bf:1c:43:8d:a4:c6:55:a6:2a:81:42:b9:e5:80:
         0f:69:bb:85:89:37:64:42:31:a6:ab:24:99:24:14:64:81:7d:
         da:3d:c1:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW/K+bEx1IJ0YK0vPWGmeXeUTXywwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE4MDAwMDAwWhcNMjMwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTBiZWRjZTcxY2RjODQ5NjIzNDdlOGVjYjRmZDJlOWVm
NTdiMjUwOTg0ZWQwNWI1Y2Y3NGNiMmFhYjhhYWRlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuaov7N+Ocx698kNcVdSrthW1s83jnHbzUkGFuQACFv3UW
DWhWht7+sPNmTHXGRSTqPisT4t+n8FjmRyQPDUEBLvuHUglOFRaMl6OjIZEBq7Bq
DHWUWCnAtOtxnMM7uT9S/Pm4JrWjB1udCh1kLHkv/pJl6SIi2ru4mMiIAWyYp0cz
X1oXQQnE4Q945z3NKPrHqZBPJf6vi+oQaD9d87BzdHSy4yQxzpdEBC4U1LtL9Sd3
+VB3G4ZOQ+2T7J9uqE8yvrEE62pCj5/aFfqprc3cx5G/TjjWWVVEbtILR1u+6jXU
WWAL4FCNf29BKejF1lbQftrgoialjY15rLungpLrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfDJxhOtJPGg5Lj9dxNAXTxxdk38wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y5Y2QyMTA5LTY4MjktNGJmNC1hZTUyLTQ0ZGRlZTU0NjgzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKf4eWNH4uMhvIdRd8heqCBB2Uij
zcPmwn+1VOegKWKmgyf5Tut5+Twly08qosveHRzkAjI1TmGLcNXMVwkhmFCeNx2J
QYEpv662DqkypToEH4pOIo8U7JtbYzv7WJn9qzL2+PHUbykehxgfFxqXu/NHXuVP
E4JcRKBMLs3zQ+d+OBciRwcgA9Zuyfo0kcTHhHoEmgQr0XFnXK7dJMkujeTZKyex
zUPXdfeBtJQoKSzkYF3npcJMG8lFDUyKrL0UHYTAlotsjBuYsQHUy/bbXhyZzO+o
yqtCIKLNX7K/HEONpMZVpiqBQrnlgA9pu4WJN2RCMaarJJkkFGSBfdo9wQs=
-----END CERTIFICATE-----