Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7b4ec6a6-1073-4d38-9685-78587f23c785.roa
File:                     7b4ec6a6-1073-4d38-9685-78587f23c785.roa (raw, json)
Hash identifier:          DLlF5NCVmlcGlhwLuPuoQTl9tmjVdnAn69HXI9eldbk=
Subject key identifier:   EB:8D:75:7F:68:FB:91:FB:D3:87:F9:23:53:C7:0C:9F:64:18:01:EB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       290AF179E7787F6A51390F62A6738B0FF8A06A80
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7b4ec6a6-1073-4d38-9685-78587f23c785.roa
Signing time:             Tue 11 Jul 2023 00:00:00 +0000
ROA not before:           Tue 11 Jul 2023 00:00:00 +0000
ROA not after:            Tue 15 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:0a:f1:79:e7:78:7f:6a:51:39:0f:62:a6:73:8b:0f:f8:a0:6a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 11 00:00:00 2023 GMT
            Not After : Aug 15 23:59:59 2023 GMT
        Subject: serialNumber=ec9abb56828e9b6fb37a99c9050b6f863c807d9d00a70cd5000dce0bdca66eea, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7f:36:99:76:31:d1:50:96:0b:2e:c8:20:cc:
                    ce:4c:f7:d5:72:08:74:5d:6d:ee:22:8c:13:a1:5b:
                    d7:3a:57:b4:70:aa:ac:9c:1b:34:99:21:91:64:57:
                    01:9b:ff:40:18:c4:8f:94:43:66:80:96:4c:6f:d2:
                    29:45:ec:4d:71:97:91:57:fc:98:3f:4f:c6:48:5e:
                    89:08:81:c8:3a:92:72:2f:de:7d:ba:23:9b:5d:ee:
                    85:32:8d:44:39:bf:88:82:41:fb:71:45:64:99:ce:
                    4a:7f:29:19:58:51:bd:18:40:39:94:fb:6c:27:fa:
                    4e:cc:e8:3f:9c:10:8d:71:2f:d1:23:a3:ac:a3:da:
                    cc:94:de:35:71:f7:6a:9f:92:af:b8:ba:b5:67:f3:
                    c8:c7:dc:35:7f:cd:b4:f5:87:08:b6:03:e8:ad:a3:
                    71:7f:e8:b3:65:e5:2c:5a:dd:66:97:55:16:1b:44:
                    a0:bc:3e:73:13:cd:92:cd:43:f7:47:9e:4e:5b:d9:
                    e9:db:db:69:8f:b3:af:35:23:0f:ff:66:6a:eb:66:
                    3d:d7:bb:53:c7:89:c3:84:da:14:a8:c4:dd:60:1b:
                    84:cb:b0:bc:2f:6d:fb:92:40:a5:6d:8d:b1:25:8d:
                    5a:66:ef:92:24:cf:db:5d:8f:bd:a9:b4:80:98:d0:
                    8e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:8D:75:7F:68:FB:91:FB:D3:87:F9:23:53:C7:0C:9F:64:18:01:EB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7b4ec6a6-1073-4d38-9685-78587f23c785.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:e2:5b:4d:56:82:8d:67:9a:c2:bc:57:75:81:e1:07:15:9e:
         f1:50:11:da:f1:71:5e:8e:cf:f2:8b:ac:9e:08:95:a9:ed:b7:
         62:8c:6d:03:c7:c9:10:96:ee:8c:38:58:1a:ef:2a:37:e0:58:
         67:62:75:62:0e:92:6b:1e:18:12:2a:4b:af:27:22:89:9f:b6:
         24:51:57:a6:6e:e0:f1:9a:0c:4a:e0:7e:cb:a0:3e:72:94:4d:
         fa:75:91:52:d7:a1:2f:ac:80:49:9c:12:2b:4e:c6:56:d4:34:
         3a:c4:ee:97:cc:e6:a5:4e:d6:fc:41:88:00:3c:47:86:63:ef:
         11:8c:1f:a8:28:11:05:d5:4b:44:f5:1b:a2:68:be:da:45:b2:
         f2:20:d3:76:e3:b1:8d:04:a7:e7:b9:f2:7b:66:f2:26:f5:ac:
         41:7b:9f:0a:a0:13:5d:42:68:8c:4f:42:60:96:b3:7a:8b:82:
         9e:a2:4b:95:6e:38:75:d6:26:90:71:42:5f:72:2b:f8:5c:91:
         dc:bd:7e:35:c6:0f:8c:10:ee:aa:d0:fc:5e:28:21:83:7b:b7:
         1d:13:4c:fb:26:b9:72:6d:c6:6d:67:42:84:62:62:41:aa:19:
         40:fd:a0:36:1c:5e:bc:2d:36:96:99:56:61:3b:49:f2:53:fa:
         98:27:76:fe
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKQrxeed4f2pROQ9ipnOLD/igaoAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzExMDAwMDAwWhcNMjMwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzlhYmI1NjgyOGU5YjZmYjM3YTk5YzkwNTBiNmY4NjNj
ODA3ZDlkMDBhNzBjZDUwMDBkY2UwYmRjYTY2ZWVhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCofzaZdjHRUJYLLsggzM5M99VyCHRdbe4ijBOhW9c6V7Rw
qqycGzSZIZFkVwGb/0AYxI+UQ2aAlkxv0ilF7E1xl5FX/Jg/T8ZIXokIgcg6knIv
3n26I5td7oUyjUQ5v4iCQftxRWSZzkp/KRlYUb0YQDmU+2wn+k7M6D+cEI1xL9Ej
o6yj2syU3jVx92qfkq+4urVn88jH3DV/zbT1hwi2A+ito3F/6LNl5Sxa3WaXVRYb
RKC8PnMTzZLNQ/dHnk5b2enb22mPs681Iw//ZmrrZj3Xu1PHicOE2hSoxN1gG4TL
sLwvbfuSQKVtjbEljVpm75Ikz9tdj72ptICY0I67AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6411f2j7kfvTh/kjU8cMn2QYAeswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdiNGVjNmE2LTEwNzMtNGQzOC05Njg1LTc4NTg3ZjIzYzc4NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJPiW01Wgo1nmsK8V3WB4QcVnvFQ
EdrxcV6Oz/KLrJ4Ilantt2KMbQPHyRCW7ow4WBrvKjfgWGdidWIOkmseGBIqS68n
IomftiRRV6Zu4PGaDErgfsugPnKUTfp1kVLXoS+sgEmcEitOxlbUNDrE7pfM5qVO
1vxBiAA8R4Zj7xGMH6goEQXVS0T1G6JovtpFsvIg03bjsY0Ep+e58ntm8ib1rEF7
nwqgE11CaIxPQmCWs3qLgp6iS5VuOHXWJpBxQl9yK/hckdy9fjXGD4wQ7qrQ/F4o
IYN7tx0TTPsmuXJtxm1nQoRiYkGqGUD9oDYcXrwtNpaZVmE7SfJT+pgndv4=
-----END CERTIFICATE-----