Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5d209bcc-dec6-4b9e-b437-c89077611521.roa
File:                     5d209bcc-dec6-4b9e-b437-c89077611521.roa (raw, json)
Hash identifier:          ZLh8qKjukB+T5ncp1+2+eWand9dJiS4k5+Z7Y4+CJ5M=
Subject key identifier:   EC:95:85:49:BC:43:BD:57:BD:5D:EB:A5:DE:53:6C:C8:C3:65:3E:EC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4BB49948E473DCCB41D2CE59305C7C9F782AAA0A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5d209bcc-dec6-4b9e-b437-c89077611521.roa
Signing time:             Thu 29 Jun 2023 00:00:00 +0000
ROA not before:           Thu 29 Jun 2023 00:00:00 +0000
ROA not after:            Thu 03 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:b4:99:48:e4:73:dc:cb:41:d2:ce:59:30:5c:7c:9f:78:2a:aa:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 29 00:00:00 2023 GMT
            Not After : Aug  3 23:59:59 2023 GMT
        Subject: serialNumber=7b49973a5b44bd2d8e38c324f6b98d9fec9e9b464bcceaafb82215516af4ab6e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6c:34:93:33:7c:d0:7f:d0:d0:2f:dd:b4:70:
                    7c:9c:e2:d2:39:0f:33:00:2a:41:a0:79:a6:bd:a1:
                    5c:f1:df:7e:ca:8e:dc:99:48:fc:67:68:28:55:53:
                    6e:15:85:18:9e:16:0b:37:87:6a:a0:1d:d2:18:84:
                    3e:9c:23:69:3e:7e:77:c3:61:a9:44:86:00:40:0e:
                    29:2c:e9:78:47:ff:76:54:a9:f0:fe:6e:3b:01:d1:
                    d6:77:fe:3b:b4:9a:42:31:4c:66:17:d4:08:87:ea:
                    d2:08:cf:01:3c:35:98:cd:28:07:c0:18:22:81:6a:
                    99:b0:9b:ae:76:36:6c:29:2e:c6:38:a7:9f:d4:34:
                    7e:77:bb:f7:9e:ef:04:3b:d3:9c:d5:2b:1a:33:d6:
                    3a:d2:07:6d:69:e1:bf:54:ac:0d:dc:59:6b:83:73:
                    fd:e5:88:a1:28:94:1e:f1:27:7f:ae:e3:46:84:e4:
                    f7:e6:5f:3b:58:94:1f:01:72:26:4e:e3:e7:5a:e5:
                    4a:ab:18:0f:77:86:e3:1f:3f:13:af:f8:63:85:cb:
                    b5:4d:8e:ef:b7:f4:23:82:b8:ff:94:d4:0c:27:d9:
                    24:e8:33:7d:15:f7:09:ae:3c:8d:88:ab:c7:ad:47:
                    70:a1:4b:2f:15:cb:43:30:27:20:d2:ac:7c:78:29:
                    9a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:95:85:49:BC:43:BD:57:BD:5D:EB:A5:DE:53:6C:C8:C3:65:3E:EC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5d209bcc-dec6-4b9e-b437-c89077611521.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:82:14:17:29:48:eb:2a:b1:7d:e1:1c:19:bb:48:ce:e9:61:
         3d:0e:2e:3c:c4:bb:b2:82:82:4f:f6:21:5d:a9:b0:e0:4f:45:
         0c:eb:f5:36:32:08:61:45:3e:8c:0a:e2:72:ab:51:91:68:e0:
         b8:c7:d7:07:1c:0f:57:45:67:bd:fe:a1:e1:aa:d9:ea:9b:d1:
         b5:3b:24:13:a6:33:02:4e:2a:84:94:fe:c1:e7:69:9a:c8:d8:
         6c:05:f4:3d:e9:13:b5:76:d9:08:5b:12:76:74:be:f6:71:e4:
         bf:e8:13:5e:25:4e:b8:a3:14:2d:c7:01:87:9b:a1:22:e2:a0:
         24:a5:f0:59:5c:cd:97:f0:da:52:64:7b:6c:7e:49:73:15:c9:
         ca:7a:72:64:51:10:40:92:44:7b:40:c0:2c:0e:a9:d0:73:9b:
         97:f2:77:f0:e1:cc:3b:df:70:77:3f:69:e8:0a:f8:ad:30:17:
         3f:ea:f5:8c:96:ab:b7:84:f2:3e:61:8f:f5:b8:d0:84:0e:66:
         c6:c4:8c:7f:25:33:f9:fc:07:cf:55:fd:75:a2:ff:a0:c5:b9:
         f6:3f:c5:d5:81:78:6d:0e:79:94:1a:ee:32:91:0c:14:da:8c:
         c1:e4:6e:91:86:02:60:22:28:c8:9a:e8:2d:91:5a:83:9a:6c:
         51:19:97:85
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUS7SZSORz3MtB0s5ZMFx8n3gqqgowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI5MDAwMDAwWhcNMjMwODAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YjQ5OTczYTViNDRiZDJkOGUzOGMzMjRmNmI5OGQ5ZmVj
OWU5YjQ2NGJjY2VhYWZiODIyMTU1MTZhZjRhYjZlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEbDSTM3zQf9DQL920cHyc4tI5DzMAKkGgeaa9oVzx337K
jtyZSPxnaChVU24VhRieFgs3h2qgHdIYhD6cI2k+fnfDYalEhgBADiks6XhH/3ZU
qfD+bjsB0dZ3/ju0mkIxTGYX1AiH6tIIzwE8NZjNKAfAGCKBapmwm652NmwpLsY4
p5/UNH53u/ee7wQ705zVKxoz1jrSB21p4b9UrA3cWWuDc/3liKEolB7xJ3+u40aE
5PfmXztYlB8BciZO4+da5UqrGA93huMfPxOv+GOFy7VNju+39COCuP+U1Awn2STo
M30V9wmuPI2Iq8etR3ChSy8Vy0MwJyDSrHx4KZpNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7JWFSbxDvVe9Xeul3lNsyMNlPuwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVkMjA5YmNjLWRlYzYtNGI5ZS1iNDM3LWM4OTA3NzYxMTUyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAGCFBcpSOsqsX3hHBm7SM7pYT0O
LjzEu7KCgk/2IV2psOBPRQzr9TYyCGFFPowK4nKrUZFo4LjH1wccD1dFZ73+oeGq
2eqb0bU7JBOmMwJOKoSU/sHnaZrI2GwF9D3pE7V22QhbEnZ0vvZx5L/oE14lTrij
FC3HAYeboSLioCSl8FlczZfw2lJke2x+SXMVycp6cmRREECSRHtAwCwOqdBzm5fy
d/DhzDvfcHc/aegK+K0wFz/q9YyWq7eE8j5hj/W40IQOZsbEjH8lM/n8B89V/XWi
/6DFufY/xdWBeG0OeZQa7jKRDBTajMHkbpGGAmAiKMia6C2RWoOabFEZl4U=
-----END CERTIFICATE-----