Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/575580f5-26ef-4f85-9aca-6da9a343ba42.roa
File:                     575580f5-26ef-4f85-9aca-6da9a343ba42.roa (raw, json)
Hash identifier:          9efi6ozu2LaEqs+O5bt8IUV2MoelNBT2//kHoNKaq4A=
Subject key identifier:   06:6D:B1:B5:26:DA:85:6E:96:12:47:75:F4:64:28:1B:D4:3F:F0:51
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       275440BE7C69C8AB9771F486501BC226B711DAED
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/575580f5-26ef-4f85-9aca-6da9a343ba42.roa
Signing time:             Wed 12 Jul 2023 00:00:00 +0000
ROA not before:           Wed 12 Jul 2023 00:00:00 +0000
ROA not after:            Wed 16 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:54:40:be:7c:69:c8:ab:97:71:f4:86:50:1b:c2:26:b7:11:da:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 12 00:00:00 2023 GMT
            Not After : Aug 16 23:59:59 2023 GMT
        Subject: serialNumber=8b155c8bbc8793feee25c156b6ea0e7147e6d8fb5e06e7e5e765845077e2c118, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:96:a3:da:a6:48:d2:a1:3b:da:ea:53:59:e1:
                    30:43:ad:73:89:58:a2:f4:d6:71:01:f6:1f:27:05:
                    d8:22:bc:26:d2:b2:a7:b2:01:e3:e0:56:86:b5:56:
                    cd:dd:25:cf:12:fe:f1:97:25:bb:84:26:90:5a:cc:
                    ba:dc:5b:c2:b3:4e:3b:fa:70:2f:88:4b:e9:f1:9a:
                    88:d1:3e:d5:51:fb:63:26:0b:c1:f4:dc:15:89:94:
                    32:05:4a:39:36:0a:9c:97:1f:0b:7a:72:01:98:32:
                    6a:43:f1:68:83:16:5f:7b:27:1f:c7:51:3e:d6:e2:
                    72:56:13:15:16:1b:92:65:ee:26:47:42:f4:8d:83:
                    da:0b:95:c4:ea:49:63:88:8c:a7:e4:f0:53:65:6c:
                    15:10:a6:dc:75:35:91:38:b3:ce:02:48:de:24:6b:
                    6b:54:cb:10:34:c2:14:13:18:08:50:77:3d:a2:d5:
                    30:d1:55:a9:cd:ec:54:99:3e:95:5c:d2:b7:b9:9b:
                    86:ed:d9:d6:6e:04:a8:07:8e:d1:61:cf:06:66:3a:
                    78:3e:73:4d:c3:bd:43:30:e1:0c:d4:f4:d0:0d:fd:
                    07:e7:7a:cd:07:ec:7d:85:84:fe:fa:5c:ae:a4:53:
                    a8:0c:88:ef:61:7f:61:72:d4:39:62:eb:fa:eb:ec:
                    20:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:6D:B1:B5:26:DA:85:6E:96:12:47:75:F4:64:28:1B:D4:3F:F0:51
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/575580f5-26ef-4f85-9aca-6da9a343ba42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:d3:f5:e2:a6:6c:ef:0c:c1:4f:92:07:b6:39:d6:ff:73:d3:
         4f:95:97:9b:57:1f:cc:10:57:95:c3:ac:f9:c0:ae:26:90:4a:
         cc:2d:42:7a:7a:57:ea:69:e8:95:b1:b9:98:09:a4:29:20:78:
         0d:93:af:8e:44:57:c9:30:ce:6a:2a:80:19:a1:ac:43:0f:dd:
         be:a7:d4:b3:38:b6:bb:b7:ff:f2:73:59:a7:f6:9b:26:76:f0:
         05:ec:0e:da:9d:16:b6:80:53:6f:24:ba:3b:3d:9a:68:42:66:
         7d:70:b3:35:ef:4b:17:25:72:03:7c:3c:3f:f6:86:03:b9:28:
         33:e2:03:c7:29:ff:fe:91:ee:5b:05:80:7a:26:9c:eb:7e:d6:
         bd:85:97:38:c3:0b:1a:dc:b9:df:c9:5b:ac:68:a4:2b:14:2c:
         a5:65:ea:17:cb:0e:00:90:52:b5:fd:be:ad:8e:1e:0c:b3:ec:
         17:67:98:7b:40:20:f1:b0:7b:0e:34:7e:02:c5:e7:08:cf:dc:
         4e:0f:86:11:25:bb:2e:97:aa:d2:fd:f5:68:b4:c7:a1:69:76:
         a9:62:f7:7f:da:2c:de:24:37:6b:76:ba:4c:8f:cf:1f:02:05:
         ef:2f:73:83:05:f3:10:d9:84:d0:10:f9:71:da:01:47:ef:88:
         1c:b1:fe:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJ1RAvnxpyKuXcfSGUBvCJrcR2u0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzEyMDAwMDAwWhcNMjMwODE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjE1NWM4YmJjODc5M2ZlZWUyNWMxNTZiNmVhMGU3MTQ3
ZTZkOGZiNWUwNmU3ZTVlNzY1ODQ1MDc3ZTJjMTE4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzlqPapkjSoTva6lNZ4TBDrXOJWKL01nEB9h8nBdgivCbS
sqeyAePgVoa1Vs3dJc8S/vGXJbuEJpBazLrcW8KzTjv6cC+IS+nxmojRPtVR+2Mm
C8H03BWJlDIFSjk2CpyXHwt6cgGYMmpD8WiDFl97Jx/HUT7W4nJWExUWG5Jl7iZH
QvSNg9oLlcTqSWOIjKfk8FNlbBUQptx1NZE4s84CSN4ka2tUyxA0whQTGAhQdz2i
1TDRVanN7FSZPpVc0re5m4bt2dZuBKgHjtFhzwZmOng+c03DvUMw4QzU9NAN/Qfn
es0H7H2FhP76XK6kU6gMiO9hf2Fy1Dli6/rr7CDxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBm2xtSbahW6WEkd19GQoG9Q/8FEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU3NTU4MGY1LTI2ZWYtNGY4NS05YWNhLTZkYTlhMzQzYmE0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA/T9eKmbO8MwU+SB7Y51v9z00+V
l5tXH8wQV5XDrPnAriaQSswtQnp6V+pp6JWxuZgJpCkgeA2Tr45EV8kwzmoqgBmh
rEMP3b6n1LM4tru3//JzWaf2myZ28AXsDtqdFraAU28kujs9mmhCZn1wszXvSxcl
cgN8PD/2hgO5KDPiA8cp//6R7lsFgHomnOt+1r2FlzjDCxrcud/JW6xopCsULKVl
6hfLDgCQUrX9vq2OHgyz7BdnmHtAIPGwew40fgLF5wjP3E4PhhEluy6XqtL99Wi0
x6Fpdqli93/aLN4kN2t2ukyPzx8CBe8vc4MF8xDZhNAQ+XHaAUfviByx/t8=
-----END CERTIFICATE-----