Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d95eb127-9f0d-4921-a4e5-87ce57c18ccc.roa
File:                     d95eb127-9f0d-4921-a4e5-87ce57c18ccc.roa (raw, json)
Hash identifier:          BbwKJU0ZKVWF+G61D6JVY/Wetciz09YmD4juAfOjol4=
Subject key identifier:   87:BE:D4:C6:84:AD:F4:B1:7B:75:49:70:EE:54:7F:35:B6:0D:4D:B5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7A924290BB977B57D5F2EEBFEBBD9B61011A63C1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d95eb127-9f0d-4921-a4e5-87ce57c18ccc.roa
Signing time:             Mon 19 Jun 2023 00:00:00 +0000
ROA not before:           Mon 19 Jun 2023 00:00:00 +0000
ROA not after:            Mon 24 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:92:42:90:bb:97:7b:57:d5:f2:ee:bf:eb:bd:9b:61:01:1a:63:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 19 00:00:00 2023 GMT
            Not After : Jul 24 23:59:59 2023 GMT
        Subject: serialNumber=ebea1d22094733437d4658233e354e826294f673f77092b551d524d9a5fa8c4b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:be:54:7e:6a:b8:9a:61:e0:97:cf:48:57:da:
                    bb:2c:50:33:5e:41:2d:ec:1b:d3:03:88:1d:ac:42:
                    aa:be:4b:cd:9c:21:9f:7d:2b:68:11:a8:ae:da:5b:
                    7f:ab:d6:df:b2:9a:95:cb:4b:f7:93:e7:20:60:4c:
                    95:72:97:30:a4:5b:5f:2b:53:f5:b2:3c:bf:79:89:
                    11:f1:36:63:b2:89:9b:99:b7:2b:a6:4f:81:ff:67:
                    c7:f6:d2:2d:f3:11:69:44:07:68:37:8b:cc:3d:94:
                    53:d9:c5:b7:2d:9f:f2:b1:58:01:1a:b7:12:15:93:
                    bd:ad:2d:f0:98:1e:f0:d0:da:41:4d:27:25:fe:e6:
                    27:8a:3b:1b:21:c9:68:21:ba:63:45:37:4c:cd:9b:
                    a5:81:66:50:d6:4a:12:17:ea:fc:0e:2e:6f:28:91:
                    0f:f1:a6:29:e8:8d:ae:9f:fd:0a:47:55:6d:8f:02:
                    52:da:e2:40:14:19:e0:5f:4a:97:4a:42:3b:25:8f:
                    9a:a1:f2:3c:ae:a0:f6:98:02:db:f6:b2:d8:35:79:
                    bb:3b:88:2e:cd:4a:bb:0a:38:b1:5e:9e:4d:83:56:
                    c5:58:03:4a:ba:32:fb:5b:5c:d5:d2:ea:1e:60:b3:
                    01:48:04:aa:a6:38:8d:ef:a8:4a:24:0b:c1:38:cc:
                    0c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:BE:D4:C6:84:AD:F4:B1:7B:75:49:70:EE:54:7F:35:B6:0D:4D:B5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d95eb127-9f0d-4921-a4e5-87ce57c18ccc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:cc:4b:b5:d0:0b:f8:17:dd:52:79:a2:c5:09:62:2b:b1:c6:
         8d:22:48:42:55:50:0f:e0:9f:62:91:d8:0b:83:31:7a:1d:40:
         9d:c8:23:fc:8c:ea:32:f9:b7:c8:a8:99:e0:7b:95:91:2f:7d:
         37:6b:e0:e0:78:a0:f9:52:eb:7a:f7:05:36:d9:4b:96:3e:15:
         75:52:7d:a0:ff:a7:87:4d:90:46:be:ce:fc:d1:a9:f9:39:26:
         c2:96:5c:5d:15:40:9b:70:4f:d4:02:96:d3:3a:2e:eb:63:6c:
         75:6e:58:68:43:d7:2d:dc:84:4e:c4:07:aa:c2:51:ac:20:be:
         99:c0:2a:e7:01:aa:0d:fb:05:0e:61:60:8d:c9:f6:d7:04:74:
         0d:9e:a3:d8:26:66:fa:c4:fd:ed:7e:7f:b6:9b:a2:ce:85:8f:
         ce:65:81:75:62:64:91:31:a5:5a:17:cd:13:04:31:d9:77:02:
         2d:de:7b:fc:8d:e9:f3:e2:01:dd:7b:4f:f1:25:c3:8a:d7:64:
         52:a1:16:ef:1b:e3:6b:99:57:4d:b8:69:01:80:ce:77:fe:cb:
         86:c4:82:62:d1:27:d4:b0:8e:ab:ba:97:7c:e3:02:99:a8:54:
         a6:7f:67:49:8f:64:f0:9d:d5:15:19:63:4e:60:04:c9:f5:e0:
         ad:a6:7b:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUepJCkLuXe1fV8u6/672bYQEaY8EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjE5MDAwMDAwWhcNMjMwNzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYmVhMWQyMjA5NDczMzQzN2Q0NjU4MjMzZTM1NGU4MjYy
OTRmNjczZjc3MDkyYjU1MWQ1MjRkOWE1ZmE4YzRiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMvlR+ariaYeCXz0hX2rssUDNeQS3sG9MDiB2sQqq+S82c
IZ99K2gRqK7aW3+r1t+ympXLS/eT5yBgTJVylzCkW18rU/WyPL95iRHxNmOyiZuZ
tyumT4H/Z8f20i3zEWlEB2g3i8w9lFPZxbctn/KxWAEatxIVk72tLfCYHvDQ2kFN
JyX+5ieKOxshyWghumNFN0zNm6WBZlDWShIX6vwOLm8okQ/xpinoja6f/QpHVW2P
AlLa4kAUGeBfSpdKQjslj5qh8jyuoPaYAtv2stg1ebs7iC7NSrsKOLFenk2DVsVY
A0q6MvtbXNXS6h5gswFIBKqmOI3vqEokC8E4zAwlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUh77UxoSt9LF7dUlw7lR/NbYNTbUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q5NWViMTI3LTlmMGQtNDkyMS1hNGU1LTg3Y2U1N2MxOGNjYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKLMS7XQC/gX3VJ5osUJYiuxxo0i
SEJVUA/gn2KR2AuDMXodQJ3II/yM6jL5t8iomeB7lZEvfTdr4OB4oPlS63r3BTbZ
S5Y+FXVSfaD/p4dNkEa+zvzRqfk5JsKWXF0VQJtwT9QCltM6LutjbHVuWGhD1y3c
hE7EB6rCUawgvpnAKucBqg37BQ5hYI3J9tcEdA2eo9gmZvrE/e1+f7abos6Fj85l
gXViZJExpVoXzRMEMdl3Ai3ee/yN6fPiAd17T/Elw4rXZFKhFu8b42uZV024aQGA
znf+y4bEgmLRJ9Swjqu6l3zjApmoVKZ/Z0mPZPCd1RUZY05gBMn14K2me5I=
-----END CERTIFICATE-----