Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0adb87ec-7237-4544-a622-c875761129ee.roa
File:                     0adb87ec-7237-4544-a622-c875761129ee.roa (raw, json)
Hash identifier:          1KGw71IJpABz7M3WK9yqIhNlvMU9JZBPRYmgLvd7RG8=
Subject key identifier:   F6:73:0B:C7:80:9B:CA:88:B4:8E:91:81:79:9C:B4:6A:C8:EC:61:53
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       76909E0F64E2CE0E972F15F0B194EB7111B0841C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0adb87ec-7237-4544-a622-c875761129ee.roa
Signing time:             Wed 30 Aug 2023 00:00:00 +0000
ROA not before:           Wed 30 Aug 2023 00:00:00 +0000
ROA not after:            Wed 04 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:90:9e:0f:64:e2:ce:0e:97:2f:15:f0:b1:94:eb:71:11:b0:84:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 30 00:00:00 2023 GMT
            Not After : Oct  4 23:59:59 2023 GMT
        Subject: serialNumber=536cf5dd63c440e7e004bc20d4398ae381a28ee4bc9c8bfbe963b057768d65ed, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a2:30:b8:3e:8c:28:97:bb:7f:9e:77:d5:f0:
                    86:2b:ba:d3:74:ff:fa:64:61:97:e1:6c:20:77:d1:
                    1a:f6:eb:e1:92:6d:77:93:15:ac:fb:ca:cc:b3:9e:
                    7e:dd:3f:a3:9a:a3:b5:3a:6e:f1:74:81:97:3c:d0:
                    29:32:7b:e3:74:6e:9f:a3:d9:b8:12:a3:d7:91:a0:
                    49:eb:13:8d:7c:19:c7:1d:75:4f:a3:8c:20:05:84:
                    99:58:8e:3c:fd:79:c6:bd:4d:c7:9d:1d:ca:ed:20:
                    55:cd:cb:ce:e9:fb:97:b9:a6:78:bb:62:31:4b:72:
                    ff:65:ce:c8:0d:38:74:32:e4:60:a2:2f:5e:b4:b3:
                    45:ba:eb:20:e0:75:70:4b:17:93:ce:b4:e0:d9:2c:
                    9a:28:1c:5c:aa:eb:f5:15:90:de:cf:05:d2:0a:c6:
                    e8:3a:2c:70:d3:f1:84:bc:f4:84:d8:00:63:99:19:
                    9c:09:9f:d1:ef:68:91:eb:c1:fa:ef:eb:66:1c:9b:
                    8e:de:27:5c:be:d9:d1:12:ef:47:fc:98:ba:1e:58:
                    d0:b1:13:34:0d:77:28:b2:38:f5:1b:67:ea:1c:46:
                    d8:ee:be:a5:75:1a:96:d6:7f:c9:2d:f4:3f:94:f4:
                    ee:9c:50:48:34:07:08:06:f7:9b:6e:11:da:19:a3:
                    14:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:73:0B:C7:80:9B:CA:88:B4:8E:91:81:79:9C:B4:6A:C8:EC:61:53
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0adb87ec-7237-4544-a622-c875761129ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:4e:b1:82:e0:8b:c4:c4:72:45:51:eb:5f:4d:ff:77:39:9f:
         c5:91:51:ff:25:ad:e8:88:04:01:a2:18:c1:74:93:29:70:83:
         d3:5d:6a:ee:a3:fa:62:eb:3f:8a:cc:f4:94:93:d2:78:a0:a4:
         ef:80:5e:68:90:e7:f4:63:51:5c:72:32:d7:b4:22:82:8b:25:
         86:ca:3f:32:4c:4e:96:e2:0e:8c:66:e3:a3:f5:d6:21:c5:6d:
         c9:8e:b1:fa:e2:a8:9d:68:ab:ae:fa:19:a4:d2:d3:ec:be:2e:
         c7:6a:3d:9a:30:02:68:33:04:da:1d:82:a1:f3:ef:1a:34:f3:
         48:c1:5a:4c:d8:31:cc:57:e7:81:91:7c:62:b7:96:5f:ff:da:
         00:3b:10:70:a8:4d:bb:16:e7:98:1c:0b:0d:f8:f7:c3:63:df:
         27:c2:2f:0c:e8:12:39:43:eb:03:ae:65:cf:48:b4:91:fa:cb:
         96:c9:f5:4e:0e:72:b4:b9:45:b6:77:8a:80:b7:70:c8:4b:a6:
         1f:41:5b:ec:50:d3:dd:10:09:6b:0a:6b:7d:28:f2:cd:10:53:
         23:98:1a:92:f8:cc:46:3f:de:2c:64:5d:3a:d6:b0:c8:a1:fd:
         63:fa:d8:5b:01:11:fe:a9:62:0e:42:b8:fc:cb:ad:df:ec:bf:
         1d:4f:6b:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdpCeD2Tizg6XLxXwsZTrcRGwhBwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODMwMDAwMDAwWhcNMjMxMDA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MzZjZjVkZDYzYzQ0MGU3ZTAwNGJjMjBkNDM5OGFlMzgx
YTI4ZWU0YmM5YzhiZmJlOTYzYjA1Nzc2OGQ2NWVkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUojC4Powol7t/nnfV8IYrutN0//pkYZfhbCB30Rr26+GS
bXeTFaz7ysyznn7dP6Oao7U6bvF0gZc80Ckye+N0bp+j2bgSo9eRoEnrE418Gccd
dU+jjCAFhJlYjjz9eca9TcedHcrtIFXNy87p+5e5pni7YjFLcv9lzsgNOHQy5GCi
L160s0W66yDgdXBLF5POtODZLJooHFyq6/UVkN7PBdIKxug6LHDT8YS89ITYAGOZ
GZwJn9HvaJHrwfrv62Ycm47eJ1y+2dES70f8mLoeWNCxEzQNdyiyOPUbZ+ocRtju
vqV1GpbWf8kt9D+U9O6cUEg0BwgG95tuEdoZoxR7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9nMLx4Cbyoi0jpGBeZy0asjsYVMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBhZGI4N2VjLTcyMzctNDU0NC1hNjIyLWM4NzU3NjExMjllZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD9OsYLgi8TEckVR619N/3c5n8WR
Uf8lreiIBAGiGMF0kylwg9Ndau6j+mLrP4rM9JST0nigpO+AXmiQ5/RjUVxyMte0
IoKLJYbKPzJMTpbiDoxm46P11iHFbcmOsfriqJ1oq676GaTS0+y+LsdqPZowAmgz
BNodgqHz7xo080jBWkzYMcxX54GRfGK3ll//2gA7EHCoTbsW55gcCw3498Nj3yfC
LwzoEjlD6wOuZc9ItJH6y5bJ9U4OcrS5RbZ3ioC3cMhLph9BW+xQ090QCWsKa30o
8s0QUyOYGpL4zEY/3ixkXTrWsMih/WP62FsBEf6pYg5CuPzLrd/svx1PazA=
-----END CERTIFICATE-----