Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/25db3850-2d92-45e1-9151-5bf21f1825e3.roa
File:                     25db3850-2d92-45e1-9151-5bf21f1825e3.roa (raw, json)
Hash identifier:          RjzlOW5Dav52XtlEoRsERKKPIviqiiNTDS3QmrvSGPM=
Subject key identifier:   E9:FF:84:42:6B:A5:D6:2D:1F:DD:45:20:A2:FD:B7:6E:A9:16:52:B6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       45C6AE229BB47A03B97F7F780874A7D5BA5B63D2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/25db3850-2d92-45e1-9151-5bf21f1825e3.roa
Signing time:             Mon 14 Aug 2023 00:00:00 +0000
ROA not before:           Mon 14 Aug 2023 00:00:00 +0000
ROA not after:            Mon 18 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:c6:ae:22:9b:b4:7a:03:b9:7f:7f:78:08:74:a7:d5:ba:5b:63:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 14 00:00:00 2023 GMT
            Not After : Sep 18 23:59:59 2023 GMT
        Subject: serialNumber=a8173f42d7aada28d1d98e8d5f6211a05070623941fc88bc9c2ef148c9b8b711, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:db:18:18:7d:00:84:af:c2:47:19:8b:bc:18:
                    c0:8c:ae:43:a6:86:11:0a:93:19:11:0a:23:b6:25:
                    9e:3f:68:71:9e:ce:b2:b9:87:04:0c:70:24:2b:70:
                    22:6f:43:e7:e2:11:21:60:e2:28:74:58:ad:a8:58:
                    59:6e:fb:7d:a0:94:0b:ad:03:b6:99:8d:8d:6b:c2:
                    4a:50:e1:e7:57:ce:af:73:66:7d:12:4a:3b:a4:64:
                    e7:37:4b:1a:95:01:9d:9e:bc:c9:d5:49:44:60:ad:
                    eb:0f:9e:a3:93:f1:7a:e1:e4:84:8f:2c:05:bc:42:
                    93:37:1d:e6:55:10:53:54:e9:ff:c8:40:bf:7d:47:
                    d1:e7:38:29:4e:a1:bf:8b:20:50:e2:6d:f6:68:5d:
                    76:f6:77:10:07:1a:84:75:ec:41:48:cb:5a:bd:95:
                    1f:e1:e0:cb:83:83:ca:bf:64:0c:a7:c9:cc:f7:aa:
                    1e:56:03:b4:66:55:38:51:8a:fe:6d:00:2c:88:d0:
                    b5:fd:26:09:b0:82:39:f3:8d:0e:67:a1:70:41:78:
                    26:6f:46:17:ab:77:b8:2a:84:ef:3c:f0:f9:49:71:
                    7b:a2:5e:51:75:7d:d3:a3:d9:a8:8e:e6:4a:2c:a7:
                    21:bb:b5:8b:26:1b:9a:a7:c6:17:21:9e:a2:f1:b8:
                    a3:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:FF:84:42:6B:A5:D6:2D:1F:DD:45:20:A2:FD:B7:6E:A9:16:52:B6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/25db3850-2d92-45e1-9151-5bf21f1825e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:c5:09:66:e9:06:12:de:1d:cc:41:65:22:48:80:dd:16:bb:
         84:5b:6e:82:42:4b:4a:86:b3:27:f8:80:2e:d1:d7:c4:78:b1:
         ba:94:65:e0:ba:07:97:c6:a5:74:5b:db:8c:04:30:de:45:40:
         d0:eb:e0:2d:36:95:49:24:ac:d3:84:aa:fc:da:e7:1c:ee:33:
         88:71:09:5d:60:9a:49:f8:d2:98:72:f1:b9:35:19:93:a1:92:
         7d:df:86:b4:c3:be:1e:4e:3a:bd:94:00:2c:1a:1d:cc:51:ef:
         47:8a:c5:f9:2c:a8:dd:06:a5:27:eb:7e:b4:5a:d0:b5:ac:ed:
         ec:17:c9:b8:ec:c0:31:86:7f:f6:07:ab:ef:60:08:9a:a4:5f:
         91:c2:96:eb:8d:21:fc:81:b3:63:db:17:ec:3e:90:b1:05:41:
         2b:b2:a6:5e:a4:78:d5:df:b5:ee:2f:35:ea:d6:85:24:6d:bc:
         01:44:43:26:d6:7f:e1:ad:3e:49:c3:57:be:54:d8:8d:ca:9e:
         2a:76:20:9f:13:fd:3c:df:80:cc:1d:d4:62:8a:62:94:64:ca:
         63:32:88:3d:31:9b:8e:5a:42:28:f9:86:b0:f2:d8:00:ff:18:
         2d:80:27:26:1b:ac:88:05:14:24:f9:03:b0:7a:46:84:e5:70:
         45:f8:cf:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURcauIpu0egO5f394CHSn1bpbY9IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE0MDAwMDAwWhcNMjMwOTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhODE3M2Y0MmQ3YWFkYTI4ZDFkOThlOGQ1ZjYyMTFhMDUw
NzA2MjM5NDFmYzg4YmM5YzJlZjE0OGM5YjhiNzExMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCm2xgYfQCEr8JHGYu8GMCMrkOmhhEKkxkRCiO2JZ4/aHGe
zrK5hwQMcCQrcCJvQ+fiESFg4ih0WK2oWFlu+32glAutA7aZjY1rwkpQ4edXzq9z
Zn0SSjukZOc3SxqVAZ2evMnVSURgresPnqOT8Xrh5ISPLAW8QpM3HeZVEFNU6f/I
QL99R9HnOClOob+LIFDibfZoXXb2dxAHGoR17EFIy1q9lR/h4MuDg8q/ZAynycz3
qh5WA7RmVThRiv5tACyI0LX9JgmwgjnzjQ5noXBBeCZvRherd7gqhO888PlJcXui
XlF1fdOj2aiO5kospyG7tYsmG5qnxhchnqLxuKN/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6f+EQmul1i0f3UUgov23bqkWUrYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI1ZGIzODUwLTJkOTItNDVlMS05MTUxLTViZjIxZjE4MjVlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJHFCWbpBhLeHcxBZSJIgN0Wu4Rb
boJCS0qGsyf4gC7R18R4sbqUZeC6B5fGpXRb24wEMN5FQNDr4C02lUkkrNOEqvza
5xzuM4hxCV1gmkn40phy8bk1GZOhkn3fhrTDvh5OOr2UACwaHcxR70eKxfksqN0G
pSfrfrRa0LWs7ewXybjswDGGf/YHq+9gCJqkX5HCluuNIfyBs2PbF+w+kLEFQSuy
pl6keNXfte4vNerWhSRtvAFEQybWf+GtPknDV75U2I3Knip2IJ8T/TzfgMwd1GKK
YpRkymMyiD0xm45aQij5hrDy2AD/GC2AJyYbrIgFFCT5A7B6RoTlcEX4zx4=
-----END CERTIFICATE-----