Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f2632744-cd54-4032-a53b-ffd125ea9e15.roa
File:                     f2632744-cd54-4032-a53b-ffd125ea9e15.roa (raw, json)
Hash identifier:          GbmeJVi3UFCXsKybGuAHXOLjziU6RvrXH820ZwWsugI=
Subject key identifier:   60:85:90:02:50:9C:1B:03:2F:6D:36:67:A1:CD:07:47:9D:ED:CE:68
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2D1A5906014ABEE2D58CB225913F85A6203E2A48
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f2632744-cd54-4032-a53b-ffd125ea9e15.roa
Signing time:             Sun 25 Jun 2023 00:00:00 +0000
ROA not before:           Sun 25 Jun 2023 00:00:00 +0000
ROA not after:            Sun 30 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:1a:59:06:01:4a:be:e2:d5:8c:b2:25:91:3f:85:a6:20:3e:2a:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 25 00:00:00 2023 GMT
            Not After : Jul 30 23:59:59 2023 GMT
        Subject: serialNumber=ff18b3eb330292b2075e74fc84af1312c788bc7aabb54125ace03097e2ad72ca, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3f:c5:76:bd:0b:d6:bd:fc:c7:14:c1:c7:75:
                    6a:58:0d:31:a1:bc:b7:0f:9c:10:96:8c:ff:04:87:
                    44:be:c6:33:25:45:bc:a7:45:78:64:e8:f1:94:fd:
                    4f:b2:43:bb:51:77:6b:f8:b7:26:39:68:a4:26:a7:
                    9b:c4:bb:34:95:5a:5a:ea:6d:82:52:75:48:4f:e5:
                    c2:40:43:4c:98:4d:39:96:f9:51:de:ef:e9:3c:3a:
                    68:c9:16:b0:03:b7:b9:3a:9e:9e:2a:2e:2f:ac:5c:
                    de:67:73:cd:02:c9:0d:28:10:a5:29:f2:ab:ef:8e:
                    5c:2f:0b:e7:fa:ba:e2:dc:96:fb:d9:9a:55:b0:68:
                    3f:54:46:75:f7:95:82:9a:70:ff:b2:c6:bb:21:c8:
                    fe:a0:bf:2e:ba:9b:7a:e2:03:45:02:3a:ed:50:2c:
                    3e:1e:00:77:fa:13:c3:8b:a6:2e:cd:d3:86:c6:e7:
                    90:03:2d:3a:73:17:de:5e:ed:4f:d7:e8:8d:92:07:
                    7a:7f:f9:75:2c:bb:d1:3d:48:03:7c:44:ec:51:e8:
                    e2:eb:c9:2a:00:cd:34:34:a2:59:07:49:14:6c:8f:
                    0a:2d:b6:f2:7d:df:34:5c:95:a3:07:e0:b0:d1:85:
                    b9:16:f4:05:1f:54:6a:a3:a2:2f:80:3f:34:49:bc:
                    60:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:85:90:02:50:9C:1B:03:2F:6D:36:67:A1:CD:07:47:9D:ED:CE:68
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f2632744-cd54-4032-a53b-ffd125ea9e15.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:e3:e9:f0:bb:65:ab:36:29:2a:af:f3:e9:ae:5c:14:c7:b7:
         48:79:68:67:ee:ed:21:65:b7:db:db:f4:73:86:0e:d9:27:36:
         f4:e9:ce:6f:a9:45:c3:e0:73:8a:c8:08:5c:e0:6b:ed:d3:68:
         a7:19:37:27:f2:28:d8:dc:d7:ce:5a:59:34:0b:3e:af:f4:ca:
         cb:a9:10:fa:95:5e:9b:ae:ab:47:8f:af:44:24:87:78:ad:9e:
         53:04:2e:5f:90:4e:40:21:28:0f:a5:1d:63:27:8c:49:d9:f8:
         2f:74:18:6e:14:01:69:2a:aa:2a:80:b7:59:b4:91:34:6f:d1:
         b9:de:cb:52:17:53:3c:6a:64:bf:d6:ca:2e:97:75:3c:1b:4b:
         a8:9f:2c:4d:a9:ba:57:c2:71:4b:49:82:52:7a:1f:a0:df:18:
         de:aa:90:d8:e0:ad:2d:47:27:71:37:82:39:6d:0e:1e:8e:fb:
         ae:ba:b2:f1:6d:49:18:bd:8f:c6:6a:79:73:aa:e9:18:4a:1a:
         c9:e1:fc:db:50:c9:a3:6c:d2:d7:35:00:f9:1a:a5:c6:ab:e6:
         75:4a:0a:2e:6c:95:2b:11:73:9f:38:ae:63:ad:18:00:6f:f6:
         a6:d1:a4:ea:0a:fa:95:00:d7:f5:07:a2:b0:2e:54:bd:11:ff:
         74:29:7e:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULRpZBgFKvuLVjLIlkT+FpiA+KkgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI1MDAwMDAwWhcNMjMwNzMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjE4YjNlYjMzMDI5MmIyMDc1ZTc0ZmM4NGFmMTMxMmM3
ODhiYzdhYWJiNTQxMjVhY2UwMzA5N2UyYWQ3MmNhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXP8V2vQvWvfzHFMHHdWpYDTGhvLcPnBCWjP8Eh0S+xjMl
RbynRXhk6PGU/U+yQ7tRd2v4tyY5aKQmp5vEuzSVWlrqbYJSdUhP5cJAQ0yYTTmW
+VHe7+k8OmjJFrADt7k6np4qLi+sXN5nc80CyQ0oEKUp8qvvjlwvC+f6uuLclvvZ
mlWwaD9URnX3lYKacP+yxrshyP6gvy66m3riA0UCOu1QLD4eAHf6E8OLpi7N04bG
55ADLTpzF95e7U/X6I2SB3p/+XUsu9E9SAN8ROxR6OLrySoAzTQ0olkHSRRsjwot
tvJ93zRclaMH4LDRhbkW9AUfVGqjoi+APzRJvGCZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYIWQAlCcGwMvbTZnoc0HR53tzmgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2YyNjMyNzQ0LWNkNTQtNDAzMi1hNTNiLWZmZDEyNWVhOWUxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEzj6fC7Zas2KSqv8+muXBTHt0h5
aGfu7SFlt9vb9HOGDtknNvTpzm+pRcPgc4rICFzga+3TaKcZNyfyKNjc185aWTQL
Pq/0ysupEPqVXpuuq0ePr0Qkh3itnlMELl+QTkAhKA+lHWMnjEnZ+C90GG4UAWkq
qiqAt1m0kTRv0bney1IXUzxqZL/Wyi6XdTwbS6ifLE2pulfCcUtJglJ6H6DfGN6q
kNjgrS1HJ3E3gjltDh6O+666svFtSRi9j8ZqeXOq6RhKGsnh/NtQyaNs0tc1APka
pcar5nVKCi5slSsRc584rmOtGABv9qbRpOoK+pUA1/UHorAuVL0R/3Qpfqg=
-----END CERTIFICATE-----