Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/249bcae8-83d1-4d17-8034-1acd3f37ff8b.roa
File:                     249bcae8-83d1-4d17-8034-1acd3f37ff8b.roa (raw, json)
Hash identifier:          YcziiSthWld0/YkdchPM59XwORF8FVyMoLHkoC81Lgc=
Subject key identifier:   84:63:E1:A6:BC:93:FE:21:6C:31:9C:10:91:0C:09:1A:85:30:CE:35
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7B816044D4E6CA04C644710631751975B5FF4EFC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/249bcae8-83d1-4d17-8034-1acd3f37ff8b.roa
Signing time:             Sat 19 Aug 2023 00:00:00 +0000
ROA not before:           Sat 19 Aug 2023 00:00:00 +0000
ROA not after:            Sat 23 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:81:60:44:d4:e6:ca:04:c6:44:71:06:31:75:19:75:b5:ff:4e:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 19 00:00:00 2023 GMT
            Not After : Sep 23 23:59:59 2023 GMT
        Subject: serialNumber=342c1b6c55bd81ab67b848e42e73a1700d41673c16078358aa209fd9deed5d1f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:22:21:c5:27:46:25:26:e1:a6:62:67:fe:b0:
                    a1:82:e7:b9:74:72:1a:b2:fd:8b:e9:08:e5:f4:00:
                    fd:10:e8:5f:9a:96:df:3a:df:6c:d1:b3:8a:c8:f3:
                    80:16:b2:e5:c3:65:bd:7c:e2:d5:0d:8e:9a:2a:0b:
                    f4:9b:ed:e1:b8:84:9e:d6:19:23:a2:ab:70:9c:c9:
                    de:4f:89:27:fc:b3:6e:0b:34:5b:75:89:da:ba:d3:
                    68:ac:70:3b:a6:41:9a:c7:c7:17:c0:b8:e8:b7:d7:
                    d5:37:a2:eb:3a:20:d6:64:e3:60:19:f9:94:84:36:
                    76:ab:64:63:a3:fc:5a:ca:ba:87:eb:91:67:90:fa:
                    c4:c2:c2:fe:f5:b9:44:2b:59:f8:8d:a5:ce:3b:5a:
                    77:bf:7c:73:5c:d1:82:d1:26:ca:1e:06:81:7b:94:
                    c8:c1:7f:46:f0:77:1b:17:fd:c7:c3:85:35:44:3d:
                    5e:9b:2c:99:d5:c3:11:e4:aa:19:6c:6f:8a:b3:61:
                    a5:54:02:0d:57:cb:1c:81:43:fd:c8:37:c8:34:ba:
                    38:be:ae:76:9f:cc:5c:4c:96:50:f6:5d:35:9d:a8:
                    90:90:75:09:47:27:61:ab:5a:fe:2c:af:67:0d:06:
                    e2:16:fd:ae:8d:43:b8:a1:6f:bb:9c:27:62:26:2e:
                    0c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:63:E1:A6:BC:93:FE:21:6C:31:9C:10:91:0C:09:1A:85:30:CE:35
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/249bcae8-83d1-4d17-8034-1acd3f37ff8b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:8d:d4:f7:25:16:37:bd:19:a1:c4:b5:91:5c:35:6b:85:ba:
         d2:5b:9f:d7:71:03:f1:92:25:56:44:06:67:05:55:c3:39:18:
         24:d3:73:13:a0:b1:73:84:12:95:a0:b3:8a:53:3a:16:6f:cc:
         78:1d:53:d4:11:c4:b7:95:e0:91:92:10:3e:9d:e2:c4:09:d9:
         8c:ea:58:38:af:ca:05:87:32:8f:2f:84:dd:29:99:81:29:02:
         af:f4:25:a8:7c:12:a6:70:21:c8:52:de:47:16:f1:a9:08:c7:
         a6:93:fd:27:a4:02:45:00:20:83:fc:ce:fb:5b:ad:79:8b:41:
         41:61:fa:41:bb:f3:43:af:5c:15:c1:e0:a7:17:ec:9f:e7:5e:
         88:74:31:17:1c:74:52:ef:db:e2:39:a3:71:bd:83:62:f8:57:
         b8:ec:f5:60:41:3a:ce:4c:48:a7:63:1e:cf:d1:aa:67:75:04:
         27:ba:e1:0f:db:82:cd:2b:51:26:13:a9:43:98:f7:dd:84:b1:
         33:cc:0c:d5:3a:0e:58:79:28:e7:79:d0:aa:45:c4:1e:c7:9b:
         22:f7:58:5c:b6:4f:c1:28:8c:4f:4e:ed:56:ba:f1:bc:4e:ad:
         07:f0:ef:81:15:68:41:15:59:82:cb:8b:33:d3:42:aa:0d:47:
         71:36:95:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe4FgRNTmygTGRHEGMXUZdbX/TvwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE5MDAwMDAwWhcNMjMwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDJjMWI2YzU1YmQ4MWFiNjdiODQ4ZTQyZTczYTE3MDBk
NDE2NzNjMTYwNzgzNThhYTIwOWZkOWRlZWQ1ZDFmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxIiHFJ0YlJuGmYmf+sKGC57l0chqy/YvpCOX0AP0Q6F+a
lt8632zRs4rI84AWsuXDZb184tUNjpoqC/Sb7eG4hJ7WGSOiq3Ccyd5PiSf8s24L
NFt1idq602iscDumQZrHxxfAuOi319U3ous6INZk42AZ+ZSENnarZGOj/FrKuofr
kWeQ+sTCwv71uUQrWfiNpc47Wne/fHNc0YLRJsoeBoF7lMjBf0bwdxsX/cfDhTVE
PV6bLJnVwxHkqhlsb4qzYaVUAg1XyxyBQ/3IN8g0uji+rnafzFxMllD2XTWdqJCQ
dQlHJ2GrWv4sr2cNBuIW/a6NQ7ihb7ucJ2ImLgwpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhGPhpryT/iFsMZwQkQwJGoUwzjUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI0OWJjYWU4LTgzZDEtNGQxNy04MDM0LTFhY2QzZjM3ZmY4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK2N1PclFje9GaHEtZFcNWuFutJb
n9dxA/GSJVZEBmcFVcM5GCTTcxOgsXOEEpWgs4pTOhZvzHgdU9QRxLeV4JGSED6d
4sQJ2YzqWDivygWHMo8vhN0pmYEpAq/0Jah8EqZwIchS3kcW8akIx6aT/SekAkUA
IIP8zvtbrXmLQUFh+kG780OvXBXB4KcX7J/nXoh0MRccdFLv2+I5o3G9g2L4V7js
9WBBOs5MSKdjHs/Rqmd1BCe64Q/bgs0rUSYTqUOY992EsTPMDNU6Dlh5KOd50KpF
xB7HmyL3WFy2T8EojE9O7Va68bxOrQfw74EVaEEVWYLLizPTQqoNR3E2lS4=
-----END CERTIFICATE-----