Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/de54e328-d031-4b9c-a3a7-f315caa4c3da.roa
File:                     de54e328-d031-4b9c-a3a7-f315caa4c3da.roa (raw, json)
Hash identifier:          66s6tgaN0YOord8c9MpgX4Xw/Y8QFMSbEZRQH2jdkCw=
Subject key identifier:   B2:B0:5B:5A:C3:DD:CB:C4:CF:8E:1B:1B:6B:58:71:26:6D:84:B0:74
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       581486763ABF33F05816A68C70923AA34CA8F00C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/de54e328-d031-4b9c-a3a7-f315caa4c3da.roa
Signing time:             Tue 20 Jun 2023 00:00:00 +0000
ROA not before:           Tue 20 Jun 2023 00:00:00 +0000
ROA not after:            Tue 25 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:14:86:76:3a:bf:33:f0:58:16:a6:8c:70:92:3a:a3:4c:a8:f0:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 20 00:00:00 2023 GMT
            Not After : Jul 25 23:59:59 2023 GMT
        Subject: serialNumber=97c012cd235f93c83f50ffb7f50e64442eed98ba8ebe069e917097696ddaf492, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:60:d2:55:65:af:d1:96:c3:8f:01:9d:e4:4f:
                    0c:ed:6f:c3:e2:04:9a:fd:4e:ec:57:74:9e:b7:a3:
                    8d:1b:53:d1:ea:16:9a:5c:6d:ae:36:55:af:19:92:
                    4b:0e:86:eb:1b:94:59:d0:ac:f0:24:54:ba:bb:fe:
                    66:0c:70:56:43:1c:2d:86:5e:d4:6b:4d:1d:4e:3e:
                    93:e5:56:44:74:bf:93:62:2c:54:31:a6:75:d1:44:
                    eb:d4:5e:44:e3:93:39:7e:35:31:79:1b:14:f5:d4:
                    d3:d5:34:a3:b6:f8:ec:bd:fe:48:a4:09:bf:a1:bf:
                    7c:c0:36:28:bb:bc:05:87:42:1c:a6:3c:6a:e4:ad:
                    73:c4:74:60:42:72:19:f3:8f:64:12:e1:71:8f:84:
                    b9:05:a6:4b:2d:4f:ec:89:80:c2:d1:01:0a:ef:f5:
                    76:31:22:69:95:f7:03:3a:05:ab:46:17:f3:c9:db:
                    ff:40:4b:2f:d8:bf:7a:8d:ba:36:11:2b:ad:1a:21:
                    0a:e8:5e:32:d3:9b:15:e4:28:25:5c:02:63:f3:f1:
                    6b:b5:7e:57:28:41:2c:67:fd:74:7b:86:f6:46:94:
                    09:58:f6:c1:8b:9b:29:26:f8:ab:0b:c8:55:a3:48:
                    d6:bc:ca:44:5f:dc:8c:eb:7f:de:86:7c:83:b5:29:
                    f2:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:B0:5B:5A:C3:DD:CB:C4:CF:8E:1B:1B:6B:58:71:26:6D:84:B0:74
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/de54e328-d031-4b9c-a3a7-f315caa4c3da.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:2e:93:52:18:0c:f9:dc:1d:2a:45:4c:c3:bd:01:cb:5e:79:
         db:a1:9e:fd:5e:b2:53:d7:87:ae:86:39:ec:42:d5:e6:b3:8d:
         2d:95:98:72:c2:87:b3:d2:61:dd:e9:19:5a:e3:50:d5:b9:e4:
         5d:94:b7:d8:44:ac:c9:69:0a:20:49:b0:70:a5:1d:73:20:33:
         8a:9e:fd:6a:a7:d5:cb:c9:d2:96:53:d5:ce:4f:5c:8d:f7:ec:
         28:f8:28:60:2b:cd:c7:2d:f9:7b:b1:c0:c6:c5:6f:94:db:60:
         1d:9f:a7:10:29:a8:3d:15:43:bf:cd:f2:bd:1d:78:64:a2:80:
         f6:4a:f5:04:8d:83:ba:23:fe:b9:06:1d:f8:b3:7a:58:88:8a:
         4b:fa:77:48:6c:a9:e6:a1:32:02:62:42:0c:a7:40:55:56:41:
         57:29:38:86:19:53:81:be:84:23:67:1e:9f:77:da:a2:95:fb:
         cc:5f:90:cf:dc:21:d5:76:3f:88:64:ea:54:c4:ca:58:bb:8f:
         08:d2:e3:df:ce:89:dd:b4:03:c9:6c:49:2c:01:02:f9:c6:fd:
         0d:76:c8:8b:da:76:c0:6c:01:55:6b:3a:4b:56:8c:fa:86:4e:
         81:40:ff:3c:b6:30:57:2e:8c:ea:ca:3c:d9:68:81:16:b9:a1:
         57:0c:c8:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWBSGdjq/M/BYFqaMcJI6o0yo8AwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjIwMDAwMDAwWhcNMjMwNzI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5N2MwMTJjZDIzNWY5M2M4M2Y1MGZmYjdmNTBlNjQ0NDJl
ZWQ5OGJhOGViZTA2OWU5MTcwOTc2OTZkZGFmNDkyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGYNJVZa/RlsOPAZ3kTwztb8PiBJr9TuxXdJ63o40bU9Hq
Fppcba42Va8ZkksOhusblFnQrPAkVLq7/mYMcFZDHC2GXtRrTR1OPpPlVkR0v5Ni
LFQxpnXRROvUXkTjkzl+NTF5GxT11NPVNKO2+Oy9/kikCb+hv3zANii7vAWHQhym
PGrkrXPEdGBCchnzj2QS4XGPhLkFpkstT+yJgMLRAQrv9XYxImmV9wM6BatGF/PJ
2/9ASy/Yv3qNujYRK60aIQroXjLTmxXkKCVcAmPz8Wu1flcoQSxn/XR7hvZGlAlY
9sGLmykm+KsLyFWjSNa8ykRf3Izrf96GfIO1KfK9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsrBbWsPdy8TPjhsba1hxJm2EsHQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RlNTRlMzI4LWQwMzEtNGI5Yy1hM2E3LWYzMTVjYWE0YzNkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEIuk1IYDPncHSpFTMO9Acteeduh
nv1eslPXh66GOexC1eazjS2VmHLCh7PSYd3pGVrjUNW55F2Ut9hErMlpCiBJsHCl
HXMgM4qe/Wqn1cvJ0pZT1c5PXI337Cj4KGArzcct+XuxwMbFb5TbYB2fpxApqD0V
Q7/N8r0deGSigPZK9QSNg7oj/rkGHfizeliIikv6d0hsqeahMgJiQgynQFVWQVcp
OIYZU4G+hCNnHp932qKV+8xfkM/cIdV2P4hk6lTEyli7jwjS49/Oid20A8lsSSwB
AvnG/Q12yIvadsBsAVVrOktWjPqGToFA/zy2MFcujOrKPNlogRa5oVcMyOs=
-----END CERTIFICATE-----