Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/df679c46-f4b4-41f2-ba3e-f7cad723893b.roa
File:                     df679c46-f4b4-41f2-ba3e-f7cad723893b.roa (raw, json)
Hash identifier:          aQ9D9z4Uy3B7e3B583LiBeVu5u5Llaxd4QaCuyYjH9s=
Subject key identifier:   D5:B9:87:59:EC:2A:D8:7F:57:B6:97:7E:CD:75:77:43:94:C9:5B:59
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2197F9FBDEB1B39BF4D23EDFE687F68DFB4CBC05
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/df679c46-f4b4-41f2-ba3e-f7cad723893b.roa
Signing time:             Tue 11 Jul 2023 00:00:00 +0000
ROA not before:           Tue 11 Jul 2023 00:00:00 +0000
ROA not after:            Tue 15 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:97:f9:fb:de:b1:b3:9b:f4:d2:3e:df:e6:87:f6:8d:fb:4c:bc:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 11 00:00:00 2023 GMT
            Not After : Aug 15 23:59:59 2023 GMT
        Subject: serialNumber=3239a9809135c3258bcc3ec104985b096ca52c15d36b53594df3811558eec701, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:db:4c:95:9b:78:60:29:0a:eb:79:63:95:cf:
                    dd:f2:4d:10:e2:ae:d6:01:58:97:66:aa:0e:00:71:
                    8e:35:67:b5:8c:f1:f7:ec:59:e4:cd:03:4b:41:79:
                    65:2e:6c:7e:e3:8c:73:93:b4:0b:8d:cd:c7:4e:3b:
                    53:80:30:25:1f:6b:8d:07:bd:01:40:08:2f:67:3c:
                    03:88:e3:94:fe:0a:81:d2:0b:0f:3c:6a:e5:d5:00:
                    27:9c:e0:7e:98:95:9a:61:10:f7:01:23:78:52:34:
                    c1:e7:25:4a:02:4a:d5:8c:97:f9:98:40:bb:7e:70:
                    2f:7c:48:75:6a:cd:34:19:4f:f6:70:bf:c9:ae:46:
                    4a:b6:b3:05:30:da:fe:89:65:a6:22:d3:8c:a9:8e:
                    ab:ba:f9:f7:a6:28:c4:c7:30:5a:5d:24:c7:6e:a6:
                    9d:72:51:84:b5:6a:11:7b:2f:f4:4d:d6:f7:bf:32:
                    d2:2b:d4:bd:4a:a5:2f:49:ec:7b:2f:7b:71:54:76:
                    e7:0d:f2:2c:9d:ad:6a:25:21:9f:a2:6e:de:65:83:
                    38:1e:64:51:d2:b6:db:fb:07:bf:b1:31:b8:5c:99:
                    65:cc:33:5c:0e:ba:a5:d0:d6:d7:f1:7a:06:f1:67:
                    c2:86:b1:eb:28:4d:e9:c9:3c:e1:9a:43:29:45:c2:
                    8c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B9:87:59:EC:2A:D8:7F:57:B6:97:7E:CD:75:77:43:94:C9:5B:59
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/df679c46-f4b4-41f2-ba3e-f7cad723893b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:19:2c:6b:ac:e7:d6:dc:1a:45:f6:51:82:22:a0:b8:f2:1c:
         e7:31:86:cd:62:dd:4f:93:e2:45:5e:5b:25:7c:6d:58:97:00:
         0c:01:04:bc:0e:b5:43:c3:89:73:2e:4f:b5:68:bf:29:fd:5d:
         ed:22:75:50:35:ad:6c:18:01:82:d1:67:a3:b0:6b:24:96:c0:
         3b:ed:7f:15:90:0b:1c:fa:81:48:70:ee:f7:64:0a:e7:c1:cb:
         3a:48:f1:4e:6c:16:2f:0a:62:3b:89:15:0b:f8:63:78:60:cd:
         9a:bd:70:9c:4f:0d:ce:d1:c9:b7:18:4d:00:94:63:47:3d:40:
         2b:f4:fc:52:f6:ae:a4:4a:66:80:3a:02:ac:2f:69:67:73:70:
         3d:97:e9:a3:a2:43:da:3c:de:a3:de:a6:30:18:df:3f:b0:27:
         43:d9:68:d9:50:9b:f1:79:51:aa:4d:99:33:4d:22:db:a7:3d:
         1e:5c:3b:36:ab:2e:e9:f3:5f:21:4b:20:77:27:7d:d5:c4:3f:
         67:4c:f4:0f:65:60:2b:7d:98:db:5b:89:87:71:01:11:3e:16:
         d8:1f:da:8a:c3:c7:24:ac:93:d7:fa:d6:84:94:2c:a0:1c:11:
         16:ad:91:16:72:bd:62:df:d1:c3:8a:46:3a:57:ef:93:e4:45:
         82:87:3d:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIZf5+96xs5v00j7f5of2jftMvAUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzExMDAwMDAwWhcNMjMwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjM5YTk4MDkxMzVjMzI1OGJjYzNlYzEwNDk4NWIwOTZj
YTUyYzE1ZDM2YjUzNTk0ZGYzODExNTU4ZWVjNzAxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDk20yVm3hgKQrreWOVz93yTRDirtYBWJdmqg4AcY41Z7WM
8ffsWeTNA0tBeWUubH7jjHOTtAuNzcdOO1OAMCUfa40HvQFACC9nPAOI45T+CoHS
Cw88auXVACec4H6YlZphEPcBI3hSNMHnJUoCStWMl/mYQLt+cC98SHVqzTQZT/Zw
v8muRkq2swUw2v6JZaYi04ypjqu6+femKMTHMFpdJMdupp1yUYS1ahF7L/RN1ve/
MtIr1L1KpS9J7Hsve3FUducN8iydrWolIZ+ibt5lgzgeZFHSttv7B7+xMbhcmWXM
M1wOuqXQ1tfxegbxZ8KGsesoTenJPOGaQylFwow7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1bmHWewq2H9Xtpd+zXV3Q5TJW1kwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RmNjc5YzQ2LWY0YjQtNDFmMi1iYTNlLWY3Y2FkNzIzODkzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA0ZLGus59bcGkX2UYIioLjyHOcx
hs1i3U+T4kVeWyV8bViXAAwBBLwOtUPDiXMuT7Vovyn9Xe0idVA1rWwYAYLRZ6Ow
aySWwDvtfxWQCxz6gUhw7vdkCufByzpI8U5sFi8KYjuJFQv4Y3hgzZq9cJxPDc7R
ybcYTQCUY0c9QCv0/FL2rqRKZoA6AqwvaWdzcD2X6aOiQ9o83qPepjAY3z+wJ0PZ
aNlQm/F5UapNmTNNItunPR5cOzarLunzXyFLIHcnfdXEP2dM9A9lYCt9mNtbiYdx
ARE+Ftgf2orDxySsk9f61oSULKAcERatkRZyvWLf0cOKRjpX75PkRYKHPSk=
-----END CERTIFICATE-----