Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/565ba44a-4007-4776-99cc-d1d30d78b41d.roa
File:                     565ba44a-4007-4776-99cc-d1d30d78b41d.roa (raw, json)
Hash identifier:          6cCtiXDatzQW/3fq+TqJMmFkcer9yTmlDwygMIxlCME=
Subject key identifier:   06:69:93:E5:35:36:05:A9:CE:73:9D:63:32:97:EC:C3:53:B8:E7:33
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3C75C612D7E77901014514EE4C3F1ED3D7023582
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/565ba44a-4007-4776-99cc-d1d30d78b41d.roa
Signing time:             Wed 21 Jun 2023 00:00:00 +0000
ROA not before:           Wed 21 Jun 2023 00:00:00 +0000
ROA not after:            Wed 26 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:75:c6:12:d7:e7:79:01:01:45:14:ee:4c:3f:1e:d3:d7:02:35:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 21 00:00:00 2023 GMT
            Not After : Jul 26 23:59:59 2023 GMT
        Subject: serialNumber=e2921179d428b1dfda98950571b37c3bb67a7c1630dafbd2ef17a1e201a373d7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:87:af:0f:d8:20:74:e6:33:54:98:1d:c9:0c:
                    b3:86:b3:e7:4b:11:98:40:06:43:7a:6e:10:b5:05:
                    8d:ab:f1:fb:60:4a:87:5f:b1:d9:a2:e4:fd:7e:24:
                    a7:cb:5f:81:b9:ab:03:09:f9:b9:2f:c1:5e:fb:33:
                    2b:4c:e4:81:7e:96:9f:5b:9b:5c:bb:dc:f3:c5:43:
                    19:78:15:aa:b8:f7:2a:1b:4e:b0:7a:77:6e:8f:b6:
                    4f:07:68:52:05:66:fa:67:7a:05:a7:51:69:68:37:
                    a5:1d:97:61:4d:3a:61:77:4c:c5:c3:7a:e1:d8:d5:
                    b1:51:f3:ea:0f:b9:c8:7e:68:80:46:1f:35:2c:7c:
                    b4:0a:7e:2c:f5:9c:c8:e3:0a:b9:63:00:5c:46:18:
                    b4:d5:e1:b0:d2:1e:15:72:8d:bf:5a:5f:3b:18:c4:
                    61:87:97:0d:e4:1e:e7:59:33:6b:82:66:0c:04:b1:
                    42:e0:15:86:96:44:a4:24:fc:97:06:6e:49:01:5e:
                    d9:84:1b:75:ae:78:97:ea:7c:13:79:88:e5:00:a5:
                    a3:33:e4:83:b7:a5:b2:b3:4e:41:a7:7a:f3:12:06:
                    20:a8:41:ce:f6:19:e4:1c:1e:e2:17:13:eb:bb:5d:
                    91:6c:a7:9b:ec:2e:1b:92:67:23:37:d8:67:d1:59:
                    79:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:69:93:E5:35:36:05:A9:CE:73:9D:63:32:97:EC:C3:53:B8:E7:33
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/565ba44a-4007-4776-99cc-d1d30d78b41d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:20:ef:41:d6:ac:05:62:a4:cb:c6:a7:bb:b6:85:20:9d:e5:
         a1:83:7a:fd:5c:b8:1a:42:dd:47:55:ee:cc:4f:74:2f:4d:4d:
         f4:9f:50:14:08:32:81:cf:b4:d0:f5:c7:87:c7:05:96:37:80:
         a5:dd:8e:dc:45:4f:7c:e9:2e:65:8f:c4:ef:eb:90:fc:1f:a1:
         cd:34:ef:e9:95:00:7e:02:27:bb:80:5c:b9:fd:8a:8b:3f:b3:
         a8:bb:e0:b4:34:48:18:f0:96:ca:fb:c3:d0:a7:07:88:54:16:
         d0:7a:25:ae:a6:d3:b8:b9:a9:34:dc:ea:a9:24:62:c9:4f:66:
         8c:7b:a3:7d:2b:76:19:2f:45:0e:0f:b2:03:8d:61:54:c9:fc:
         7a:5b:74:49:3f:66:be:5c:16:d5:65:93:3b:cc:4a:97:56:12:
         30:75:ff:ed:1b:cc:b0:e3:ac:61:28:3a:70:59:7d:ab:bb:9f:
         ba:46:f7:c9:0e:45:d7:b5:96:84:9a:03:7e:ba:22:62:b1:a4:
         a6:36:ad:e8:da:79:b5:d6:78:a1:92:7e:e2:5b:b4:8d:1b:ce:
         0e:10:d5:80:0f:57:45:24:5f:df:24:39:a2:80:4b:34:69:0b:
         f6:91:04:04:f0:3d:2d:ad:36:c3:a8:81:75:5e:9c:22:06:16:
         09:4c:b3:60
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPHXGEtfneQEBRRTuTD8e09cCNYIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjIxMDAwMDAwWhcNMjMwNzI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMjkyMTE3OWQ0MjhiMWRmZGE5ODk1MDU3MWIzN2MzYmI2
N2E3YzE2MzBkYWZiZDJlZjE3YTFlMjAxYTM3M2Q3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMh68P2CB05jNUmB3JDLOGs+dLEZhABkN6bhC1BY2r8ftg
Sodfsdmi5P1+JKfLX4G5qwMJ+bkvwV77MytM5IF+lp9bm1y73PPFQxl4Faq49yob
TrB6d26Ptk8HaFIFZvpnegWnUWloN6Udl2FNOmF3TMXDeuHY1bFR8+oPuch+aIBG
HzUsfLQKfiz1nMjjCrljAFxGGLTV4bDSHhVyjb9aXzsYxGGHlw3kHudZM2uCZgwE
sULgFYaWRKQk/JcGbkkBXtmEG3WueJfqfBN5iOUApaMz5IO3pbKzTkGnevMSBiCo
Qc72GeQcHuIXE+u7XZFsp5vsLhuSZyM32GfRWXlvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBmmT5TU2BanOc51jMpfsw1O45zMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU2NWJhNDRhLTQwMDctNDc3Ni05OWNjLWQxZDMwZDc4YjQxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEEg70HWrAVipMvGp7u2hSCd5aGD
ev1cuBpC3UdV7sxPdC9NTfSfUBQIMoHPtND1x4fHBZY3gKXdjtxFT3zpLmWPxO/r
kPwfoc007+mVAH4CJ7uAXLn9ios/s6i74LQ0SBjwlsr7w9CnB4hUFtB6Ja6m07i5
qTTc6qkkYslPZox7o30rdhkvRQ4PsgONYVTJ/HpbdEk/Zr5cFtVlkzvMSpdWEjB1
/+0bzLDjrGEoOnBZfau7n7pG98kORde1loSaA366ImKxpKY2rejaebXWeKGSfuJb
tI0bzg4Q1YAPV0UkX98kOaKASzRpC/aRBATwPS2tNsOogXVenCIGFglMs2A=
-----END CERTIFICATE-----