Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/996503f7-66ae-4003-a530-6348084eeb0e.roa
File:                     996503f7-66ae-4003-a530-6348084eeb0e.roa (raw, json)
Hash identifier:          ZBYe6+b1HK94uXsSllcSWaUnXV7bM81Gnms9AfbVQqo=
Subject key identifier:   A6:50:20:36:D1:9E:FA:B8:76:AC:A3:F1:66:75:30:FE:29:7A:17:75
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       73F6227A689F7B1CFEDC59D3A6CC4E09F2AA3A33
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/996503f7-66ae-4003-a530-6348084eeb0e.roa
Signing time:             Mon 19 Jun 2023 00:00:00 +0000
ROA not before:           Mon 19 Jun 2023 00:00:00 +0000
ROA not after:            Mon 24 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:f6:22:7a:68:9f:7b:1c:fe:dc:59:d3:a6:cc:4e:09:f2:aa:3a:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 19 00:00:00 2023 GMT
            Not After : Jul 24 23:59:59 2023 GMT
        Subject: serialNumber=9c4b787d060ff5766fa31bf732f29793b8ead7e3f9f1c263fe0ab78bbf952bef, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:44:ab:a5:1c:d9:05:e3:ad:9c:cc:86:e4:66:
                    10:80:91:ea:d1:68:f6:b6:03:c8:82:76:53:cd:d1:
                    d1:51:ef:28:e9:86:3c:dd:05:dc:82:34:0e:9b:c7:
                    eb:f3:a3:ca:51:9a:10:a7:b3:cf:96:db:c7:d1:93:
                    cf:05:dd:f2:56:00:4e:b1:33:40:08:ea:e7:40:d8:
                    56:61:13:1f:71:db:eb:0a:8f:7d:20:34:31:e2:44:
                    b1:0f:0d:74:c3:f7:a0:00:78:a1:bb:3d:2c:5f:40:
                    f9:ab:77:64:b1:e3:13:7d:0d:8c:de:88:21:b4:69:
                    96:0b:32:bc:68:9e:e6:68:ee:62:4e:7d:89:a6:f9:
                    21:67:f5:1f:4c:dd:61:58:65:92:bd:4d:e2:c4:0c:
                    6e:c9:83:29:33:b3:37:58:22:78:1d:d8:90:47:e8:
                    a9:55:6a:29:e3:a9:77:50:b9:5a:d3:9a:d8:30:7f:
                    34:07:72:73:f7:58:63:0a:b1:f3:92:8e:de:67:6c:
                    e2:55:32:cd:40:75:73:96:9a:b8:0c:3a:f9:ff:54:
                    c4:3c:7f:3d:01:cc:63:a4:3f:3b:30:2f:17:d2:7c:
                    ad:9a:dc:cc:39:92:95:52:7d:8e:4e:5d:67:d9:e3:
                    d4:f7:35:c0:2e:96:86:60:18:d2:b8:74:ff:93:61:
                    55:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:50:20:36:D1:9E:FA:B8:76:AC:A3:F1:66:75:30:FE:29:7A:17:75
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/996503f7-66ae-4003-a530-6348084eeb0e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:33:5c:9f:05:f3:1b:04:6b:61:e1:03:fe:6c:5d:b8:c1:0c:
         1f:67:97:95:03:f7:d0:be:d2:ce:72:a4:06:fe:d1:05:6c:9c:
         2b:05:b2:59:77:04:da:b7:3f:64:2f:95:35:f7:f0:ee:f5:86:
         40:5b:d1:73:45:37:0d:6f:f0:c4:1a:c4:6b:90:e7:85:99:e8:
         4e:a2:60:b8:f8:7f:75:48:73:0b:38:6f:7a:79:e9:f4:f7:99:
         0e:3b:60:29:e6:93:15:d3:7f:b0:84:63:e3:12:ff:a3:6b:33:
         e5:31:5a:a9:a9:80:96:cb:31:cf:8c:74:fd:5b:43:d9:65:d2:
         32:3a:fc:ff:b8:d5:ec:91:14:2d:fa:75:3d:87:a1:5b:8d:25:
         11:31:1b:40:44:f2:76:45:3e:fc:fd:47:8a:f3:70:b9:69:4e:
         2a:ed:47:40:d2:42:83:59:6c:a8:e8:1c:49:c4:8c:3b:bb:95:
         1d:d4:e4:4d:79:de:b7:4f:33:ea:a9:85:07:1a:57:b3:3b:2b:
         0d:2f:a9:5c:18:8e:05:2e:62:5b:8e:49:ef:19:13:77:94:42:
         d5:be:79:0e:aa:2d:25:3b:70:b4:d1:ec:73:81:3a:0d:8b:68:
         e3:4d:f1:7c:c2:f3:c8:01:09:76:e6:43:58:b8:97:e0:7c:fa:
         7b:ba:80:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc/Yiemifexz+3FnTpsxOCfKqOjMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjE5MDAwMDAwWhcNMjMwNzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YzRiNzg3ZDA2MGZmNTc2NmZhMzFiZjczMmYyOTc5M2I4
ZWFkN2UzZjlmMWMyNjNmZTBhYjc4YmJmOTUyYmVmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3RKulHNkF462czIbkZhCAkerRaPa2A8iCdlPN0dFR7yjp
hjzdBdyCNA6bx+vzo8pRmhCns8+W28fRk88F3fJWAE6xM0AI6udA2FZhEx9x2+sK
j30gNDHiRLEPDXTD96AAeKG7PSxfQPmrd2Sx4xN9DYzeiCG0aZYLMrxonuZo7mJO
fYmm+SFn9R9M3WFYZZK9TeLEDG7JgykzszdYIngd2JBH6KlVainjqXdQuVrTmtgw
fzQHcnP3WGMKsfOSjt5nbOJVMs1AdXOWmrgMOvn/VMQ8fz0BzGOkPzswLxfSfK2a
3Mw5kpVSfY5OXWfZ49T3NcAuloZgGNK4dP+TYVUVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUplAgNtGe+rh2rKPxZnUw/il6F3UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk5NjUwM2Y3LTY2YWUtNDAwMy1hNTMwLTYzNDgwODRlZWIwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ8zXJ8F8xsEa2HhA/5sXbjBDB9n
l5UD99C+0s5ypAb+0QVsnCsFsll3BNq3P2QvlTX38O71hkBb0XNFNw1v8MQaxGuQ
54WZ6E6iYLj4f3VIcws4b3p56fT3mQ47YCnmkxXTf7CEY+MS/6NrM+UxWqmpgJbL
Mc+MdP1bQ9ll0jI6/P+41eyRFC36dT2HoVuNJRExG0BE8nZFPvz9R4rzcLlpTirt
R0DSQoNZbKjoHEnEjDu7lR3U5E153rdPM+qphQcaV7M7Kw0vqVwYjgUuYluOSe8Z
E3eUQtW+eQ6qLSU7cLTR7HOBOg2LaONN8XzC88gBCXbmQ1i4l+B8+nu6gBk=
-----END CERTIFICATE-----