Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/03f166f0-6927-4f5d-a835-0d6313facb07.roa
File:                     03f166f0-6927-4f5d-a835-0d6313facb07.roa (raw, json)
Hash identifier:          aA8vUl7kc4O0/N7T8wLr0cgyRpBgDJKATw1nq57a1Ig=
Subject key identifier:   EB:76:E6:29:09:F1:FC:81:DF:37:28:FC:30:8E:B5:07:85:7A:38:C1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1FD5E644F50B868E3D4905B6434593B61459D49A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/03f166f0-6927-4f5d-a835-0d6313facb07.roa
Signing time:             Sat 22 Jul 2023 00:00:00 +0000
ROA not before:           Sat 22 Jul 2023 00:00:00 +0000
ROA not after:            Sat 26 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:d5:e6:44:f5:0b:86:8e:3d:49:05:b6:43:45:93:b6:14:59:d4:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 22 00:00:00 2023 GMT
            Not After : Aug 26 23:59:59 2023 GMT
        Subject: serialNumber=cbd424afe7817a59f693bdc35fa9f18381f97c166cf8235f70e9d3da0cd0053b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:38:59:13:2c:3f:85:c1:a2:d2:b6:44:27:63:
                    7d:fc:4a:48:10:3f:23:08:06:21:cf:cb:86:77:ad:
                    20:f2:bf:82:bb:ee:bf:5e:ff:16:25:de:c1:db:56:
                    f3:fa:30:11:da:ce:cc:91:69:2c:80:15:84:9b:5e:
                    bc:d1:c9:e8:d5:c2:4d:a6:a3:88:56:54:e2:a7:4a:
                    8e:31:bd:7e:02:f5:5c:68:43:c1:5a:79:5b:f5:1e:
                    3e:97:48:45:c1:e4:60:e0:bb:5c:ea:9d:a3:82:df:
                    aa:fb:8c:69:c5:03:bb:70:3c:23:54:8d:a5:88:b5:
                    b0:7b:26:50:98:30:4b:04:73:65:fb:32:82:7a:9b:
                    2e:ee:8e:a0:3c:38:79:f5:ee:e0:9a:9a:67:78:6a:
                    b0:18:16:6a:51:da:f6:4c:32:ea:aa:0e:a4:c8:7e:
                    d7:ff:e7:55:0f:3b:2e:4c:45:ee:e6:89:27:08:fb:
                    d1:d2:a0:67:71:8e:7e:2f:80:08:35:46:da:a9:0b:
                    8d:7f:11:27:47:42:50:20:80:8a:6f:4c:01:73:91:
                    3d:4f:a1:b9:78:0e:c6:d9:02:b1:b9:52:67:0e:d4:
                    7d:e7:d9:de:c5:50:35:d3:4c:b3:dc:8c:85:15:22:
                    76:85:01:fb:40:c5:5b:fc:97:fb:81:4a:81:f4:0c:
                    b0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:76:E6:29:09:F1:FC:81:DF:37:28:FC:30:8E:B5:07:85:7A:38:C1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/03f166f0-6927-4f5d-a835-0d6313facb07.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:38:eb:f2:fa:c4:42:2b:be:53:9b:a2:d2:52:ba:d5:f1:19:
         3b:e5:89:45:c2:cb:40:27:2c:50:9f:27:82:88:9a:89:94:9b:
         fb:1c:96:5c:8d:16:b8:76:19:35:02:79:a8:2c:5d:af:1b:e5:
         61:38:56:8c:5c:4a:62:85:b8:83:4e:bc:64:0b:7c:c3:da:ca:
         de:7b:25:5e:1b:0b:5b:18:1b:ec:0c:6c:4a:a7:ba:ae:3f:57:
         04:de:e7:51:f2:ab:6f:39:de:12:f7:fa:52:04:c0:1f:f8:1b:
         9c:ee:2c:f2:74:c5:4e:34:57:74:8a:1c:a4:ce:03:a6:22:fc:
         90:9e:b8:3e:d7:60:0c:c2:fc:70:6d:17:04:73:59:18:27:df:
         44:da:dd:7d:b8:3f:77:cb:ff:9e:7c:9e:64:77:05:c3:32:ef:
         fb:8e:74:13:b0:6b:e8:59:9c:43:80:da:ce:13:79:db:3c:39:
         d3:b1:4f:08:d8:55:03:7a:d0:fa:c7:36:53:49:0a:0e:85:92:
         4b:66:90:90:1f:90:75:1a:ee:fa:26:6d:c7:f9:2d:5b:fe:e1:
         31:de:e5:09:d2:fd:f4:d5:e2:f0:f8:ad:62:e1:d8:2d:a2:c9:
         5e:b6:d6:3a:25:cf:68:4e:0f:5a:df:70:61:41:5b:3f:7d:be:
         41:97:46:bb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH9XmRPULho49SQW2Q0WTthRZ1JowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzIyMDAwMDAwWhcNMjMwODI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYmQ0MjRhZmU3ODE3YTU5ZjY5M2JkYzM1ZmE5ZjE4Mzgx
Zjk3YzE2NmNmODIzNWY3MGU5ZDNkYTBjZDAwNTNiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdOFkTLD+FwaLStkQnY338SkgQPyMIBiHPy4Z3rSDyv4K7
7r9e/xYl3sHbVvP6MBHazsyRaSyAFYSbXrzRyejVwk2mo4hWVOKnSo4xvX4C9Vxo
Q8FaeVv1Hj6XSEXB5GDgu1zqnaOC36r7jGnFA7twPCNUjaWItbB7JlCYMEsEc2X7
MoJ6my7ujqA8OHn17uCammd4arAYFmpR2vZMMuqqDqTIftf/51UPOy5MRe7miScI
+9HSoGdxjn4vgAg1RtqpC41/ESdHQlAggIpvTAFzkT1Pobl4DsbZArG5UmcO1H3n
2d7FUDXTTLPcjIUVInaFAftAxVv8l/uBSoH0DLDRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU63bmKQnx/IHfNyj8MI61B4V6OMEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzAzZjE2NmYwLTY5MjctNGY1ZC1hODM1LTBkNjMxM2ZhY2IwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEo46/L6xEIrvlObotJSutXxGTvl
iUXCy0AnLFCfJ4KImomUm/scllyNFrh2GTUCeagsXa8b5WE4VoxcSmKFuINOvGQL
fMPayt57JV4bC1sYG+wMbEqnuq4/VwTe51Hyq2853hL3+lIEwB/4G5zuLPJ0xU40
V3SKHKTOA6Yi/JCeuD7XYAzC/HBtFwRzWRgn30Ta3X24P3fL/558nmR3BcMy7/uO
dBOwa+hZnEOA2s4Teds8OdOxTwjYVQN60PrHNlNJCg6FkktmkJAfkHUa7vombcf5
LVv+4THe5QnS/fTV4vD4rWLh2C2iyV621jolz2hOD1rfcGFBWz99vkGXRrs=
-----END CERTIFICATE-----