Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4fcc517c-3768-4041-8e82-96361ee933af.roa
File:                     4fcc517c-3768-4041-8e82-96361ee933af.roa (raw, json)
Hash identifier:          bqpgQUktIg2BrXZykv/02GSU57aycq2so18L8TVSxhI=
Subject key identifier:   02:D9:74:01:1E:2A:E1:A4:02:35:8E:FA:8A:2A:C0:41:1C:79:2D:72
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7BD08146FF68688069B1C0A7734F37DC977235A9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4fcc517c-3768-4041-8e82-96361ee933af.roa
Signing time:             Sun 16 Jul 2023 00:00:00 +0000
ROA not before:           Sun 16 Jul 2023 00:00:00 +0000
ROA not after:            Sun 20 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:d0:81:46:ff:68:68:80:69:b1:c0:a7:73:4f:37:dc:97:72:35:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 16 00:00:00 2023 GMT
            Not After : Aug 20 23:59:59 2023 GMT
        Subject: serialNumber=5d48a23c2b3ed2bb8e6a9e6182043e620e5478503554a714c833c662c93db877, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bf:27:e8:1a:ce:88:e9:08:a5:92:a6:a9:94:
                    67:e9:db:da:e3:e9:80:16:e0:5e:e0:62:88:00:d0:
                    fd:de:3d:5c:c5:09:f6:9a:6e:23:ea:79:8d:d5:bf:
                    93:07:da:b8:35:dd:01:c1:b7:83:c1:6f:9b:b4:9b:
                    24:16:ea:a3:32:bf:5c:14:87:06:18:e7:76:17:21:
                    56:a9:1a:18:a8:04:69:e6:3d:6f:e8:d0:d1:80:ab:
                    7b:0a:f8:8c:c0:46:8d:3f:70:5b:c6:3c:e0:b0:c9:
                    3f:2a:de:ea:e9:50:88:71:af:a8:bf:23:37:58:50:
                    8a:b0:c4:32:6a:7a:59:2d:b4:dd:96:1e:2e:b2:fa:
                    34:6c:45:7c:88:03:fc:a8:9d:48:52:2c:04:9e:cb:
                    f0:34:6a:c4:d4:5f:ba:cd:f8:fc:82:9c:37:a7:4a:
                    a7:59:d2:56:ac:ea:b3:66:24:6f:fa:11:24:36:4f:
                    a7:45:ec:92:cb:4e:f4:cd:37:ad:48:c9:a9:d5:c2:
                    34:42:b4:a8:43:70:d0:e7:fa:1b:ea:62:15:76:8a:
                    f1:9a:be:eb:0c:8f:c5:a4:58:53:1c:46:74:28:a2:
                    ec:51:a1:d2:37:b1:56:86:6d:d5:5c:81:14:a6:b5:
                    f6:fb:8e:bd:a0:82:c9:2f:7e:22:b3:72:b1:c5:f8:
                    5d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:D9:74:01:1E:2A:E1:A4:02:35:8E:FA:8A:2A:C0:41:1C:79:2D:72
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4fcc517c-3768-4041-8e82-96361ee933af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:97:f8:db:27:ec:3a:84:8f:d7:d6:3a:b5:2f:d8:6b:2c:a6:
         23:91:01:34:e7:02:e1:6d:86:8d:2c:41:9f:1b:67:c6:11:b9:
         29:5a:a9:ae:00:28:8c:94:00:3f:13:11:04:60:77:59:2e:41:
         7f:f7:c6:f8:da:51:c8:6c:5a:22:c7:9f:42:00:0b:59:05:31:
         99:7f:09:87:85:6e:c2:51:5e:1d:63:28:21:02:24:b7:b4:c6:
         28:cd:cc:9e:d4:7f:99:d1:80:f4:df:b0:82:71:8c:be:c7:b6:
         69:b9:4b:f7:e2:b2:27:70:dd:cd:13:0e:f2:cb:ce:e9:89:a9:
         f7:bc:b3:56:26:83:08:1c:4d:4b:ad:c6:66:65:4e:35:9d:76:
         f8:c2:90:1d:d8:59:34:66:83:06:7a:2e:4f:b8:4b:59:bc:de:
         a5:f1:27:aa:9b:94:9a:bb:67:25:ca:69:05:5f:b6:22:0f:49:
         9b:f3:a6:03:11:43:07:f1:3c:df:b6:78:9b:8a:cb:d5:81:5f:
         b7:a1:e3:4a:0b:45:7d:4e:73:10:a4:3a:f3:de:45:90:ef:70:
         48:27:76:4d:6f:8d:70:18:5d:95:a4:cb:c9:e0:2f:64:34:7b:
         8f:a9:08:5e:1b:e5:18:b1:a6:18:ab:7d:50:30:a7:31:22:23:
         ab:e5:e2:10
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe9CBRv9oaIBpscCnc0833JdyNakwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE2MDAwMDAwWhcNMjMwODIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZDQ4YTIzYzJiM2VkMmJiOGU2YTllNjE4MjA0M2U2MjBl
NTQ3ODUwMzU1NGE3MTRjODMzYzY2MmM5M2RiODc3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVvyfoGs6I6QilkqaplGfp29rj6YAW4F7gYogA0P3ePVzF
CfaabiPqeY3Vv5MH2rg13QHBt4PBb5u0myQW6qMyv1wUhwYY53YXIVapGhioBGnm
PW/o0NGAq3sK+IzARo0/cFvGPOCwyT8q3urpUIhxr6i/IzdYUIqwxDJqelkttN2W
Hi6y+jRsRXyIA/yonUhSLASey/A0asTUX7rN+PyCnDenSqdZ0las6rNmJG/6ESQ2
T6dF7JLLTvTNN61IyanVwjRCtKhDcNDn+hvqYhV2ivGavusMj8WkWFMcRnQoouxR
odI3sVaGbdVcgRSmtfb7jr2ggskvfiKzcrHF+F3xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAtl0AR4q4aQCNY76iirAQRx5LXIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRmY2M1MTdjLTM3NjgtNDA0MS04ZTgyLTk2MzYxZWU5MzNhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEqX+Nsn7DqEj9fWOrUv2GsspiOR
ATTnAuFtho0sQZ8bZ8YRuSlaqa4AKIyUAD8TEQRgd1kuQX/3xvjaUchsWiLHn0IA
C1kFMZl/CYeFbsJRXh1jKCECJLe0xijNzJ7Uf5nRgPTfsIJxjL7Htmm5S/fisidw
3c0TDvLLzumJqfe8s1YmgwgcTUutxmZlTjWddvjCkB3YWTRmgwZ6Lk+4S1m83qXx
J6qblJq7ZyXKaQVftiIPSZvzpgMRQwfxPN+2eJuKy9WBX7eh40oLRX1OcxCkOvPe
RZDvcEgndk1vjXAYXZWky8ngL2Q0e4+pCF4b5RixphirfVAwpzEiI6vl4hA=
-----END CERTIFICATE-----