Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/99cf30d2-28fe-4a24-b0d1-859265782439.roa
File:                     99cf30d2-28fe-4a24-b0d1-859265782439.roa (raw, json)
Hash identifier:          ibQgcZEZVduEYTYHv1pd30vsPJ3LRiQMQSy0HVgP8J8=
Subject key identifier:   BA:D5:C8:C9:9F:7E:52:B9:5B:16:FE:9A:74:16:AE:9A:55:38:C8:2D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1C4EDF234ED5552F5C80958E8EE9571D30DC7B1F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/99cf30d2-28fe-4a24-b0d1-859265782439.roa
Signing time:             Sun 02 Jul 2023 00:00:00 +0000
ROA not before:           Sun 02 Jul 2023 00:00:00 +0000
ROA not after:            Sun 06 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:4e:df:23:4e:d5:55:2f:5c:80:95:8e:8e:e9:57:1d:30:dc:7b:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  2 00:00:00 2023 GMT
            Not After : Aug  6 23:59:59 2023 GMT
        Subject: serialNumber=9d813e6a70c4d90821acac92b5a288fcfa4ba226fb5b988e194387a734b7aa3c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9d:23:54:67:f7:b4:ee:bf:99:59:04:2e:cf:
                    8c:a7:68:04:27:4e:d4:82:d7:57:9f:cc:19:9a:13:
                    94:f4:ff:76:58:13:c8:ff:12:c2:a0:63:51:92:e7:
                    e2:d8:fd:30:9c:e6:a4:06:70:ef:68:f8:76:c1:00:
                    d6:92:e3:d9:f0:32:50:63:54:86:30:5f:49:77:a7:
                    bb:41:a7:df:a2:c1:35:eb:6b:9e:0c:17:09:b7:58:
                    43:d1:5a:35:0e:2b:60:a9:84:0c:b0:38:c5:16:77:
                    83:c1:be:42:dd:8c:15:66:f4:9a:97:94:cb:29:86:
                    5d:11:49:0a:c9:eb:23:ef:fe:cc:5f:94:e7:30:38:
                    92:ec:91:91:71:71:72:c9:67:b0:d4:8f:6f:90:77:
                    95:ba:74:07:12:e3:92:e4:12:08:df:e7:c1:31:12:
                    e7:2c:f8:e8:4d:f2:d4:6a:75:4d:1b:d7:e4:e8:c1:
                    e9:1e:74:9e:7b:03:0d:d0:7b:0e:5c:45:77:19:8b:
                    66:87:88:10:3a:3b:ee:26:65:71:81:01:5c:e5:38:
                    ba:54:53:28:9c:57:09:95:39:b2:1a:e8:59:b1:2b:
                    06:5e:7b:c8:f3:64:78:0d:18:d6:5c:f8:f8:e9:5b:
                    01:25:8a:9a:2c:60:a9:cd:4f:fe:45:d1:5f:a7:61:
                    e5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:D5:C8:C9:9F:7E:52:B9:5B:16:FE:9A:74:16:AE:9A:55:38:C8:2D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/99cf30d2-28fe-4a24-b0d1-859265782439.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:07:6c:49:71:48:2b:e1:d5:16:09:fc:f1:cc:c7:b1:72:4f:
         5f:8b:1c:b8:3f:62:c4:31:bf:52:90:4e:3f:da:72:34:7c:3d:
         14:aa:61:54:30:ec:da:02:e5:98:54:18:0b:fc:73:59:ad:a6:
         57:a3:d8:17:ff:23:be:e5:4d:cb:62:02:7d:3f:e0:81:d3:3a:
         45:b4:59:73:79:ea:b5:fb:d3:bf:93:89:7d:4b:b8:fd:da:d8:
         c2:04:0d:69:34:fa:ef:99:be:35:50:12:8a:b7:69:ca:a6:08:
         6a:73:44:2f:7b:b3:95:f9:67:ae:1a:b6:ef:cb:4b:5b:bd:12:
         38:7e:5a:52:6f:8a:d1:3b:74:6a:14:5f:af:06:8d:61:49:06:
         66:47:a0:67:1b:4f:97:f8:92:9e:19:c2:e6:6d:7f:0e:c5:ee:
         02:67:8b:c7:4e:18:84:98:6c:95:63:03:b7:0e:c5:71:27:72:
         17:59:87:29:86:b7:ec:d7:5c:c5:b5:af:2c:22:c2:29:da:a3:
         f8:58:d7:97:f3:e9:8e:5d:df:90:58:ab:95:5b:49:ad:c9:69:
         32:4b:2a:c8:ac:17:45:6d:1f:3a:29:d8:15:a7:82:77:d7:03:
         97:d1:6c:b9:ca:8c:c0:80:e2:62:3c:39:2e:f0:90:43:4e:69:
         a1:69:2f:a6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHE7fI07VVS9cgJWOjulXHTDcex8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzAyMDAwMDAwWhcNMjMwODA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDgxM2U2YTcwYzRkOTA4MjFhY2FjOTJiNWEyODhmY2Zh
NGJhMjI2ZmI1Yjk4OGUxOTQzODdhNzM0YjdhYTNjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5nSNUZ/e07r+ZWQQuz4ynaAQnTtSC11efzBmaE5T0/3ZY
E8j/EsKgY1GS5+LY/TCc5qQGcO9o+HbBANaS49nwMlBjVIYwX0l3p7tBp9+iwTXr
a54MFwm3WEPRWjUOK2CphAywOMUWd4PBvkLdjBVm9JqXlMsphl0RSQrJ6yPv/sxf
lOcwOJLskZFxcXLJZ7DUj2+Qd5W6dAcS45LkEgjf58ExEucs+OhN8tRqdU0b1+To
wekedJ57Aw3Qew5cRXcZi2aHiBA6O+4mZXGBAVzlOLpUUyicVwmVObIa6FmxKwZe
e8jzZHgNGNZc+PjpWwEliposYKnNT/5F0V+nYeVJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUutXIyZ9+UrlbFv6adBaumlU4yC0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk5Y2YzMGQyLTI4ZmUtNGEyNC1iMGQxLTg1OTI2NTc4MjQzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF4HbElxSCvh1RYJ/PHMx7FyT1+L
HLg/YsQxv1KQTj/acjR8PRSqYVQw7NoC5ZhUGAv8c1mtplej2Bf/I77lTctiAn0/
4IHTOkW0WXN56rX707+TiX1LuP3a2MIEDWk0+u+ZvjVQEoq3acqmCGpzRC97s5X5
Z64atu/LS1u9Ejh+WlJvitE7dGoUX68GjWFJBmZHoGcbT5f4kp4ZwuZtfw7F7gJn
i8dOGISYbJVjA7cOxXEnchdZhymGt+zXXMW1rywiwinao/hY15fz6Y5d35BYq5Vb
Sa3JaTJLKsisF0VtHzop2BWngnfXA5fRbLnKjMCA4mI8OS7wkENOaaFpL6Y=
-----END CERTIFICATE-----