Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4918b924-e789-406b-8180-a2843af5a6a6.roa
File:                     4918b924-e789-406b-8180-a2843af5a6a6.roa (raw, json)
Hash identifier:          cu0Hdz3NHS9csdE/ECSpBVsRrLYgMNO+ibpcm2WG6y8=
Subject key identifier:   88:AA:F2:C0:4F:1B:46:BD:FA:92:AD:03:64:27:94:A5:7A:F4:C1:E1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5A570E420176F60437814B0FA52EDFE7B37C0905
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4918b924-e789-406b-8180-a2843af5a6a6.roa
Signing time:             Wed 21 Jun 2023 00:00:00 +0000
ROA not before:           Wed 21 Jun 2023 00:00:00 +0000
ROA not after:            Wed 26 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:57:0e:42:01:76:f6:04:37:81:4b:0f:a5:2e:df:e7:b3:7c:09:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 21 00:00:00 2023 GMT
            Not After : Jul 26 23:59:59 2023 GMT
        Subject: serialNumber=82fa822bb03945abad6355b4b1d7befca03270373997c59d6c1590e7eadf3322, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:dc:b4:a9:a3:c5:6b:dd:0a:59:1d:59:9a:54:
                    34:aa:8f:50:0a:b2:20:a3:72:f2:30:2d:44:4f:cd:
                    c7:83:98:dd:9b:29:2d:85:af:1f:6d:53:2a:ad:09:
                    85:34:4e:5f:34:99:1d:c7:5d:da:56:60:42:c1:b8:
                    dd:d9:ae:e0:6f:dc:17:9b:0e:a4:85:df:b0:a4:39:
                    88:41:a7:aa:79:0a:f6:ec:0c:d8:59:1e:d3:c5:46:
                    39:88:f0:1b:a2:f6:36:bb:cc:4b:0e:73:bc:7a:a6:
                    05:46:90:b1:2d:fa:06:a7:df:2d:86:8b:41:65:ce:
                    fc:09:04:fd:f7:d5:41:23:ad:f0:ea:29:c6:f3:72:
                    c3:a1:0a:03:04:86:8b:88:0d:5c:c5:42:15:fa:fc:
                    60:c6:cc:81:ea:84:62:59:a0:a3:18:45:66:eb:59:
                    bc:9d:23:67:a7:42:6e:a0:a0:e1:86:82:a4:12:17:
                    b7:ff:04:a6:63:96:88:b0:35:68:de:60:4a:1c:32:
                    69:c6:2b:39:43:61:5e:08:04:78:b6:5b:35:4b:d9:
                    61:87:96:3b:cc:41:7a:8e:83:31:25:8d:64:10:15:
                    ac:a9:17:55:3b:fc:ec:a9:5c:5d:11:46:3b:5d:bd:
                    27:1c:db:c5:da:fc:6d:ae:96:e8:af:2b:27:16:51:
                    4d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:AA:F2:C0:4F:1B:46:BD:FA:92:AD:03:64:27:94:A5:7A:F4:C1:E1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4918b924-e789-406b-8180-a2843af5a6a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:a0:08:af:be:9e:9d:ef:8f:94:f2:46:21:4a:99:b5:23:84:
         cd:16:ce:21:28:89:25:d1:a8:7a:91:69:36:0d:73:3e:e6:db:
         f2:b3:33:28:c1:4c:80:9f:4e:4d:15:d6:3b:5d:10:11:f4:d9:
         7e:ec:8e:60:ac:dd:9f:87:8d:50:03:27:43:ee:51:3a:8f:e8:
         b6:31:5e:59:77:e5:6e:37:10:d2:6e:5a:6f:9b:0a:e6:d0:72:
         12:e6:4c:f9:26:d7:13:20:d8:34:b2:0e:d6:48:a3:ab:85:c2:
         ad:93:c2:a6:53:80:4d:c2:86:c3:33:24:45:c3:0e:73:70:7d:
         40:3e:cf:93:69:43:42:e5:f6:d0:76:b2:f5:70:94:34:2e:96:
         4c:e6:a9:a7:3e:71:9b:8f:aa:b2:18:db:04:c7:3b:ca:0f:ec:
         42:ef:e7:f2:c6:bd:0c:ca:99:07:73:bf:2b:87:76:ed:10:41:
         fc:ae:e4:5a:db:01:99:ab:98:0b:a6:94:69:0a:53:8e:1f:f9:
         db:5a:1d:e7:54:f0:b3:a3:f4:41:a2:36:b4:4d:51:1b:46:33:
         10:d4:7d:cd:e4:3c:0f:86:dc:59:d1:5e:83:c8:d3:3b:7d:37:
         c4:e4:0c:d1:6f:c6:14:ce:e4:47:fa:67:39:e2:68:1a:6a:a6:
         1c:89:93:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWlcOQgF29gQ3gUsPpS7f57N8CQUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjIxMDAwMDAwWhcNMjMwNzI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MmZhODIyYmIwMzk0NWFiYWQ2MzU1YjRiMWQ3YmVmY2Ew
MzI3MDM3Mzk5N2M1OWQ2YzE1OTBlN2VhZGYzMzIyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI3LSpo8Vr3QpZHVmaVDSqj1AKsiCjcvIwLURPzceDmN2b
KS2Frx9tUyqtCYU0Tl80mR3HXdpWYELBuN3ZruBv3BebDqSF37CkOYhBp6p5Cvbs
DNhZHtPFRjmI8Bui9ja7zEsOc7x6pgVGkLEt+gan3y2Gi0FlzvwJBP331UEjrfDq
KcbzcsOhCgMEhouIDVzFQhX6/GDGzIHqhGJZoKMYRWbrWbydI2enQm6goOGGgqQS
F7f/BKZjloiwNWjeYEocMmnGKzlDYV4IBHi2WzVL2WGHljvMQXqOgzEljWQQFayp
F1U7/OypXF0RRjtdvScc28Xa/G2uluivKycWUU29AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiKrywE8bRr36kq0DZCeUpXr0weEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ5MThiOTI0LWU3ODktNDA2Yi04MTgwLWEyODQzYWY1YTZhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGmgCK++np3vj5TyRiFKmbUjhM0W
ziEoiSXRqHqRaTYNcz7m2/KzMyjBTICfTk0V1jtdEBH02X7sjmCs3Z+HjVADJ0Pu
UTqP6LYxXll35W43ENJuWm+bCubQchLmTPkm1xMg2DSyDtZIo6uFwq2TwqZTgE3C
hsMzJEXDDnNwfUA+z5NpQ0Ll9tB2svVwlDQulkzmqac+cZuPqrIY2wTHO8oP7ELv
5/LGvQzKmQdzvyuHdu0QQfyu5FrbAZmrmAumlGkKU44f+dtaHedU8LOj9EGiNrRN
URtGMxDUfc3kPA+G3FnRXoPI0zt9N8TkDNFvxhTO5Ef6ZzniaBpqphyJkxk=
-----END CERTIFICATE-----