Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/954e0e40-8b62-4031-9ade-35ed94211699.roa
File:                     954e0e40-8b62-4031-9ade-35ed94211699.roa (raw, json)
Hash identifier:          WMMmYg8DP3z1KUfSI+4ayoff+Lz1/ftgsW6iNZ5+K+c=
Subject key identifier:   C0:D5:E2:30:E7:6D:46:3E:43:93:81:03:45:B2:15:03:F7:D8:BC:10
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       141AA13ED8DE972012DF1483AEC0312571891783
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/954e0e40-8b62-4031-9ade-35ed94211699.roa
Signing time:             Sun 25 Jun 2023 00:00:00 +0000
ROA not before:           Sun 25 Jun 2023 00:00:00 +0000
ROA not after:            Sun 30 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:1a:a1:3e:d8:de:97:20:12:df:14:83:ae:c0:31:25:71:89:17:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 25 00:00:00 2023 GMT
            Not After : Jul 30 23:59:59 2023 GMT
        Subject: serialNumber=e6fac7f4c7cefcdf90cea3be25d2f7bb077e9855c4d2eca9e5309ba8975fa786, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:53:f6:60:35:d6:ac:93:1c:66:3e:e2:25:8f:
                    61:05:d4:f3:f3:8d:01:61:db:e6:3e:95:f1:89:21:
                    ca:82:07:cd:fc:54:73:35:5f:e3:65:19:09:17:65:
                    3e:33:76:21:89:49:80:df:1d:c4:6c:0d:f7:12:a4:
                    da:60:54:2a:bc:fc:aa:75:47:02:bb:84:24:56:3c:
                    02:42:ec:18:28:38:72:13:04:c2:ff:b4:1b:6f:34:
                    e4:91:2a:45:fe:89:b7:49:02:af:da:cb:96:0a:b2:
                    b7:42:00:8a:68:23:4b:d2:00:ae:be:96:44:2e:38:
                    5b:b1:16:30:43:ba:9e:8b:50:8e:69:a4:e2:e7:74:
                    ac:54:0a:fc:c6:1d:cb:ef:da:ed:02:5d:03:68:9a:
                    46:74:1f:4e:6b:05:34:50:f9:4b:c3:e2:07:97:96:
                    6b:6f:44:29:32:62:25:23:b9:2a:31:9d:43:88:05:
                    79:0f:00:86:09:1f:c1:ce:05:fb:1f:1f:b6:65:ce:
                    2e:12:e2:da:26:ed:92:a6:c0:9f:97:1d:94:81:6a:
                    17:41:0c:06:4a:70:f1:98:f4:8f:8d:89:89:b9:9c:
                    53:97:1a:0f:67:5d:50:a5:60:43:8a:35:9f:16:5a:
                    61:2b:1e:2f:4d:4f:d5:fc:56:27:42:1b:63:1c:fc:
                    f7:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:D5:E2:30:E7:6D:46:3E:43:93:81:03:45:B2:15:03:F7:D8:BC:10
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/954e0e40-8b62-4031-9ade-35ed94211699.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:86:54:a0:76:c6:5b:3a:9b:44:b3:fb:c3:1b:62:c1:12:80:
         ff:ac:65:17:b0:43:97:82:0e:cf:da:85:87:0b:f8:6d:75:b3:
         7b:e7:d3:9a:3c:42:77:8f:6a:54:a3:6a:5f:2a:0e:59:bd:f7:
         c0:0c:70:4c:4f:a4:61:9d:63:fe:8d:a2:f4:f0:08:30:54:2e:
         a6:1d:4d:38:96:04:e8:2b:cc:aa:f9:31:92:a0:92:82:c8:08:
         88:70:c7:88:b7:a8:fe:8f:ce:26:d4:6c:a1:f8:c2:d4:4f:b5:
         a6:e4:3b:7b:ca:52:88:5b:8c:43:fe:2f:b6:35:92:7f:18:78:
         cc:25:31:fc:0f:d4:f5:be:e1:35:9d:25:95:60:55:91:98:33:
         c4:a3:59:26:dc:89:c6:17:8c:ee:f8:a5:64:f8:b1:4a:9c:87:
         94:ed:f9:30:6f:e8:17:f7:a8:8e:c6:b9:5e:2a:2a:a1:59:b7:
         30:5d:b6:dd:20:fe:2f:6f:69:fb:1a:78:61:cc:bb:cd:92:ac:
         32:d7:e7:b9:51:9b:7d:2c:c9:6f:e7:39:09:ad:e5:0d:e9:ec:
         a2:66:f3:3a:79:01:b2:1c:3d:87:f0:fb:dc:d2:d3:11:8d:f3:
         44:42:40:09:d8:0d:03:f5:5e:53:31:80:91:63:a0:0e:ec:1e:
         a2:2a:93:2f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFBqhPtjelyAS3xSDrsAxJXGJF4MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI1MDAwMDAwWhcNMjMwNzMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNmZhYzdmNGM3Y2VmY2RmOTBjZWEzYmUyNWQyZjdiYjA3
N2U5ODU1YzRkMmVjYTllNTMwOWJhODk3NWZhNzg2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWU/ZgNdaskxxmPuIlj2EF1PPzjQFh2+Y+lfGJIcqCB838
VHM1X+NlGQkXZT4zdiGJSYDfHcRsDfcSpNpgVCq8/Kp1RwK7hCRWPAJC7BgoOHIT
BML/tBtvNOSRKkX+ibdJAq/ay5YKsrdCAIpoI0vSAK6+lkQuOFuxFjBDup6LUI5p
pOLndKxUCvzGHcvv2u0CXQNomkZ0H05rBTRQ+UvD4geXlmtvRCkyYiUjuSoxnUOI
BXkPAIYJH8HOBfsfH7Zlzi4S4tom7ZKmwJ+XHZSBahdBDAZKcPGY9I+NiYm5nFOX
Gg9nXVClYEOKNZ8WWmErHi9NT9X8VidCG2Mc/PdJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwNXiMOdtRj5Dk4EDRbIVA/fYvBAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk1NGUwZTQwLThiNjItNDAzMS05YWRlLTM1ZWQ5NDIxMTY5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKWGVKB2xls6m0Sz+8MbYsESgP+s
ZRewQ5eCDs/ahYcL+G11s3vn05o8QnePalSjal8qDlm998AMcExPpGGdY/6NovTw
CDBULqYdTTiWBOgrzKr5MZKgkoLICIhwx4i3qP6PzibUbKH4wtRPtabkO3vKUohb
jEP+L7Y1kn8YeMwlMfwP1PW+4TWdJZVgVZGYM8SjWSbcicYXjO74pWT4sUqch5Tt
+TBv6Bf3qI7GuV4qKqFZtzBdtt0g/i9vafsaeGHMu82SrDLX57lRm30syW/nOQmt
5Q3p7KJm8zp5AbIcPYfw+9zS0xGN80RCQAnYDQP1XlMxgJFjoA7sHqIqky8=
-----END CERTIFICATE-----