Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/13265f57-810c-49d7-a11d-16bc7d3a6b17.roa
File:                     13265f57-810c-49d7-a11d-16bc7d3a6b17.roa (raw, json)
Hash identifier:          zup/0qVu0nvX353Kua0JLIio15vN9Yar/3UWmYBgBCM=
Subject key identifier:   B3:D2:81:08:D0:9F:E7:B7:45:BA:BF:0E:E9:F7:00:0E:EA:4D:1F:83
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1430FA3E67EA4E53312B94F583E1936A050C1B12
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/13265f57-810c-49d7-a11d-16bc7d3a6b17.roa
Signing time:             Tue 11 Jul 2023 00:00:00 +0000
ROA not before:           Tue 11 Jul 2023 00:00:00 +0000
ROA not after:            Tue 15 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:30:fa:3e:67:ea:4e:53:31:2b:94:f5:83:e1:93:6a:05:0c:1b:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 11 00:00:00 2023 GMT
            Not After : Aug 15 23:59:59 2023 GMT
        Subject: serialNumber=db9ab4c7bcb24220ae1ababeabdc751a118357479832bac910cdd3bebb6ca808, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b9:97:3a:d8:a9:73:f0:af:6d:7a:25:ed:de:
                    dd:f9:c5:b6:b1:86:f8:a7:23:d9:be:6d:6a:73:4b:
                    2b:51:7f:95:25:b9:c1:38:42:7c:ba:ad:85:ba:71:
                    db:68:76:6a:ea:d9:d5:1a:e7:c5:e4:fe:eb:7b:1a:
                    cb:e6:82:72:39:23:0b:36:01:67:d1:17:2e:08:e5:
                    cb:d2:24:8c:d3:b0:a5:74:be:f6:c4:31:21:cc:37:
                    f1:44:91:0f:9c:5e:3b:79:07:08:d8:55:e1:ce:9c:
                    87:2a:e9:04:d6:d7:5a:33:f0:f3:86:15:bd:52:39:
                    0e:74:9c:14:c5:98:4f:28:23:94:9b:04:b3:3b:56:
                    88:8a:14:89:93:19:5f:f6:4d:61:09:5d:35:9f:2b:
                    81:4d:ce:36:cd:b1:f9:3a:a2:02:07:cf:4b:49:f8:
                    f1:7d:32:00:ae:e3:0f:69:c6:d6:8d:4c:83:cd:99:
                    b1:5a:80:83:02:7d:5c:79:5c:5c:19:e4:82:c1:d5:
                    ef:d7:63:fe:ff:d0:95:86:23:75:2b:30:d3:ec:84:
                    4b:93:51:49:c5:72:66:3d:24:d7:9a:99:32:e1:2f:
                    d8:1f:27:04:a3:57:6c:c1:0f:5f:d8:b2:ff:a8:14:
                    9f:2f:61:46:dd:a0:c3:8b:27:4f:0c:78:83:7d:3c:
                    9d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D2:81:08:D0:9F:E7:B7:45:BA:BF:0E:E9:F7:00:0E:EA:4D:1F:83
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/13265f57-810c-49d7-a11d-16bc7d3a6b17.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:93:f2:f0:8d:97:d2:31:f6:d8:26:3e:7d:d5:2f:22:0b:2a:
         f1:c1:3a:df:5b:5b:2c:1e:d4:41:bb:71:09:24:68:77:c5:57:
         da:d8:e2:9d:2a:07:49:a9:79:42:2a:65:14:15:94:f7:83:23:
         0a:96:fe:e1:9f:69:bb:e6:1e:eb:69:52:d4:cd:6d:3c:99:0b:
         db:d3:c5:3e:29:ca:e2:ef:ed:1a:48:a5:24:07:c5:2f:65:44:
         93:fd:c0:8c:06:37:e0:b1:f5:8d:1a:df:95:c4:20:d1:a1:20:
         59:d0:8e:da:7d:bd:76:31:78:82:a9:ab:66:b3:74:35:85:dc:
         ee:54:c9:83:04:d3:b2:46:46:8a:b5:e5:2e:b8:68:83:be:b9:
         5c:d1:59:1a:37:76:04:43:62:d9:88:b0:86:a7:8b:60:d3:f2:
         06:41:2c:89:71:6c:77:8e:e7:a8:b7:21:2f:1d:74:6d:e0:6f:
         da:6d:e3:93:e5:7c:6b:26:4a:c9:b7:0f:78:20:d1:67:88:9d:
         d1:48:d3:f1:bb:a9:25:6e:de:35:5e:1c:41:4c:7b:a2:af:ea:
         29:cd:0a:51:a8:e1:fd:7e:cb:8a:8e:52:78:14:d3:f0:c6:cc:
         5a:97:33:d3:bd:39:36:af:71:2c:9f:4f:7c:92:26:75:ca:2e:
         56:94:45:0f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFDD6PmfqTlMxK5T1g+GTagUMGxIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzExMDAwMDAwWhcNMjMwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjlhYjRjN2JjYjI0MjIwYWUxYWJhYmVhYmRjNzUxYTEx
ODM1NzQ3OTgzMmJhYzkxMGNkZDNiZWJiNmNhODA4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsuZc62Klz8K9teiXt3t35xbaxhvinI9m+bWpzSytRf5Ul
ucE4Qny6rYW6cdtodmrq2dUa58Xk/ut7GsvmgnI5Iws2AWfRFy4I5cvSJIzTsKV0
vvbEMSHMN/FEkQ+cXjt5BwjYVeHOnIcq6QTW11oz8POGFb1SOQ50nBTFmE8oI5Sb
BLM7VoiKFImTGV/2TWEJXTWfK4FNzjbNsfk6ogIHz0tJ+PF9MgCu4w9pxtaNTIPN
mbFagIMCfVx5XFwZ5ILB1e/XY/7/0JWGI3UrMNPshEuTUUnFcmY9JNeamTLhL9gf
JwSjV2zBD1/Ysv+oFJ8vYUbdoMOLJ08MeIN9PJ0rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUs9KBCNCf57dFur8O6fcADupNH4MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzEzMjY1ZjU3LTgxMGMtNDlkNy1hMTFkLTE2YmM3ZDNhNmIxNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFiT8vCNl9Ix9tgmPn3VLyILKvHB
Ot9bWywe1EG7cQkkaHfFV9rY4p0qB0mpeUIqZRQVlPeDIwqW/uGfabvmHutpUtTN
bTyZC9vTxT4pyuLv7RpIpSQHxS9lRJP9wIwGN+Cx9Y0a35XEINGhIFnQjtp9vXYx
eIKpq2azdDWF3O5UyYME07JGRoq15S64aIO+uVzRWRo3dgRDYtmIsIani2DT8gZB
LIlxbHeO56i3IS8ddG3gb9pt45PlfGsmSsm3D3gg0WeIndFI0/G7qSVu3jVeHEFM
e6Kv6inNClGo4f1+y4qOUngU0/DGzFqXM9O9OTavcSyfT3ySJnXKLlaURQ8=
-----END CERTIFICATE-----