Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/998b7531-9152-438b-9e35-33d67570114f.roa
File:                     998b7531-9152-438b-9e35-33d67570114f.roa (raw, json)
Hash identifier:          IyuT80vTp4ovS/QRhz/0m7qQPHszk4k6GYw6oiEabbg=
Subject key identifier:   9F:8C:37:3F:40:03:57:C8:A7:F7:FD:82:6E:FC:7D:50:26:56:CC:5B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       53DC9FAC988FC8097B96146986D5BB9F656C59E0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/998b7531-9152-438b-9e35-33d67570114f.roa
Signing time:             Sun 18 Jun 2023 00:00:00 +0000
ROA not before:           Sun 18 Jun 2023 00:00:00 +0000
ROA not after:            Sun 23 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:dc:9f:ac:98:8f:c8:09:7b:96:14:69:86:d5:bb:9f:65:6c:59:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 18 00:00:00 2023 GMT
            Not After : Jul 23 23:59:59 2023 GMT
        Subject: serialNumber=b0b64df12c932de5b028df265b082205d43c2aed8aa9f9c4534b70278132844b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:cc:57:05:49:ae:d3:ee:57:65:de:f1:81:28:
                    d1:c4:45:f7:51:01:71:1a:66:ed:97:3a:a2:c2:42:
                    9e:a5:6a:58:f7:1c:e1:7f:17:f2:f5:b7:dd:ec:d4:
                    c9:0b:38:e8:21:40:4a:93:5a:cb:b2:a0:64:6a:6c:
                    e3:3b:43:32:12:00:35:e2:80:79:24:39:92:81:c4:
                    ca:90:9d:b0:ca:f8:20:24:71:05:b3:4e:65:86:00:
                    24:18:fd:28:36:2f:24:95:05:e4:6f:20:bf:99:2d:
                    00:5f:76:5d:eb:91:b9:a4:7f:58:3a:98:aa:32:8c:
                    91:f9:49:7a:bf:49:74:cf:1f:42:87:6b:72:0e:ec:
                    ad:be:82:ec:e8:f9:78:f7:1f:98:33:72:de:e8:0a:
                    44:8f:1e:f4:3d:e2:87:9d:0a:ba:1b:37:94:2f:2e:
                    a7:77:ca:fb:3f:11:48:42:a8:3d:03:02:ef:26:2e:
                    45:35:e7:a4:fe:81:c6:f8:59:2e:78:0b:cc:50:bc:
                    5d:38:e0:75:3a:5d:ac:e6:66:88:6d:0f:21:7a:63:
                    f9:92:d1:64:d1:96:ee:ed:28:bb:a0:ed:da:a7:48:
                    85:f7:c9:3b:cb:b8:bd:a2:25:63:0b:22:2b:8f:82:
                    f1:2c:69:94:09:b8:2e:cc:af:9b:b0:3d:96:1d:de:
                    dc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:8C:37:3F:40:03:57:C8:A7:F7:FD:82:6E:FC:7D:50:26:56:CC:5B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/998b7531-9152-438b-9e35-33d67570114f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:92:ae:fd:c0:b3:2e:4f:12:f1:e2:1c:e5:cf:24:f0:82:2b:
         3e:d0:6c:a8:4e:d1:4f:4e:1a:3d:64:06:75:6b:96:5f:5d:5f:
         93:ba:d4:ce:f3:8e:5c:8b:f4:a0:b4:d7:1a:6d:64:89:06:0c:
         cd:c6:28:b9:24:d3:83:d1:40:1f:8b:e5:24:5a:78:b3:7a:a0:
         37:60:72:9d:6b:e1:78:6c:05:99:e0:fb:9b:7c:a2:de:a7:95:
         29:12:bd:42:41:85:b8:91:59:d3:f7:02:90:c8:d5:d7:ac:51:
         db:77:bb:c0:3e:2e:01:1b:a4:32:eb:fb:0d:e0:31:70:65:8a:
         18:1e:0a:df:2b:f2:fe:ef:5d:df:21:54:94:41:1d:da:f3:78:
         ac:9e:c8:7d:52:6d:29:3a:32:05:99:a2:60:92:c1:79:a9:78:
         cd:c6:88:b6:a9:c7:fc:58:5e:85:a3:04:bf:0c:71:d3:0c:b5:
         08:c3:2a:6c:a9:7c:fd:f7:e8:d8:09:68:e8:6e:9e:7b:9c:ae:
         2f:42:99:a9:e3:33:d5:fb:15:65:9e:0f:d2:42:f7:df:3a:45:
         01:eb:80:7d:53:86:c2:fc:34:75:10:ed:57:92:c7:aa:90:f5:
         c7:f0:8b:43:a3:ed:64:9e:98:72:85:12:95:ce:2c:cb:cf:ad:
         c3:a9:41:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU9yfrJiPyAl7lhRphtW7n2VsWeAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjE4MDAwMDAwWhcNMjMwNzIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMGI2NGRmMTJjOTMyZGU1YjAyOGRmMjY1YjA4MjIwNWQ0
M2MyYWVkOGFhOWY5YzQ1MzRiNzAyNzgxMzI4NDRiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlzFcFSa7T7ldl3vGBKNHERfdRAXEaZu2XOqLCQp6lalj3
HOF/F/L1t93s1MkLOOghQEqTWsuyoGRqbOM7QzISADXigHkkOZKBxMqQnbDK+CAk
cQWzTmWGACQY/Sg2LySVBeRvIL+ZLQBfdl3rkbmkf1g6mKoyjJH5SXq/SXTPH0KH
a3IO7K2+guzo+Xj3H5gzct7oCkSPHvQ94oedCrobN5QvLqd3yvs/EUhCqD0DAu8m
LkU156T+gcb4WS54C8xQvF044HU6XazmZohtDyF6Y/mS0WTRlu7tKLug7dqnSIX3
yTvLuL2iJWMLIiuPgvEsaZQJuC7Mr5uwPZYd3tyhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUn4w3P0ADV8in9/2Cbvx9UCZWzFswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk5OGI3NTMxLTkxNTItNDM4Yi05ZTM1LTMzZDY3NTcwMTE0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKaSrv3Asy5PEvHiHOXPJPCCKz7Q
bKhO0U9OGj1kBnVrll9dX5O61M7zjlyL9KC01xptZIkGDM3GKLkk04PRQB+L5SRa
eLN6oDdgcp1r4XhsBZng+5t8ot6nlSkSvUJBhbiRWdP3ApDI1desUdt3u8A+LgEb
pDLr+w3gMXBlihgeCt8r8v7vXd8hVJRBHdrzeKyeyH1SbSk6MgWZomCSwXmpeM3G
iLapx/xYXoWjBL8McdMMtQjDKmypfP336NgJaOhunnucri9CmanjM9X7FWWeD9JC
9986RQHrgH1ThsL8NHUQ7VeSx6qQ9cfwi0Oj7WSemHKFEpXOLMvPrcOpQWk=
-----END CERTIFICATE-----