Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a76f4103-289b-4256-aeec-647567e7e4c0.roa
File:                     a76f4103-289b-4256-aeec-647567e7e4c0.roa (raw, json)
Hash identifier:          HFeg8tgL6JZV63tTB2xHdCGxfeD7rqBWkKWiZ3EeuTw=
Subject key identifier:   07:72:B5:38:5C:81:6D:D1:9B:37:E5:B6:E4:D1:CB:26:51:78:CF:B3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       632BA26573ACC5C0095773E8CB04EAB50DE16D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a76f4103-289b-4256-aeec-647567e7e4c0.roa
Signing time:             Mon 26 Jun 2023 00:00:00 +0000
ROA not before:           Mon 26 Jun 2023 00:00:00 +0000
ROA not after:            Mon 31 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:2b:a2:65:73:ac:c5:c0:09:57:73:e8:cb:04:ea:b5:0d:e1:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 26 00:00:00 2023 GMT
            Not After : Jul 31 23:59:59 2023 GMT
        Subject: serialNumber=0d73d23a54259f7471d4245ab39db10bfe02db7ad5162a1646e3d723ba544577, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d1:61:f3:1a:b7:66:3a:a7:a2:d9:b0:21:98:
                    c5:f3:4e:94:37:e7:ef:08:41:aa:97:03:46:d4:94:
                    7a:44:de:59:59:c1:ef:8b:cb:2c:59:b4:22:cf:ec:
                    12:2c:ea:95:c2:e2:99:f9:84:d8:7f:3d:83:eb:11:
                    64:99:77:9b:3f:67:69:9a:2f:a1:92:eb:3f:5f:11:
                    de:fe:bf:cd:c6:b8:4c:dc:af:14:bd:5f:6f:5c:20:
                    70:af:70:73:76:54:b1:84:ae:d5:c2:55:19:4f:6a:
                    79:b4:8d:b8:55:bc:8c:7b:9d:17:8e:60:77:d8:ee:
                    0c:7c:24:08:15:f5:53:8a:16:bc:56:75:a4:7b:79:
                    0b:db:05:f0:75:1c:16:2e:43:95:49:7c:5a:1d:f3:
                    9d:86:1d:85:43:3e:34:ed:76:89:68:db:22:f5:3e:
                    22:49:d5:ff:91:fb:25:09:69:48:f4:08:80:f5:4e:
                    be:65:55:5b:31:f5:16:7c:11:46:94:e8:0f:98:ce:
                    dc:3e:35:20:db:3e:a1:6e:3b:a5:47:fe:08:ee:7b:
                    21:77:63:4c:f9:9b:7f:20:2e:00:09:bc:59:fb:1f:
                    0c:88:f3:f9:23:9a:ef:32:1b:93:67:20:fe:18:cb:
                    9e:67:8b:21:79:fc:ba:0e:61:c8:69:74:2c:90:7e:
                    8e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:72:B5:38:5C:81:6D:D1:9B:37:E5:B6:E4:D1:CB:26:51:78:CF:B3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a76f4103-289b-4256-aeec-647567e7e4c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:28:3c:d9:13:64:52:27:59:42:7f:21:e1:96:cd:9a:34:4f:
         d2:cb:02:53:29:a1:cf:5c:42:15:9b:ac:d9:2a:46:85:97:84:
         66:dc:ce:e5:56:11:0e:60:ac:88:dd:f9:0e:08:cb:d7:37:ca:
         eb:85:f5:21:60:19:c7:6a:c9:74:77:2d:8f:fe:3c:5c:59:d6:
         bb:79:cd:f2:28:d6:ed:59:1b:4f:f3:98:ec:27:2d:dc:c7:d4:
         18:cd:f8:6d:df:74:be:0b:f2:d1:ff:69:ba:d8:d6:0c:88:aa:
         1e:85:9a:3c:43:70:26:69:1e:c5:c7:3d:61:02:94:47:d0:5c:
         8e:0a:64:e8:21:e9:b2:64:c9:2c:17:9f:95:f4:f6:27:1b:25:
         58:31:62:84:6b:00:b5:df:68:a7:a0:90:de:cc:29:e6:be:1d:
         62:ae:1e:fb:02:60:b4:dd:19:25:09:05:56:38:d8:a1:8c:4b:
         11:51:c2:de:40:5c:f0:f4:ba:95:08:00:b3:67:00:9f:1d:44:
         65:82:69:01:bf:e8:0a:16:ef:49:90:f8:4a:03:51:72:11:e6:
         85:47:50:8b:b7:ab:5f:46:4a:53:a8:56:a0:a9:1b:8f:da:b5:
         6f:c2:3a:c2:fb:d3:11:a8:37:a6:75:4d:76:a8:a8:33:7f:12:
         2d:48:79:af
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITYyuiZXOsxcAJV3PoywTqtQ3hbTANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzIyNzhhYWI4NzhmMjY2MmNlMTRlOTA1ZTE4ZWJjYjc1MjJm
OTJiMzY4NGJjNDg2NWI0ZDAeFw0yMzA2MjYwMDAwMDBaFw0yMzA3MzEyMzU5NTla
MHoxSTBHBgNVBAUTQDBkNzNkMjNhNTQyNTlmNzQ3MWQ0MjQ1YWIzOWRiMTBiZmUw
MmRiN2FkNTE2MmExNjQ2ZTNkNzIzYmE1NDQ1NzcxLTArBgNVBAMTJGMwY2UyM2Vh
LTQzZmMtNGJlNC1iZWVlLWMwMTQ3ODEyMmEwZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKvRYfMat2Y6p6LZsCGYxfNOlDfn7whBqpcDRtSUekTeWVnB
74vLLFm0Is/sEizqlcLimfmE2H89g+sRZJl3mz9naZovoZLrP18R3v6/zca4TNyv
FL1fb1wgcK9wc3ZUsYSu1cJVGU9qebSNuFW8jHudF45gd9juDHwkCBX1U4oWvFZ1
pHt5C9sF8HUcFi5DlUl8Wh3znYYdhUM+NO12iWjbIvU+IknV/5H7JQlpSPQIgPVO
vmVVWzH1FnwRRpToD5jO3D41INs+oW47pUf+CO57IXdjTPmbfyAuAAm8WfsfDIjz
+SOa7zIbk2cg/hjLnmeLIXn8ug5hyGl0LJB+jgECAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBQHcrU4XIFt0Zs35bbk0csmUXjPszAfBgNVHSMEGDAWgBRVqN1F2UQT+dGS
9Sxjzoz7xhSWuDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzE0MzNlYmZmLWRm
ZDYtNGM1Yy1iN2ZmLTk5Yzg1MTM5ZDRhOC8yNzhhYWI4NzhmMjY2MmNlMTRlOTA1
ZTE4ZWJjYjc1MjJmOTJiMzY4NGJjNDg2NWI0ZC5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8xNmYxZmZlZS03NDYxLTQ2NzQtYmIwNS1mZGRl
ZmE5YTAyYzYvYTc2ZjQxMDMtMjg5Yi00MjU2LWFlZWMtNjQ3NTY3ZTdlNGMwLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUt
ZmRkZWZhOWEwMmM2L0ptTE9GT2tGNFk2OHQxSXZrck5vUzhTR1cwMC5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMckeDANBgkqhkiG9w0BAQsFAAOCAQEAnSg82RNkUidZQn8h4ZbNmjRP0ssC
Uymhz1xCFZus2SpGhZeEZtzO5VYRDmCsiN35DgjL1zfK64X1IWAZx2rJdHctj/48
XFnWu3nN8ijW7VkbT/OY7Cct3MfUGM34bd90vgvy0f9putjWDIiqHoWaPENwJmke
xcc9YQKUR9Bcjgpk6CHpsmTJLBeflfT2JxslWDFihGsAtd9op6CQ3swp5r4dYq4e
+wJgtN0ZJQkFVjjYoYxLEVHC3kBc8PS6lQgAs2cAnx1EZYJpAb/oChbvSZD4SgNR
chHmhUdQi7erX0ZKU6hWoKkbj9q1b8I6wvvTEag3pnVNdqioM38SLUh5rw==
-----END CERTIFICATE-----