Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1893cd37-7336-4d92-bd28-f8a242c5f53a.roa
File:                     1893cd37-7336-4d92-bd28-f8a242c5f53a.roa (raw, json)
Hash identifier:          jC5zq7griDd5431wXcSizxb9hpaPsJnABdwb3E0EJTg=
Subject key identifier:   74:DC:DA:A8:4F:53:A6:E7:C5:4E:F6:DF:69:6E:49:50:82:80:3A:9D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       127CDDC2BC4713839E21FDE7B2B47AEBECEC6755
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1893cd37-7336-4d92-bd28-f8a242c5f53a.roa
Signing time:             Sun 09 Jul 2023 00:00:00 +0000
ROA not before:           Sun 09 Jul 2023 00:00:00 +0000
ROA not after:            Sun 13 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:7c:dd:c2:bc:47:13:83:9e:21:fd:e7:b2:b4:7a:eb:ec:ec:67:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  9 00:00:00 2023 GMT
            Not After : Aug 13 23:59:59 2023 GMT
        Subject: serialNumber=a3eeb234c20ffc1e3b64129c6e6086a21757c3c7fee9f4fad6ed598fe3b1239f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:45:29:d4:aa:2a:43:98:4f:5c:77:c6:41:c9:
                    08:98:ed:4b:33:32:d0:4e:2f:f8:3c:fc:88:35:c3:
                    8b:a0:cb:16:19:a4:6b:90:d2:c3:5b:67:96:28:b7:
                    4c:de:8d:4d:25:66:83:6f:bb:7c:92:0c:ce:74:4f:
                    1a:ff:6f:b6:59:5c:b9:8f:99:b1:59:a0:f4:41:d6:
                    3a:68:37:89:ee:0d:2c:fa:f4:d4:e5:3f:8f:16:ab:
                    13:04:83:b5:cb:21:e0:68:f1:df:13:ad:80:35:cf:
                    e1:34:88:c1:bf:05:ec:8e:c2:27:a9:a5:4e:09:9a:
                    b2:84:7d:40:b0:86:18:2f:60:37:9e:a2:42:e9:4e:
                    5a:99:b9:f7:e9:b5:bc:80:cb:57:87:ea:22:44:84:
                    5b:e4:ff:2b:48:3e:c6:2f:f4:d3:1d:ef:ab:8f:4e:
                    38:1e:50:16:74:d2:83:8f:7e:63:8c:e6:6a:b2:3d:
                    71:4c:58:2c:1d:9d:5e:b3:96:52:41:19:6c:78:f1:
                    1d:86:5e:35:c7:79:13:29:93:5f:ae:df:b3:26:17:
                    4a:6f:bf:98:7b:10:7f:c5:2a:f1:1e:8e:78:5d:32:
                    c7:46:b3:b3:50:b9:f8:92:30:08:34:a7:d6:6d:80:
                    2a:0d:7d:79:f3:57:df:7f:ce:b6:11:ac:1d:c9:2f:
                    69:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:DC:DA:A8:4F:53:A6:E7:C5:4E:F6:DF:69:6E:49:50:82:80:3A:9D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1893cd37-7336-4d92-bd28-f8a242c5f53a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:41:07:47:91:c2:3c:2e:6c:bf:13:98:ff:d4:8f:0b:05:4a:
         58:aa:1f:c1:5e:b5:cc:0b:fb:35:d3:31:a5:68:7b:b4:c0:64:
         12:22:1e:96:5b:c4:9f:73:4b:ed:23:7d:d1:e7:7f:4e:27:d3:
         be:53:2b:5e:08:82:13:6b:06:d6:53:1d:f2:95:de:ce:c3:ce:
         76:39:d6:b8:bd:2a:76:e3:69:91:02:f7:3b:f8:06:3f:aa:59:
         38:05:b8:aa:a9:20:92:a5:b1:2f:f4:a1:f3:59:aa:74:36:ab:
         9e:4f:a4:99:d4:bf:4b:c8:9e:32:98:42:8e:2c:62:ca:18:4d:
         5b:91:a1:88:7f:ae:b1:f7:99:58:ed:03:4d:7e:82:a2:0d:ff:
         51:1d:1d:b8:bd:9a:97:e3:e3:54:18:b7:6f:31:d5:9e:4d:ad:
         4c:45:d4:0f:3b:62:e9:f2:4b:21:53:1e:b1:09:f4:ef:02:64:
         a1:4e:61:92:9b:71:b9:6f:2c:0f:5a:3b:d9:ba:e6:57:67:7f:
         d9:e3:ba:05:de:05:ff:f7:ed:bd:3e:86:8d:6e:ec:c5:8b:80:
         79:a3:a0:47:57:0f:19:37:9e:7f:cf:29:f0:e1:a8:55:14:5a:
         37:a1:86:71:2e:61:cd:ba:05:06:38:f7:49:79:27:81:bc:8f:
         6a:8b:fd:49
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEnzdwrxHE4OeIf3nsrR66+zsZ1UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzA5MDAwMDAwWhcNMjMwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhM2VlYjIzNGMyMGZmYzFlM2I2NDEyOWM2ZTYwODZhMjE3
NTdjM2M3ZmVlOWY0ZmFkNmVkNTk4ZmUzYjEyMzlmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbRSnUqipDmE9cd8ZByQiY7UszMtBOL/g8/Ig1w4ugyxYZ
pGuQ0sNbZ5Yot0zejU0lZoNvu3ySDM50Txr/b7ZZXLmPmbFZoPRB1jpoN4nuDSz6
9NTlP48WqxMEg7XLIeBo8d8TrYA1z+E0iMG/BeyOwieppU4JmrKEfUCwhhgvYDee
okLpTlqZuffptbyAy1eH6iJEhFvk/ytIPsYv9NMd76uPTjgeUBZ00oOPfmOM5mqy
PXFMWCwdnV6zllJBGWx48R2GXjXHeRMpk1+u37MmF0pvv5h7EH/FKvEejnhdMsdG
s7NQufiSMAg0p9ZtgCoNfXnzV99/zrYRrB3JL2nDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdNzaqE9TpufFTvbfaW5JUIKAOp0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE4OTNjZDM3LTczMzYtNGQ5Mi1iZDI4LWY4YTI0MmM1ZjUzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA1BB0eRwjwubL8TmP/UjwsFSliq
H8FetcwL+zXTMaVoe7TAZBIiHpZbxJ9zS+0jfdHnf04n075TK14IghNrBtZTHfKV
3s7DznY51ri9KnbjaZEC9zv4Bj+qWTgFuKqpIJKlsS/0ofNZqnQ2q55PpJnUv0vI
njKYQo4sYsoYTVuRoYh/rrH3mVjtA01+gqIN/1EdHbi9mpfj41QYt28x1Z5NrUxF
1A87YunySyFTHrEJ9O8CZKFOYZKbcblvLA9aO9m65ldnf9njugXeBf/37b0+ho1u
7MWLgHmjoEdXDxk3nn/PKfDhqFUUWjehhnEuYc26BQY490l5J4G8j2qL/Uk=
-----END CERTIFICATE-----