Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/06badd3f-c744-4971-bcc7-5c76c6efc16d.roa
File:                     06badd3f-c744-4971-bcc7-5c76c6efc16d.roa (raw, json)
Hash identifier:          CO5sGavE+slvypd2ys1vWFKOqV8zpKe6PcRveykwQbg=
Subject key identifier:   D4:6A:50:F4:D1:70:15:1F:0A:A3:22:53:05:02:A3:4A:CD:63:31:76
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       19D2E6043C9E404746DE46E65906733189BE268E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/06badd3f-c744-4971-bcc7-5c76c6efc16d.roa
Signing time:             Fri 23 Jun 2023 00:00:00 +0000
ROA not before:           Fri 23 Jun 2023 00:00:00 +0000
ROA not after:            Fri 28 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:d2:e6:04:3c:9e:40:47:46:de:46:e6:59:06:73:31:89:be:26:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 23 00:00:00 2023 GMT
            Not After : Jul 28 23:59:59 2023 GMT
        Subject: serialNumber=62063d773e33c1f4d0743ae280383a80e5a60f08fc33cb7b4c55ea651a786db3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:62:b5:1e:18:75:e4:83:6b:67:11:23:99:93:
                    81:84:04:32:0e:a7:c1:3a:a5:2a:a5:92:b1:2f:05:
                    19:e4:b8:bc:ce:e3:39:32:18:19:e2:e4:75:b6:b8:
                    60:b0:64:20:01:12:d2:42:e8:fe:a9:85:d0:9c:5c:
                    74:51:df:46:42:33:da:2f:3b:09:c0:dc:f2:8b:6b:
                    15:e9:13:f6:9e:bc:61:49:17:4b:d0:4b:fe:20:37:
                    cb:4d:46:b7:d5:28:a3:63:9c:a6:26:ff:0e:12:1c:
                    6c:34:86:c6:d1:8d:65:8a:b0:64:29:f8:f4:2d:d7:
                    30:15:39:bc:3c:bf:78:c0:fd:87:dc:54:e1:6a:f7:
                    6d:eb:3e:5b:39:48:00:aa:00:e2:0d:70:4e:d7:8c:
                    96:06:86:ba:b9:f9:92:f3:e0:62:30:e0:89:40:46:
                    0a:ee:ee:c7:75:07:76:df:39:1d:84:97:a7:37:97:
                    40:18:03:b1:30:92:c5:c8:8d:f5:34:67:64:27:62:
                    5a:a1:e9:49:fc:0d:ab:9a:f3:30:4c:91:e9:e5:75:
                    5f:3b:a2:61:d5:6d:65:e3:b4:fb:79:5e:4d:9f:d8:
                    da:c2:35:e1:fb:97:ed:fb:4f:ad:60:91:64:c6:9a:
                    69:3e:35:15:b3:19:25:96:d0:25:88:c2:d3:db:1d:
                    62:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:6A:50:F4:D1:70:15:1F:0A:A3:22:53:05:02:A3:4A:CD:63:31:76
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/06badd3f-c744-4971-bcc7-5c76c6efc16d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:cc:98:e6:47:46:54:c5:75:4f:aa:ef:df:45:28:02:28:64:
         5f:36:7c:46:6a:a9:5e:0f:70:af:31:8c:ea:80:be:fc:0b:f7:
         a2:00:d2:47:e1:a4:67:98:55:aa:1a:dc:6a:ad:1b:73:d5:57:
         84:75:15:b5:f5:3a:57:ac:79:15:5d:91:c4:b2:5d:64:8b:07:
         bc:74:9e:1a:97:3d:a0:fc:0b:88:65:d7:b9:54:f1:c7:e3:a6:
         f1:ee:b5:f3:95:b1:60:a6:e2:5d:83:ca:c2:c7:76:54:42:75:
         9a:8d:de:2c:d7:f8:64:af:94:c3:b9:1a:ac:dc:eb:e8:5a:d1:
         a0:4a:37:01:03:e1:d3:59:13:38:1b:4b:48:02:06:92:19:e1:
         fe:96:f1:70:aa:38:8c:40:41:6b:f4:a4:48:07:1b:37:9f:52:
         b2:b4:78:16:67:51:29:03:97:70:1f:d2:aa:c1:f7:01:06:34:
         14:61:61:a7:05:24:1a:8f:ca:58:cb:26:5d:b0:41:b8:88:3e:
         48:b6:ea:6f:ec:c2:e9:15:42:16:88:e7:7b:c9:cb:c2:66:5a:
         d4:57:f1:92:6e:e7:b4:df:b3:66:ac:09:9f:e4:18:75:6a:4a:
         6f:c2:52:d8:65:43:4c:d6:ef:33:46:c0:8d:2c:ef:13:a9:8c:
         e5:5c:06:95
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGdLmBDyeQEdG3kbmWQZzMYm+Jo4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjIzMDAwMDAwWhcNMjMwNzI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjA2M2Q3NzNlMzNjMWY0ZDA3NDNhZTI4MDM4M2E4MGU1
YTYwZjA4ZmMzM2NiN2I0YzU1ZWE2NTFhNzg2ZGIzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbYrUeGHXkg2tnESOZk4GEBDIOp8E6pSqlkrEvBRnkuLzO
4zkyGBni5HW2uGCwZCABEtJC6P6phdCcXHRR30ZCM9ovOwnA3PKLaxXpE/aevGFJ
F0vQS/4gN8tNRrfVKKNjnKYm/w4SHGw0hsbRjWWKsGQp+PQt1zAVObw8v3jA/Yfc
VOFq923rPls5SACqAOINcE7XjJYGhrq5+ZLz4GIw4IlARgru7sd1B3bfOR2El6c3
l0AYA7EwksXIjfU0Z2QnYlqh6Un8Daua8zBMkenldV87omHVbWXjtPt5Xk2f2NrC
NeH7l+37T61gkWTGmmk+NRWzGSWW0CWIwtPbHWKrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1GpQ9NFwFR8KoyJTBQKjSs1jMXYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA2YmFkZDNmLWM3NDQtNDk3MS1iY2M3LTVjNzZjNmVmYzE2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEbMmOZHRlTFdU+q799FKAIoZF82
fEZqqV4PcK8xjOqAvvwL96IA0kfhpGeYVaoa3GqtG3PVV4R1FbX1OleseRVdkcSy
XWSLB7x0nhqXPaD8C4hl17lU8cfjpvHutfOVsWCm4l2DysLHdlRCdZqN3izX+GSv
lMO5Gqzc6+ha0aBKNwED4dNZEzgbS0gCBpIZ4f6W8XCqOIxAQWv0pEgHGzefUrK0
eBZnUSkDl3Af0qrB9wEGNBRhYacFJBqPyljLJl2wQbiIPki26m/swukVQhaI53vJ
y8JmWtRX8ZJu57Tfs2asCZ/kGHVqSm/CUthlQ0zW7zNGwI0s7xOpjOVcBpU=
-----END CERTIFICATE-----