Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/01df7493-2d27-435c-be65-c75c52eeb1ca.roa
File:                     01df7493-2d27-435c-be65-c75c52eeb1ca.roa (raw, json)
Hash identifier:          yhebWoh9TulDQ4sxQOqVIvA+3/1IwAQN5AVlJPpEoak=
Subject key identifier:   82:70:C3:87:46:94:C1:F0:1D:C2:80:7C:B3:2F:D0:8F:B0:89:F7:FF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5ED406B4047F619F729B8215AEFD02D17C5EA002
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/01df7493-2d27-435c-be65-c75c52eeb1ca.roa
Signing time:             Tue 01 Aug 2023 00:00:00 +0000
ROA not before:           Tue 01 Aug 2023 00:00:00 +0000
ROA not after:            Tue 05 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:d4:06:b4:04:7f:61:9f:72:9b:82:15:ae:fd:02:d1:7c:5e:a0:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  1 00:00:00 2023 GMT
            Not After : Sep  5 23:59:59 2023 GMT
        Subject: serialNumber=b72b2209647bdd504efae5bc0c8615d85285ff026f85c6bd15636e28a61574f2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9d:1d:da:ae:b0:c7:b1:c5:f5:29:72:04:57:
                    d4:82:6e:44:3a:d7:8e:a6:2a:fe:c3:85:db:87:21:
                    bd:52:82:c0:7d:5f:d5:50:4d:d8:56:ba:24:d0:f9:
                    ef:7c:3d:49:4c:85:f5:af:99:f8:f0:45:d2:f5:18:
                    51:c6:bb:82:35:e7:5f:be:19:96:9e:e1:ad:e6:08:
                    62:3c:a8:cc:37:c6:ac:ff:15:79:08:1a:8c:91:57:
                    76:78:a4:07:bd:b3:54:a6:b7:76:5b:75:07:dc:93:
                    ab:e2:dd:c1:4e:ba:72:65:63:fe:52:48:e1:29:0d:
                    6c:5d:26:61:52:5a:47:30:5b:f6:dd:62:a9:e7:46:
                    c6:f8:38:23:cd:f0:5f:4c:41:d7:60:4a:8b:a5:83:
                    91:74:02:a7:f2:6f:4c:33:e4:18:e2:3b:95:1c:92:
                    e3:8c:a1:ae:ee:fa:09:63:26:9f:be:d8:43:10:69:
                    9d:25:3f:12:c9:78:2d:d1:73:58:79:0a:9f:fe:9d:
                    1a:3d:6a:bb:00:20:80:bf:c8:8e:7e:ea:df:b2:0f:
                    95:9f:57:5c:7d:95:06:dd:ac:fb:a0:c5:6c:33:36:
                    23:40:9e:9e:75:86:92:5c:7a:b4:8c:bf:c4:14:2e:
                    8e:40:c8:73:b1:b2:97:e6:f9:83:1f:c0:b0:5d:35:
                    28:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:70:C3:87:46:94:C1:F0:1D:C2:80:7C:B3:2F:D0:8F:B0:89:F7:FF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/01df7493-2d27-435c-be65-c75c52eeb1ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:00:96:6e:59:4e:79:fb:61:2e:2f:78:f7:27:30:da:aa:28:
         93:fe:fb:4c:61:8e:ca:88:a4:4b:d0:d2:ca:c9:94:eb:4f:7a:
         43:f2:78:2a:af:a2:71:30:1d:36:ad:28:1f:e0:00:2c:b8:ee:
         e7:35:94:bd:fa:55:34:cf:44:ff:de:26:5b:75:46:9c:c9:f3:
         b5:a7:cc:06:54:65:5f:cb:82:9c:fe:e4:bd:db:a6:b7:8e:29:
         01:7d:08:b3:16:97:cf:42:ef:f9:1f:86:a8:56:cb:c1:86:f1:
         ba:7b:3c:ab:be:06:39:b4:c9:89:7d:5c:64:fd:5d:8b:12:2d:
         2e:4a:bf:70:6f:39:c6:88:3c:ce:92:05:62:91:e5:65:75:d3:
         2d:03:92:96:8d:4f:84:41:c4:74:86:e3:a8:d3:c4:5c:95:90:
         e7:bb:1d:2d:80:ee:b1:c0:82:e2:be:35:67:17:a5:25:0b:22:
         eb:85:37:45:f2:75:fd:5d:6f:cd:59:4d:13:ac:62:77:5a:be:
         9f:56:6a:50:1a:3a:69:ce:83:9d:06:71:69:54:ad:f0:40:d3:
         d4:36:66:d7:85:82:78:58:9f:ea:c1:fd:bc:0a:f8:f4:47:af:
         f2:b0:d8:f4:d9:d6:f7:b1:46:b9:73:a9:96:9b:1c:a5:e5:0e:
         ee:39:aa:ac
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXtQGtAR/YZ9ym4IVrv0C0XxeoAIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODAxMDAwMDAwWhcNMjMwOTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNzJiMjIwOTY0N2JkZDUwNGVmYWU1YmMwYzg2MTVkODUy
ODVmZjAyNmY4NWM2YmQxNTYzNmUyOGE2MTU3NGYyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChnR3arrDHscX1KXIEV9SCbkQ6146mKv7DhduHIb1SgsB9
X9VQTdhWuiTQ+e98PUlMhfWvmfjwRdL1GFHGu4I151++GZae4a3mCGI8qMw3xqz/
FXkIGoyRV3Z4pAe9s1Smt3ZbdQfck6vi3cFOunJlY/5SSOEpDWxdJmFSWkcwW/bd
YqnnRsb4OCPN8F9MQddgSoulg5F0Aqfyb0wz5BjiO5UckuOMoa7u+gljJp++2EMQ
aZ0lPxLJeC3Rc1h5Cp/+nRo9arsAIIC/yI5+6t+yD5WfV1x9lQbdrPugxWwzNiNA
np51hpJcerSMv8QULo5AyHOxspfm+YMfwLBdNSgPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgnDDh0aUwfAdwoB8sy/Qj7CJ9/8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzAxZGY3NDkzLTJkMjctNDM1Yy1iZTY1LWM3NWM1MmVlYjFjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFIAlm5ZTnn7YS4vePcnMNqqKJP+
+0xhjsqIpEvQ0srJlOtPekPyeCqvonEwHTatKB/gACy47uc1lL36VTTPRP/eJlt1
RpzJ87WnzAZUZV/Lgpz+5L3bpreOKQF9CLMWl89C7/kfhqhWy8GG8bp7PKu+Bjm0
yYl9XGT9XYsSLS5Kv3BvOcaIPM6SBWKR5WV10y0DkpaNT4RBxHSG46jTxFyVkOe7
HS2A7rHAguK+NWcXpSULIuuFN0Xydf1db81ZTROsYndavp9WalAaOmnOg50GcWlU
rfBA09Q2ZteFgnhYn+rB/bwK+PRHr/Kw2PTZ1vexRrlzqZabHKXlDu45qqw=
-----END CERTIFICATE-----