Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ee7e6164-137f-42a7-b9eb-b5f768729442.roa
File:                     ee7e6164-137f-42a7-b9eb-b5f768729442.roa (raw, json)
Hash identifier:          t1wINiAPAPCo/GnfdSPyUgcMMpwexfewSy3mU8q5JVw=
Subject key identifier:   16:A6:E0:E4:6D:FE:E3:C4:64:26:4E:AC:96:87:E3:E1:1D:D8:45:83
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4985D80CE4BCFF2E4D10270733F0810A6766D6AE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ee7e6164-137f-42a7-b9eb-b5f768729442.roa
Signing time:             Mon 19 Jun 2023 00:00:00 +0000
ROA not before:           Mon 19 Jun 2023 00:00:00 +0000
ROA not after:            Mon 24 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:85:d8:0c:e4:bc:ff:2e:4d:10:27:07:33:f0:81:0a:67:66:d6:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 19 00:00:00 2023 GMT
            Not After : Jul 24 23:59:59 2023 GMT
        Subject: serialNumber=04c5c267d78df628abc7d44b56480e56fa885daaf5a7e6c60ffc816bd54aada1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fa:bb:53:3f:22:bb:cc:77:2c:b7:32:78:28:
                    e1:80:a7:05:67:38:44:7b:e3:ab:79:2d:95:d3:c7:
                    cf:7d:70:78:bf:ec:fc:51:96:ee:89:78:bf:9a:08:
                    bb:af:98:03:b0:89:8f:3a:50:e3:87:5c:82:62:68:
                    55:16:d1:99:c6:60:d8:99:51:b1:65:c6:34:13:13:
                    65:bf:63:0b:fc:a5:2c:87:d0:7f:df:a6:a5:d4:8f:
                    30:45:dd:39:24:05:41:e3:e0:44:70:42:51:31:6a:
                    54:65:de:8d:23:c2:aa:ba:32:3a:85:f3:12:b7:47:
                    df:3e:24:15:b5:34:4f:a4:e3:52:10:0a:f6:c0:bc:
                    5a:3f:7e:c6:f6:9b:44:c2:9b:3e:af:0a:6a:80:80:
                    e8:00:bd:fd:c3:51:00:b9:c1:7a:1f:39:9e:51:5f:
                    98:9e:71:31:cf:11:9c:b3:98:ed:7e:64:2c:53:42:
                    4d:fd:1f:57:85:6e:c0:04:4b:0a:2e:07:c1:ed:86:
                    23:05:f8:f9:62:51:d3:8b:7f:e0:77:30:b8:ce:1e:
                    25:ad:4e:a6:ae:97:11:d8:8e:a0:94:4d:e0:7a:f7:
                    70:cd:15:65:2b:40:b4:38:58:3f:ae:8d:fb:81:47:
                    a8:50:89:6a:6c:ab:48:06:00:0b:0d:be:f5:b0:27:
                    18:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:A6:E0:E4:6D:FE:E3:C4:64:26:4E:AC:96:87:E3:E1:1D:D8:45:83
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ee7e6164-137f-42a7-b9eb-b5f768729442.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:c1:06:5f:c9:db:03:ea:66:90:df:6e:43:84:8f:73:7a:b5:
         0a:50:05:e1:39:a7:a0:0e:b4:91:58:ce:6b:7a:37:b2:94:7a:
         c3:39:71:9c:d7:d7:c1:c2:95:6d:05:dc:e3:fa:1e:b9:1c:6c:
         aa:19:02:55:cb:ec:d1:aa:c6:fd:f1:95:3f:c7:1b:48:f7:a2:
         7a:a9:04:cd:a1:06:1d:44:08:52:21:f9:71:db:54:68:a7:b8:
         70:48:90:d8:ad:97:9b:9b:01:46:3f:3a:d9:be:ea:82:f3:7c:
         67:02:e7:8d:2e:6d:ec:88:dc:a6:f0:c8:be:d7:e4:bb:2e:28:
         81:71:5d:05:ac:04:43:88:8c:ec:74:92:f7:58:73:09:85:95:
         57:bb:28:27:8a:cc:a1:f0:fd:04:0a:85:df:6e:79:31:8e:6b:
         14:7e:a2:6a:63:61:cd:dc:0a:84:2b:8d:5d:a5:51:43:01:40:
         c8:ad:ad:8a:54:54:1b:b9:7d:cc:21:49:01:68:c7:f8:58:29:
         ad:9e:ef:09:cb:dc:14:4c:ee:ae:12:52:65:c3:fe:9c:9c:69:
         f7:dd:b5:a9:0c:a3:ac:df:20:9f:b4:96:82:ec:ce:c1:6f:0a:
         cb:5a:47:1d:70:2a:84:8b:15:09:b7:d7:cd:6d:d2:9b:68:ac:
         5a:64:fe:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSYXYDOS8/y5NECcHM/CBCmdm1q4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjE5MDAwMDAwWhcNMjMwNzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNGM1YzI2N2Q3OGRmNjI4YWJjN2Q0NGI1NjQ4MGU1NmZh
ODg1ZGFhZjVhN2U2YzYwZmZjODE2YmQ1NGFhZGExMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDE+rtTPyK7zHcstzJ4KOGApwVnOER746t5LZXTx899cHi/
7PxRlu6JeL+aCLuvmAOwiY86UOOHXIJiaFUW0ZnGYNiZUbFlxjQTE2W/Ywv8pSyH
0H/fpqXUjzBF3TkkBUHj4ERwQlExalRl3o0jwqq6MjqF8xK3R98+JBW1NE+k41IQ
CvbAvFo/fsb2m0TCmz6vCmqAgOgAvf3DUQC5wXofOZ5RX5iecTHPEZyzmO1+ZCxT
Qk39H1eFbsAESwouB8HthiMF+PliUdOLf+B3MLjOHiWtTqaulxHYjqCUTeB693DN
FWUrQLQ4WD+ujfuBR6hQiWpsq0gGAAsNvvWwJxgpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFqbg5G3+48RkJk6slofj4R3YRYMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VlN2U2MTY0LTEzN2YtNDJhNy1iOWViLWI1Zjc2ODcyOTQ0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKLBBl/J2wPqZpDfbkOEj3N6tQpQ
BeE5p6AOtJFYzmt6N7KUesM5cZzX18HClW0F3OP6HrkcbKoZAlXL7NGqxv3xlT/H
G0j3onqpBM2hBh1ECFIh+XHbVGinuHBIkNitl5ubAUY/Otm+6oLzfGcC540ubeyI
3KbwyL7X5LsuKIFxXQWsBEOIjOx0kvdYcwmFlVe7KCeKzKHw/QQKhd9ueTGOaxR+
ompjYc3cCoQrjV2lUUMBQMitrYpUVBu5fcwhSQFox/hYKa2e7wnL3BRM7q4SUmXD
/pycaffdtakMo6zfIJ+0loLszsFvCstaRx1wKoSLFQm3181t0ptorFpk/iI=
-----END CERTIFICATE-----