Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b418ada6-237a-43e4-870a-ff665d998044.roa
File:                     b418ada6-237a-43e4-870a-ff665d998044.roa (raw, json)
Hash identifier:          LgrAnxVZmr7TaCrrzws1rA12H6wq1YKD8PHUN7P993o=
Subject key identifier:   C0:B6:C3:EC:1E:C5:52:64:66:67:57:07:B0:DA:9E:E5:82:95:39:A2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2DB4C8473E360E758324B8224B695A5AD315256E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b418ada6-237a-43e4-870a-ff665d998044.roa
Signing time:             Sun 02 Jul 2023 00:00:00 +0000
ROA not before:           Sun 02 Jul 2023 00:00:00 +0000
ROA not after:            Sun 06 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:b4:c8:47:3e:36:0e:75:83:24:b8:22:4b:69:5a:5a:d3:15:25:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  2 00:00:00 2023 GMT
            Not After : Aug  6 23:59:59 2023 GMT
        Subject: serialNumber=f4d5b853120ad5d3c9f0aa30e5b1150104bd7820719cd85ddf0e64d5020ed473, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:02:a4:74:33:6c:fc:d8:6b:13:bc:05:b0:dc:
                    3c:b0:f4:77:9b:19:f8:42:bf:59:71:7d:c8:df:4e:
                    76:3c:3a:00:5c:b3:82:9c:ff:bb:4b:8b:36:0f:b2:
                    57:ec:b6:09:a6:cf:25:5c:c5:49:70:88:23:a3:7f:
                    ac:fe:92:df:8b:35:9d:92:ac:78:eb:22:4b:51:cc:
                    11:08:92:eb:c4:22:01:3a:e5:85:29:ae:37:e9:9d:
                    87:b4:bb:75:04:1a:32:fc:4f:5c:83:f2:c9:e6:4f:
                    96:b4:43:45:68:2e:ed:38:dd:4b:3d:94:d1:5b:92:
                    03:13:f7:3a:cd:d6:ad:16:b9:fb:ac:01:b7:94:97:
                    40:11:63:c2:a8:b9:ce:26:71:c4:69:85:c3:c2:64:
                    8a:9a:ba:b3:ba:bc:9a:1b:be:86:28:10:8b:0c:cb:
                    8e:c8:de:71:e2:f0:a9:cf:72:4e:c0:96:00:4f:7a:
                    df:4e:85:73:34:19:04:b6:4a:f8:0c:f7:dc:1a:c8:
                    b4:94:4b:40:da:ad:46:d2:d9:51:e4:d0:70:48:e2:
                    c0:9a:7d:69:53:cb:c7:5f:0a:52:6d:4c:0c:ba:c8:
                    30:7e:4a:c5:9e:0f:0f:7f:6f:8a:5e:40:29:0d:47:
                    2f:1a:ae:05:5a:1f:cf:69:7d:9c:fe:b6:19:f8:3c:
                    f9:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:B6:C3:EC:1E:C5:52:64:66:67:57:07:B0:DA:9E:E5:82:95:39:A2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b418ada6-237a-43e4-870a-ff665d998044.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:ea:5e:37:92:7b:9f:56:cf:86:88:58:3a:6f:fd:b5:db:b2:
         fb:44:3b:68:91:60:6b:d0:97:cc:fe:0a:98:b9:75:18:d0:68:
         76:b3:23:18:da:92:f3:97:e9:9b:f1:4c:a9:8e:f7:d4:bf:1f:
         cd:85:dc:90:67:f5:0f:7c:0e:0f:85:7a:72:ba:ef:cd:44:f4:
         64:06:83:08:6c:b7:8c:f9:00:06:aa:be:b7:d5:b0:73:1d:cb:
         3d:16:ed:c1:b4:82:51:2c:75:c4:a8:d8:04:57:57:58:c0:38:
         b8:36:7c:7e:da:65:c5:f0:77:55:b7:43:33:20:9a:f4:a7:bf:
         01:b5:cc:51:95:9f:b9:da:dc:0f:1e:57:7a:97:5f:f6:9b:b9:
         c5:ab:71:80:62:ad:5c:02:83:42:42:60:62:72:6d:be:ed:19:
         b0:ed:20:c0:22:71:c7:b0:2d:55:fa:8c:c1:67:c6:92:94:1f:
         bd:9e:32:50:b0:24:34:29:42:96:9a:6f:d5:32:8f:60:cc:be:
         a6:4c:e5:bb:c4:71:d5:76:59:75:28:a6:f2:fb:42:19:b7:0d:
         e0:47:95:5b:07:60:1a:1e:6d:86:43:6d:f5:ba:1e:7f:0b:48:
         4b:53:76:be:00:a4:e0:ec:2a:66:31:ca:94:ed:b8:94:8f:3d:
         e4:db:cb:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULbTIRz42DnWDJLgiS2laWtMVJW4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzAyMDAwMDAwWhcNMjMwODA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNGQ1Yjg1MzEyMGFkNWQzYzlmMGFhMzBlNWIxMTUwMTA0
YmQ3ODIwNzE5Y2Q4NWRkZjBlNjRkNTAyMGVkNDczMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSAqR0M2z82GsTvAWw3Dyw9HebGfhCv1lxfcjfTnY8OgBc
s4Kc/7tLizYPslfstgmmzyVcxUlwiCOjf6z+kt+LNZ2SrHjrIktRzBEIkuvEIgE6
5YUprjfpnYe0u3UEGjL8T1yD8snmT5a0Q0VoLu043Us9lNFbkgMT9zrN1q0Wufus
AbeUl0ARY8Kouc4mccRphcPCZIqaurO6vJobvoYoEIsMy47I3nHi8KnPck7AlgBP
et9OhXM0GQS2SvgM99wayLSUS0DarUbS2VHk0HBI4sCafWlTy8dfClJtTAy6yDB+
SsWeDw9/b4peQCkNRy8argVaH89pfZz+thn4PPk9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwLbD7B7FUmRmZ1cHsNqe5YKVOaIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I0MThhZGE2LTIzN2EtNDNlNC04NzBhLWZmNjY1ZDk5ODA0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB3qXjeSe59Wz4aIWDpv/bXbsvtE
O2iRYGvQl8z+Cpi5dRjQaHazIxjakvOX6ZvxTKmO99S/H82F3JBn9Q98Dg+FenK6
781E9GQGgwhst4z5AAaqvrfVsHMdyz0W7cG0glEsdcSo2ARXV1jAOLg2fH7aZcXw
d1W3QzMgmvSnvwG1zFGVn7na3A8eV3qXX/abucWrcYBirVwCg0JCYGJybb7tGbDt
IMAiccewLVX6jMFnxpKUH72eMlCwJDQpQpaab9Uyj2DMvqZM5bvEcdV2WXUopvL7
Qhm3DeBHlVsHYBoebYZDbfW6Hn8LSEtTdr4ApODsKmYxypTtuJSPPeTby2k=
-----END CERTIFICATE-----