Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0a419e91-7004-4ef8-a83d-712587325f9a.roa
File:                     0a419e91-7004-4ef8-a83d-712587325f9a.roa (raw, json)
Hash identifier:          OHkFQSZ+XP9RMH/vaUjfdxep0XrwMegzKXEeOqOqC60=
Subject key identifier:   6E:C0:AD:0B:DD:04:E8:E2:C1:49:36:43:7A:8E:D3:DD:73:EC:DF:63
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       072BA25F05EAD7E5E489E8867FA33DA00B440305
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0a419e91-7004-4ef8-a83d-712587325f9a.roa
Signing time:             Sun 09 Jul 2023 00:00:00 +0000
ROA not before:           Sun 09 Jul 2023 00:00:00 +0000
ROA not after:            Sun 13 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:2b:a2:5f:05:ea:d7:e5:e4:89:e8:86:7f:a3:3d:a0:0b:44:03:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  9 00:00:00 2023 GMT
            Not After : Aug 13 23:59:59 2023 GMT
        Subject: serialNumber=0c8c7f66d68b4809debb504b6260eb4862af5056f8c539c9974365469e65a64d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b5:89:ed:cd:c8:c5:6d:ea:5c:c4:a5:70:e7:
                    ac:d9:d0:3e:d6:35:9b:76:b3:1b:b2:61:3d:7b:2d:
                    2a:cf:1e:72:75:ce:e3:83:37:31:58:92:7f:a8:0a:
                    8f:f6:93:51:37:cf:50:fb:cf:23:fb:9e:f4:5f:ee:
                    fd:aa:b4:db:93:5a:5c:cd:9c:ed:5f:25:9e:b9:8a:
                    6f:b6:a1:8e:ab:a8:3a:0d:28:ef:22:d5:2b:77:85:
                    ae:4f:ef:ff:02:02:60:47:85:f7:33:cb:cc:4e:1a:
                    d9:de:f3:b8:96:dc:cd:38:e5:74:22:b0:09:c5:29:
                    dd:a9:33:d4:3c:b8:85:40:9f:c5:54:7c:bc:b2:be:
                    3b:42:42:a1:3b:63:96:a0:3d:b7:92:ec:80:48:a4:
                    52:65:9a:8e:c0:a4:c1:95:1f:36:a6:f0:42:aa:ce:
                    e8:10:78:34:f1:e0:ed:dc:b1:d9:58:64:80:23:fd:
                    90:ca:1a:44:9a:11:28:57:c7:a4:81:1b:1b:ae:a5:
                    53:23:8f:3c:c2:c8:08:99:f4:14:c3:15:17:cf:5a:
                    86:c6:52:26:32:9f:78:08:ce:de:d4:a6:9e:0f:51:
                    37:1f:2d:0b:f1:1e:86:3f:8b:d9:0a:5b:22:57:73:
                    b1:a7:a6:60:5b:72:16:45:7e:c8:93:cf:37:ae:a6:
                    85:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C0:AD:0B:DD:04:E8:E2:C1:49:36:43:7A:8E:D3:DD:73:EC:DF:63
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0a419e91-7004-4ef8-a83d-712587325f9a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:88:71:e0:2d:1b:4c:2f:fd:17:4b:a8:0f:2d:30:8f:6c:88:
         e5:71:11:59:ee:e4:3e:28:b4:df:55:ce:33:28:8a:69:60:dd:
         a0:bd:dc:bc:49:5c:71:87:7c:c9:07:9c:6a:86:f1:c5:c4:cc:
         bc:9c:07:a8:6f:d7:f8:a9:59:7c:fa:c9:c3:e0:08:af:8e:3a:
         78:79:18:eb:cf:e6:e9:4c:ed:a3:aa:e7:64:7a:25:5e:79:43:
         ec:9b:09:c6:a5:d8:fa:f6:4e:2f:e1:66:75:e2:a3:12:0f:a8:
         4b:d8:e0:8b:cd:c1:b9:3c:8b:2d:a7:2c:e9:24:f5:d1:0c:37:
         d4:f6:85:ec:b5:8f:81:a7:d1:33:96:f6:3a:08:eb:16:8c:e5:
         b9:56:b2:f6:54:a8:0a:be:92:ac:67:81:a9:e1:04:32:d2:52:
         70:ed:cb:0c:a2:92:a1:7d:00:4c:b2:13:fd:1c:71:bf:1f:0e:
         0e:b7:a0:c1:48:cd:99:36:8b:4b:4d:e7:74:52:48:bb:69:77:
         76:53:67:38:05:94:8b:8c:91:71:0c:d0:46:e2:20:11:33:13:
         5f:25:e6:9f:41:be:09:31:c3:9d:c2:15:f4:2e:6b:ba:5d:a9:
         72:b5:c6:16:84:2e:bd:04:1f:fc:35:fe:b7:0a:35:f8:d6:ee:
         1f:02:b6:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUByuiXwXq1+XkieiGf6M9oAtEAwUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzA5MDAwMDAwWhcNMjMwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzhjN2Y2NmQ2OGI0ODA5ZGViYjUwNGI2MjYwZWI0ODYy
YWY1MDU2ZjhjNTM5Yzk5NzQzNjU0NjllNjVhNjRkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYtYntzcjFbepcxKVw56zZ0D7WNZt2sxuyYT17LSrPHnJ1
zuODNzFYkn+oCo/2k1E3z1D7zyP7nvRf7v2qtNuTWlzNnO1fJZ65im+2oY6rqDoN
KO8i1St3ha5P7/8CAmBHhfczy8xOGtne87iW3M045XQisAnFKd2pM9Q8uIVAn8VU
fLyyvjtCQqE7Y5agPbeS7IBIpFJlmo7ApMGVHzam8EKqzugQeDTx4O3csdlYZIAj
/ZDKGkSaEShXx6SBGxuupVMjjzzCyAiZ9BTDFRfPWobGUiYyn3gIzt7Upp4PUTcf
LQvxHoY/i9kKWyJXc7GnpmBbchZFfsiTzzeupoVNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbsCtC90E6OLBSTZDeo7T3XPs32MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBhNDE5ZTkxLTcwMDQtNGVmOC1hODNkLTcxMjU4NzMyNWY5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB+IceAtG0wv/RdLqA8tMI9siOVx
EVnu5D4otN9VzjMoimlg3aC93LxJXHGHfMkHnGqG8cXEzLycB6hv1/ipWXz6ycPg
CK+OOnh5GOvP5ulM7aOq52R6JV55Q+ybCcal2Pr2Ti/hZnXioxIPqEvY4IvNwbk8
iy2nLOkk9dEMN9T2hey1j4Gn0TOW9joI6xaM5blWsvZUqAq+kqxnganhBDLSUnDt
ywyikqF9AEyyE/0ccb8fDg63oMFIzZk2i0tN53RSSLtpd3ZTZzgFlIuMkXEM0Ebi
IBEzE18l5p9Bvgkxw53CFfQua7pdqXK1xhaELr0EH/w1/rcKNfjW7h8CtuM=
-----END CERTIFICATE-----