Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/123d8538-2a09-49bf-a564-0f261a20c672.roa
File:                     123d8538-2a09-49bf-a564-0f261a20c672.roa (raw, json)
Hash identifier:          0wjcxrSp2roGzpJAc4xH/EFkX32RgGVyP7pCBZSDcJ0=
Subject key identifier:   A6:7E:33:F6:75:2F:B8:5C:7A:4A:D2:FA:6C:4D:82:07:AF:30:14:CB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       56663EC3E092CBB2DDA932BE2CC988B4FA13B049
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/123d8538-2a09-49bf-a564-0f261a20c672.roa
Signing time:             Fri 25 Aug 2023 00:00:00 +0000
ROA not before:           Fri 25 Aug 2023 00:00:00 +0000
ROA not after:            Fri 29 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:66:3e:c3:e0:92:cb:b2:dd:a9:32:be:2c:c9:88:b4:fa:13:b0:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 25 00:00:00 2023 GMT
            Not After : Sep 29 23:59:59 2023 GMT
        Subject: serialNumber=1728819b79d015740aaf823a9f00ff9633e767ec4fa9e0e7c77939f0335780b5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5e:63:3c:e1:42:38:8c:ac:40:54:53:1b:8c:
                    38:ee:e6:c6:71:e1:a3:dd:50:5d:dd:99:6e:f4:c3:
                    a8:88:57:4d:0d:d5:1e:7e:40:80:c1:06:cf:c8:c0:
                    ff:b4:7a:01:51:d8:29:14:33:e5:16:90:62:aa:3d:
                    d5:cf:21:80:9e:7d:57:ad:70:d7:1c:bc:01:1f:60:
                    8b:ef:11:f5:b7:88:4b:8f:fb:15:58:85:2c:f6:dd:
                    27:11:4a:76:40:2d:dc:3d:6a:36:45:fa:ea:4e:f7:
                    b2:38:dc:68:fa:8c:3b:42:af:cf:e6:d3:c1:5c:2f:
                    cd:b5:39:17:76:c2:39:24:b1:fe:b2:9a:8d:98:04:
                    71:0a:16:57:ef:3b:cb:0f:a3:9b:2d:46:3a:da:4d:
                    d6:7d:73:55:c5:27:d9:f0:b9:d4:5c:2a:63:c2:10:
                    eb:91:2a:85:49:e5:e4:44:d3:89:38:1e:e8:23:98:
                    2e:83:2d:86:bc:ab:3d:07:28:05:da:82:ca:2c:4e:
                    db:6f:4c:d1:7b:70:b0:eb:dc:49:1c:87:9e:cd:ff:
                    44:21:83:cc:ea:a0:e3:0a:a4:81:8a:f6:77:7e:53:
                    95:27:70:95:c4:45:48:d4:15:5a:9a:e4:45:e3:5c:
                    a3:c6:f0:9e:6b:43:b0:51:68:b7:25:8a:04:30:06:
                    0c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:7E:33:F6:75:2F:B8:5C:7A:4A:D2:FA:6C:4D:82:07:AF:30:14:CB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/123d8538-2a09-49bf-a564-0f261a20c672.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:9e:16:6e:8e:08:7f:80:37:20:67:e2:7b:f4:1a:1d:ba:f1:
         75:5a:c0:2b:45:e2:80:0e:33:ec:9f:d8:3d:cc:f9:33:94:fa:
         32:0d:2b:32:a3:02:11:33:ae:d2:6e:b4:64:46:c7:a6:4f:c5:
         9a:d1:5d:4a:70:26:d4:5e:17:b0:68:45:f2:52:ad:d8:86:25:
         b8:08:ec:c7:9c:3f:a0:d4:31:5c:2f:0e:36:64:7d:56:22:73:
         ae:a9:3b:24:b0:8f:2b:8f:d9:7d:bc:30:46:8e:be:f2:6f:cb:
         09:9b:97:b8:6f:4a:c2:ec:f9:ad:cc:56:cb:17:e5:98:d8:f2:
         25:f9:7f:8d:61:ff:d1:a9:53:d6:23:3c:ec:69:c0:4d:c9:bc:
         d9:ff:27:d7:fe:25:8c:3c:4a:fd:59:a7:fb:59:05:b1:1f:4c:
         85:c6:5e:a3:ac:73:1f:59:e6:81:f4:6f:8c:bb:ab:39:38:60:
         52:c3:6a:2e:10:f0:a1:bd:10:c4:95:f5:5b:93:7d:46:75:50:
         94:dc:f2:e2:17:2b:94:84:ac:bb:c9:02:a1:16:10:32:0b:b1:
         28:57:e3:98:6c:ee:fe:c1:f1:b6:00:c8:2e:3d:7d:78:6f:48:
         ae:6b:cb:b0:a7:57:dc:49:db:02:fd:b5:e8:19:2b:ad:2b:b5:
         bd:79:d4:d6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVmY+w+CSy7LdqTK+LMmItPoTsEkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI1MDAwMDAwWhcNMjMwOTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNzI4ODE5Yjc5ZDAxNTc0MGFhZjgyM2E5ZjAwZmY5NjMz
ZTc2N2VjNGZhOWUwZTdjNzc5MzlmMDMzNTc4MGI1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2XmM84UI4jKxAVFMbjDju5sZx4aPdUF3dmW70w6iIV00N
1R5+QIDBBs/IwP+0egFR2CkUM+UWkGKqPdXPIYCefVetcNccvAEfYIvvEfW3iEuP
+xVYhSz23ScRSnZALdw9ajZF+upO97I43Gj6jDtCr8/m08FcL821ORd2wjkksf6y
mo2YBHEKFlfvO8sPo5stRjraTdZ9c1XFJ9nwudRcKmPCEOuRKoVJ5eRE04k4Hugj
mC6DLYa8qz0HKAXagsosTttvTNF7cLDr3Ekch57N/0Qhg8zqoOMKpIGK9nd+U5Un
cJXERUjUFVqa5EXjXKPG8J5rQ7BRaLcligQwBgzzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpn4z9nUvuFx6StL6bE2CB68wFMswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzEyM2Q4NTM4LTJhMDktNDliZi1hNTY0LTBmMjYxYTIwYzY3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALWeFm6OCH+ANyBn4nv0Gh268XVa
wCtF4oAOM+yf2D3M+TOU+jINKzKjAhEzrtJutGRGx6ZPxZrRXUpwJtReF7BoRfJS
rdiGJbgI7MecP6DUMVwvDjZkfVYic66pOySwjyuP2X28MEaOvvJvywmbl7hvSsLs
+a3MVssX5ZjY8iX5f41h/9GpU9YjPOxpwE3JvNn/J9f+JYw8Sv1Zp/tZBbEfTIXG
XqOscx9Z5oH0b4y7qzk4YFLDai4Q8KG9EMSV9VuTfUZ1UJTc8uIXK5SErLvJAqEW
EDILsShX45hs7v7B8bYAyC49fXhvSK5ry7CnV9xJ2wL9tegZK60rtb151NY=
-----END CERTIFICATE-----