Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1d064d8c-dc79-4ecd-9dd1-ae78dccd5f0a.roa
File:                     1d064d8c-dc79-4ecd-9dd1-ae78dccd5f0a.roa (raw, json)
Hash identifier:          vnA2kDWfM5Ar9hsEM2owm8+fjXQczzfx2UQwduCT2fw=
Subject key identifier:   94:F5:B6:FD:08:4E:2F:98:E4:9F:67:D3:64:56:03:F2:EF:D6:08:CD
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2F7720ED3FF94ABB588AF1BBA9E1F4B26B9030A0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1d064d8c-dc79-4ecd-9dd1-ae78dccd5f0a.roa
Signing time:             Fri 16 Jun 2023 00:00:00 +0000
ROA not before:           Fri 16 Jun 2023 00:00:00 +0000
ROA not after:            Fri 21 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:77:20:ed:3f:f9:4a:bb:58:8a:f1:bb:a9:e1:f4:b2:6b:90:30:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 16 00:00:00 2023 GMT
            Not After : Jul 21 23:59:59 2023 GMT
        Subject: serialNumber=74a2240fba2458e5326972f778429b56c99083343cdabe01994391e1edb87e57, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:08:8b:81:a4:2d:bf:83:8b:56:34:52:e8:42:
                    45:39:f9:d4:0f:3a:bc:2d:8f:00:5d:1f:cb:aa:c9:
                    c3:fe:30:67:ee:32:0e:2b:df:28:33:b6:7f:40:c2:
                    4f:1f:be:2d:b9:8d:0c:be:a8:0d:87:2d:95:ba:91:
                    c5:7d:03:72:ca:43:71:7e:13:7b:32:29:d3:de:4b:
                    0d:72:6f:78:bb:a1:3b:ee:64:cb:77:2a:ad:ce:e3:
                    f1:7a:e7:9b:f7:b3:43:3c:38:f1:a6:c6:86:d7:27:
                    13:85:97:88:60:1c:7e:a1:9d:5d:b0:b7:30:d7:fb:
                    e9:90:db:83:4a:ae:6d:b2:75:94:67:b8:49:bf:0a:
                    5c:e7:c0:63:7f:8d:3c:73:fc:1e:84:5b:cd:8e:0e:
                    c0:56:5c:5e:92:f0:77:4c:94:d8:f6:00:48:e1:d4:
                    35:c6:2e:0d:50:1f:ef:47:ec:13:9c:95:70:aa:6b:
                    47:0f:56:f3:05:78:70:41:8c:93:79:6c:d5:f6:b7:
                    56:a1:6c:8c:1d:28:cb:0d:7a:ec:ec:7f:1c:57:5b:
                    21:a7:cf:6c:cb:57:49:a6:80:b1:5a:d9:20:b7:04:
                    17:01:46:14:da:a5:6e:cd:b7:41:ee:ee:b8:d6:07:
                    07:00:ab:95:8b:07:29:b2:92:90:e5:d7:09:a0:f2:
                    12:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:F5:B6:FD:08:4E:2F:98:E4:9F:67:D3:64:56:03:F2:EF:D6:08:CD
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1d064d8c-dc79-4ecd-9dd1-ae78dccd5f0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:70:b6:87:86:1d:ba:78:20:3f:0c:2c:4a:aa:d7:36:c5:2d:
         fa:eb:98:16:58:5d:dd:51:af:b7:55:6d:01:d0:44:95:ec:7c:
         7e:8d:e5:b1:f8:e3:4c:b0:f7:42:70:a5:8f:1f:15:30:f0:01:
         ff:80:3f:d7:9e:94:d7:47:60:48:e5:db:6d:f4:79:e2:a9:98:
         00:c3:7e:b4:58:c1:7e:6b:1a:3e:af:c0:5c:93:0d:58:aa:15:
         64:a0:95:91:dd:da:7c:85:70:8a:1d:34:e1:e1:d9:06:17:93:
         61:06:21:0b:2c:cf:bb:30:96:02:79:46:ac:fb:2c:1a:74:37:
         93:b1:d1:41:50:2f:3b:ad:35:43:8d:67:af:23:97:59:ff:df:
         d0:19:9f:30:ac:e9:5d:17:9c:18:0e:b9:6c:dc:47:f3:bd:93:
         ef:0b:bd:c0:c8:3d:e5:56:93:4b:d9:c1:f9:0d:5d:a1:a8:fc:
         56:d1:21:e3:ff:c7:0c:ef:93:42:ba:0f:74:2d:fa:09:aa:4e:
         c4:e2:c0:17:35:d8:26:75:69:7d:79:a6:54:1f:0e:7b:43:8c:
         9f:91:fa:4c:ec:7c:27:fe:70:11:d4:4a:5b:a4:be:11:09:d2:
         53:22:03:e6:42:f3:2f:a2:08:80:91:ec:b4:d6:1b:b3:0e:63:
         1f:45:c6:9f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL3cg7T/5SrtYivG7qeH0smuQMKAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjE2MDAwMDAwWhcNMjMwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NGEyMjQwZmJhMjQ1OGU1MzI2OTcyZjc3ODQyOWI1NmM5
OTA4MzM0M2NkYWJlMDE5OTQzOTFlMWVkYjg3ZTU3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDECIuBpC2/g4tWNFLoQkU5+dQPOrwtjwBdH8uqycP+MGfu
Mg4r3ygztn9Awk8fvi25jQy+qA2HLZW6kcV9A3LKQ3F+E3syKdPeSw1yb3i7oTvu
ZMt3Kq3O4/F655v3s0M8OPGmxobXJxOFl4hgHH6hnV2wtzDX++mQ24NKrm2ydZRn
uEm/ClznwGN/jTxz/B6EW82ODsBWXF6S8HdMlNj2AEjh1DXGLg1QH+9H7BOclXCq
a0cPVvMFeHBBjJN5bNX2t1ahbIwdKMsNeuzsfxxXWyGnz2zLV0mmgLFa2SC3BBcB
RhTapW7Nt0Hu7rjWBwcAq5WLBymykpDl1wmg8hK/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlPW2/QhOL5jkn2fTZFYD8u/WCM0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFkMDY0ZDhjLWRjNzktNGVjZC05ZGQxLWFlNzhkY2NkNWYwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGpwtoeGHbp4ID8MLEqq1zbFLfrr
mBZYXd1Rr7dVbQHQRJXsfH6N5bH440yw90JwpY8fFTDwAf+AP9eelNdHYEjl2230
eeKpmADDfrRYwX5rGj6vwFyTDViqFWSglZHd2nyFcIodNOHh2QYXk2EGIQssz7sw
lgJ5Rqz7LBp0N5Ox0UFQLzutNUONZ68jl1n/39AZnzCs6V0XnBgOuWzcR/O9k+8L
vcDIPeVWk0vZwfkNXaGo/FbRIeP/xwzvk0K6D3Qt+gmqTsTiwBc12CZ1aX15plQf
DntDjJ+R+kzsfCf+cBHUSlukvhEJ0lMiA+ZC8y+iCICR7LTWG7MOYx9Fxp8=
-----END CERTIFICATE-----