Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4c28cb32-af28-491f-b660-835c96a4c579.roa
File:                     4c28cb32-af28-491f-b660-835c96a4c579.roa (raw, json)
Hash identifier:          0SjGTck67x1+/PmVz8yPQ2q5WgCrTHYZC61M87BFszc=
Subject key identifier:   BF:DC:4B:28:12:B3:A6:6F:8B:47:B3:9E:76:5D:A5:9B:D8:E4:3B:C9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4F3371B25FD817E988420C54FF3D04952393C8A4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4c28cb32-af28-491f-b660-835c96a4c579.roa
Signing time:             Tue 11 Jul 2023 00:00:00 +0000
ROA not before:           Tue 11 Jul 2023 00:00:00 +0000
ROA not after:            Tue 15 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:33:71:b2:5f:d8:17:e9:88:42:0c:54:ff:3d:04:95:23:93:c8:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 11 00:00:00 2023 GMT
            Not After : Aug 15 23:59:59 2023 GMT
        Subject: serialNumber=726fb33260826b72f83034f70d08615dd105c1e00c7589eb48df8711d2c0800c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:14:0c:08:80:cc:e3:65:27:5d:9e:82:56:39:
                    ed:96:bf:1a:d0:bb:c6:a5:62:af:73:8f:40:38:16:
                    fc:20:92:14:94:72:01:70:d6:95:d5:1c:8d:1d:c9:
                    21:74:3d:15:78:4b:e1:b8:67:1a:ec:51:0b:f3:4b:
                    83:4c:10:38:d0:2b:a2:ad:24:16:aa:88:35:6c:21:
                    59:17:38:93:ad:0b:31:3f:54:df:38:76:06:b7:d7:
                    bd:12:56:b4:b7:c9:9b:df:bc:d4:61:ee:d0:06:15:
                    6a:83:d5:40:a2:b1:42:ae:ce:88:13:df:21:3a:7b:
                    2f:17:a1:4e:9a:00:7d:39:ad:8d:ff:d0:05:93:49:
                    33:8f:d3:e2:ee:89:86:2d:65:66:24:09:ed:cc:99:
                    71:01:85:8b:91:c7:bb:10:ce:7d:38:b9:9b:89:91:
                    df:ae:18:14:b3:fc:8a:d1:fe:11:69:14:74:52:86:
                    d3:dd:9e:32:5f:66:69:ea:98:83:38:d3:03:0c:d6:
                    03:3c:85:ee:3f:a9:00:cc:31:cd:9e:cc:5d:57:0d:
                    63:6f:1b:46:ee:44:d8:dd:58:2c:f9:35:18:68:d8:
                    c3:5b:34:79:ad:6b:31:8c:46:b3:2a:ef:68:8f:51:
                    d3:69:86:d7:52:b3:cd:73:58:15:c3:24:14:17:f7:
                    ec:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:DC:4B:28:12:B3:A6:6F:8B:47:B3:9E:76:5D:A5:9B:D8:E4:3B:C9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4c28cb32-af28-491f-b660-835c96a4c579.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:6e:f1:02:09:a5:9d:8c:3c:17:5e:23:d0:f1:df:9b:63:d4:
         c0:52:84:a7:05:d5:dc:5f:5b:51:5d:b4:87:7e:21:45:a9:7d:
         ce:3e:cc:89:8f:7d:79:ce:60:92:6d:78:14:15:37:69:96:e8:
         4c:55:20:30:d9:62:9a:bd:64:18:9c:22:cb:9b:7f:5e:38:a5:
         7b:54:fc:12:7b:40:21:d0:68:f0:75:81:00:dd:43:45:dc:52:
         78:ff:06:0a:1e:7b:be:64:80:24:df:f4:6a:c0:08:e9:de:37:
         82:6d:7a:56:aa:11:32:0e:7c:21:12:05:ae:83:0e:82:da:db:
         62:3f:90:d1:60:d4:f3:bd:28:4f:85:76:33:36:83:d5:0f:35:
         49:12:a5:d9:a2:8a:38:88:04:f8:46:de:02:cd:e2:21:9e:25:
         7d:29:82:67:d9:16:89:c9:10:4a:db:18:df:3f:0d:41:cf:46:
         5a:1a:e8:be:e7:5d:5e:97:b0:50:10:20:2a:4b:38:b0:5b:7e:
         83:09:91:dd:bc:a0:e1:81:28:dd:8e:3b:a4:25:87:7b:19:74:
         72:f0:02:72:d0:a8:16:94:18:70:82:39:5d:28:5b:44:77:5d:
         1d:ea:fa:db:a8:ad:28:dd:f0:43:aa:c7:f4:74:b4:2b:56:73:
         5e:57:0e:2c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTzNxsl/YF+mIQgxU/z0ElSOTyKQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzExMDAwMDAwWhcNMjMwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MjZmYjMzMjYwODI2YjcyZjgzMDM0ZjcwZDA4NjE1ZGQx
MDVjMWUwMGM3NTg5ZWI0OGRmODcxMWQyYzA4MDBjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJFAwIgMzjZSddnoJWOe2WvxrQu8alYq9zj0A4FvwgkhSU
cgFw1pXVHI0dySF0PRV4S+G4ZxrsUQvzS4NMEDjQK6KtJBaqiDVsIVkXOJOtCzE/
VN84dga3170SVrS3yZvfvNRh7tAGFWqD1UCisUKuzogT3yE6ey8XoU6aAH05rY3/
0AWTSTOP0+LuiYYtZWYkCe3MmXEBhYuRx7sQzn04uZuJkd+uGBSz/IrR/hFpFHRS
htPdnjJfZmnqmIM40wMM1gM8he4/qQDMMc2ezF1XDWNvG0buRNjdWCz5NRho2MNb
NHmtazGMRrMq72iPUdNphtdSs81zWBXDJBQX9+yTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUv9xLKBKzpm+LR7Oedl2lm9jkO8kwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRjMjhjYjMyLWFmMjgtNDkxZi1iNjYwLTgzNWM5NmE0YzU3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKpu8QIJpZ2MPBdeI9Dx35tj1MBS
hKcF1dxfW1FdtId+IUWpfc4+zImPfXnOYJJteBQVN2mW6ExVIDDZYpq9ZBicIsub
f144pXtU/BJ7QCHQaPB1gQDdQ0XcUnj/Bgoee75kgCTf9GrACOneN4JtelaqETIO
fCESBa6DDoLa22I/kNFg1PO9KE+FdjM2g9UPNUkSpdmiijiIBPhG3gLN4iGeJX0p
gmfZFonJEErbGN8/DUHPRloa6L7nXV6XsFAQICpLOLBbfoMJkd28oOGBKN2OO6Ql
h3sZdHLwAnLQqBaUGHCCOV0oW0R3XR3q+tuorSjd8EOqx/R0tCtWc15XDiw=
-----END CERTIFICATE-----