Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53c0585f-36cb-47c4-9e14-48dbd5e8b943.roa
File:                     53c0585f-36cb-47c4-9e14-48dbd5e8b943.roa (raw, json)
Hash identifier:          xddzDLYuyY2tBwdDpV79ut2Izc93BX+8iBIik0F2kY4=
Subject key identifier:   1B:18:72:82:70:6C:85:40:C8:3B:E0:8B:87:4B:95:03:DF:3A:02:74
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5A1298AC1F94624499AD2C5D5B4E328C584A7A1B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53c0585f-36cb-47c4-9e14-48dbd5e8b943.roa
Signing time:             Thu 22 Jun 2023 00:00:00 +0000
ROA not before:           Thu 22 Jun 2023 00:00:00 +0000
ROA not after:            Thu 27 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:12:98:ac:1f:94:62:44:99:ad:2c:5d:5b:4e:32:8c:58:4a:7a:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 22 00:00:00 2023 GMT
            Not After : Jul 27 23:59:59 2023 GMT
        Subject: serialNumber=8ec8e44ad7cb6d2f7d6807d8c0c5213b2dc7c36f0213f62e991f92509d53a211, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:25:4f:d4:77:6f:67:48:10:8d:a1:50:1d:ed:
                    60:b3:bf:0b:b0:fb:f6:97:08:e9:dc:74:e7:fe:85:
                    e5:a6:53:a8:55:f5:12:70:06:97:73:26:e8:1e:63:
                    14:f9:2a:27:2a:df:ba:70:04:81:ca:c9:99:4f:b6:
                    25:47:4a:e2:66:51:dc:33:a8:93:77:96:f3:ab:42:
                    86:50:8b:af:1f:ca:a6:85:1c:6a:5d:eb:6c:b6:9f:
                    da:5b:88:a8:68:33:f0:fd:49:80:50:2b:17:6b:1c:
                    09:bd:b4:80:68:5c:38:75:8c:a6:5e:f7:be:db:d7:
                    4b:6f:2d:be:5e:14:ce:a2:66:d3:4c:1e:21:a0:40:
                    eb:53:98:a2:5c:c5:74:55:3e:2a:d7:f6:9e:20:50:
                    b7:03:1f:dd:28:a5:fc:04:ac:22:c8:64:ec:24:41:
                    10:70:97:17:8f:a8:39:5d:3c:ec:07:8a:f0:78:76:
                    10:2b:fb:41:7a:5a:a3:cf:ae:a3:be:b3:55:68:37:
                    55:ed:e7:5f:f0:67:49:fc:f1:03:de:7d:20:9c:05:
                    3b:b5:ab:b5:3c:04:4c:42:1f:40:40:9c:e5:25:28:
                    69:b5:09:40:c0:02:6f:2b:5e:d9:71:4c:2f:37:cc:
                    4d:c3:95:46:7c:48:48:24:4c:66:9a:9b:0e:bb:2f:
                    51:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:18:72:82:70:6C:85:40:C8:3B:E0:8B:87:4B:95:03:DF:3A:02:74
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53c0585f-36cb-47c4-9e14-48dbd5e8b943.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:8f:3f:df:02:d8:3b:03:c9:df:f6:ff:7f:28:06:11:52:cc:
         34:18:87:dd:82:b7:09:97:69:d4:c0:55:dd:8e:8a:32:77:e9:
         c6:9b:1a:07:eb:1b:61:bb:bc:04:28:67:54:a6:bd:42:f1:7f:
         08:d4:41:7a:1b:4c:e6:34:6e:c0:89:98:9d:10:92:fe:63:cf:
         99:c2:7f:9a:b3:f2:e6:ed:2e:9d:4b:5f:6c:d7:91:6e:e6:76:
         7f:91:e1:53:06:21:c3:9d:ae:c2:d9:22:19:13:94:fe:71:4b:
         52:86:39:37:89:7c:34:97:95:00:99:b4:ab:28:10:bd:35:ca:
         ba:f2:63:bb:43:19:04:c8:0a:15:a2:7e:d0:76:e3:1e:21:a4:
         b2:f4:c4:11:b4:d8:ad:d6:e3:c0:fc:f2:64:cf:dd:9a:3b:44:
         e1:5b:a6:7a:0f:86:2c:9c:64:86:1c:95:93:a9:a3:1c:7c:02:
         63:e7:25:c5:b0:18:69:b6:a0:ac:c0:f5:fd:f0:81:5c:1b:f2:
         80:6e:6f:f1:c2:74:fd:0b:b9:ea:9b:75:f9:7b:dc:0f:79:15:
         1c:7f:6c:01:f0:f1:93:3c:58:cc:73:d8:6c:3a:b0:d2:03:18:
         28:33:8a:32:92:bb:ac:31:37:1a:a0:71:85:d1:37:17:bf:e0:
         31:40:22:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWhKYrB+UYkSZrSxdW04yjFhKehswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjIyMDAwMDAwWhcNMjMwNzI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZWM4ZTQ0YWQ3Y2I2ZDJmN2Q2ODA3ZDhjMGM1MjEzYjJk
YzdjMzZmMDIxM2Y2MmU5OTFmOTI1MDlkNTNhMjExMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeJU/Ud29nSBCNoVAd7WCzvwuw+/aXCOncdOf+heWmU6hV
9RJwBpdzJugeYxT5Kicq37pwBIHKyZlPtiVHSuJmUdwzqJN3lvOrQoZQi68fyqaF
HGpd62y2n9pbiKhoM/D9SYBQKxdrHAm9tIBoXDh1jKZe977b10tvLb5eFM6iZtNM
HiGgQOtTmKJcxXRVPirX9p4gULcDH90opfwErCLIZOwkQRBwlxePqDldPOwHivB4
dhAr+0F6WqPPrqO+s1VoN1Xt51/wZ0n88QPefSCcBTu1q7U8BExCH0BAnOUlKGm1
CUDAAm8rXtlxTC83zE3DlUZ8SEgkTGaamw67L1E5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGxhygnBshUDIO+CLh0uVA986AnQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUzYzA1ODVmLTM2Y2ItNDdjNC05ZTE0LTQ4ZGJkNWU4Yjk0My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEGPP98C2DsDyd/2/38oBhFSzDQY
h92CtwmXadTAVd2OijJ36cabGgfrG2G7vAQoZ1SmvULxfwjUQXobTOY0bsCJmJ0Q
kv5jz5nCf5qz8ubtLp1LX2zXkW7mdn+R4VMGIcOdrsLZIhkTlP5xS1KGOTeJfDSX
lQCZtKsoEL01yrryY7tDGQTIChWiftB24x4hpLL0xBG02K3W48D88mTP3Zo7ROFb
pnoPhiycZIYclZOpoxx8AmPnJcWwGGm2oKzA9f3wgVwb8oBub/HCdP0Lueqbdfl7
3A95FRx/bAHw8ZM8WMxz2Gw6sNIDGCgzijKSu6wxNxqgcYXRNxe/4DFAImY=
-----END CERTIFICATE-----