Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/291cc16c-813e-4389-860f-bcd672fddb25.roa
File:                     291cc16c-813e-4389-860f-bcd672fddb25.roa (raw, json)
Hash identifier:          DISfihsulw+mrQY3wcfj92cMAbU/yjv3L4p0cX+WJ0M=
Subject key identifier:   9D:E0:9C:AF:B9:37:75:58:01:49:F8:08:97:7F:77:2E:F5:C5:A0:A6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5B04D3F5D5DD1041C1B4AEA76C0DD79DFD521494
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/291cc16c-813e-4389-860f-bcd672fddb25.roa
Signing time:             Thu 17 Aug 2023 00:00:00 +0000
ROA not before:           Thu 17 Aug 2023 00:00:00 +0000
ROA not after:            Thu 21 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:04:d3:f5:d5:dd:10:41:c1:b4:ae:a7:6c:0d:d7:9d:fd:52:14:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 17 00:00:00 2023 GMT
            Not After : Sep 21 23:59:59 2023 GMT
        Subject: serialNumber=e1848cb9892b481ba5c4d41830056e698a8c6c715bc995baed288893298f69ed, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:dc:20:8c:13:e5:7c:52:eb:ba:9e:41:24:2d:
                    26:67:2c:76:8b:e8:23:2b:d5:3a:16:e5:63:d2:f2:
                    cc:78:1b:04:9a:d2:2b:1b:11:ee:a8:bb:75:f8:58:
                    be:55:7e:82:3b:34:6f:66:42:4a:ba:f1:a3:40:7b:
                    5e:de:97:7b:a2:2c:0f:26:34:c3:80:a1:18:90:29:
                    38:e2:ac:49:bb:4e:18:60:39:2b:4c:dd:0f:db:6c:
                    04:b9:2d:ab:20:1c:57:b1:8d:12:b2:7c:ed:61:fa:
                    f9:02:8d:19:2b:b0:8d:02:44:56:16:bc:de:80:52:
                    7a:28:35:47:ed:4c:f2:d2:04:f9:e5:90:eb:3f:f2:
                    4f:80:ec:26:8f:c9:ab:3d:68:f9:51:10:32:32:af:
                    4e:d2:1e:76:fc:3a:bc:2f:9d:19:ba:34:b9:8b:cd:
                    a4:f8:89:47:03:76:fa:12:74:56:67:1b:3e:13:17:
                    47:7c:11:33:ea:90:c9:8a:9c:7b:95:3e:e1:c7:f3:
                    86:7d:22:d0:e9:d8:e2:b0:f9:5a:8c:50:5e:ac:c9:
                    62:31:4b:b3:40:18:9c:45:03:2f:36:93:1e:f9:05:
                    6d:7c:15:0c:ba:0d:6e:bc:74:81:c6:3f:2e:04:76:
                    bb:88:44:88:07:8e:e4:48:df:ae:37:77:c8:b3:ad:
                    81:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:E0:9C:AF:B9:37:75:58:01:49:F8:08:97:7F:77:2E:F5:C5:A0:A6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/291cc16c-813e-4389-860f-bcd672fddb25.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:89:05:79:9a:40:02:c0:29:2e:e1:08:8c:f1:94:69:f7:54:
         6c:09:18:d2:03:82:a1:2e:2e:ad:ff:c9:9d:e5:7d:7b:17:f1:
         e3:56:ec:90:b3:5b:4b:81:2f:c2:ab:50:26:33:72:16:30:4f:
         73:9d:1c:71:b4:20:53:a6:08:de:4f:de:bd:90:0d:23:2e:c4:
         bc:46:77:55:53:41:dd:fc:a2:77:95:3f:c2:f7:d2:05:3a:f9:
         98:62:48:ca:2d:2f:17:15:40:0c:a4:8b:fc:a2:26:d3:15:47:
         7a:62:91:e7:51:09:e8:4f:f1:f9:f4:5d:30:31:b5:c9:3b:3b:
         3d:dd:3b:db:7e:4a:5c:2f:e5:e1:58:56:b6:13:fd:4a:88:18:
         de:4e:7b:68:af:6f:15:20:5c:0f:d4:cb:77:59:c0:59:c3:cc:
         99:51:b3:43:34:2b:19:2f:00:d0:05:fc:4d:9d:36:2a:52:85:
         14:93:8f:72:bd:26:41:2e:c5:68:e5:8b:b3:52:01:1d:66:7a:
         10:28:80:1b:8f:2c:ed:3e:dd:fa:dd:d0:53:31:1e:7c:21:0d:
         cd:be:5c:e5:04:23:ea:b4:6e:97:c9:91:9f:fd:a9:4a:e4:b9:
         66:0e:6a:bd:06:80:f4:3f:0c:57:a8:2a:47:8e:6e:22:38:25:
         d7:ef:1b:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWwTT9dXdEEHBtK6nbA3Xnf1SFJQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE3MDAwMDAwWhcNMjMwOTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMTg0OGNiOTg5MmI0ODFiYTVjNGQ0MTgzMDA1NmU2OThh
OGM2YzcxNWJjOTk1YmFlZDI4ODg5MzI5OGY2OWVkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDT3CCME+V8Uuu6nkEkLSZnLHaL6CMr1ToW5WPS8sx4GwSa
0isbEe6ou3X4WL5VfoI7NG9mQkq68aNAe17el3uiLA8mNMOAoRiQKTjirEm7Thhg
OStM3Q/bbAS5LasgHFexjRKyfO1h+vkCjRkrsI0CRFYWvN6AUnooNUftTPLSBPnl
kOs/8k+A7CaPyas9aPlREDIyr07SHnb8OrwvnRm6NLmLzaT4iUcDdvoSdFZnGz4T
F0d8ETPqkMmKnHuVPuHH84Z9ItDp2OKw+VqMUF6syWIxS7NAGJxFAy82kx75BW18
FQy6DW68dIHGPy4EdruIRIgHjuRI3643d8izrYH9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUneCcr7k3dVgBSfgIl393LvXFoKYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI5MWNjMTZjLTgxM2UtNDM4OS04NjBmLWJjZDY3MmZkZGIyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEuJBXmaQALAKS7hCIzxlGn3VGwJ
GNIDgqEuLq3/yZ3lfXsX8eNW7JCzW0uBL8KrUCYzchYwT3OdHHG0IFOmCN5P3r2Q
DSMuxLxGd1VTQd38oneVP8L30gU6+ZhiSMotLxcVQAyki/yiJtMVR3pikedRCehP
8fn0XTAxtck7Oz3dO9t+Slwv5eFYVrYT/UqIGN5Oe2ivbxUgXA/Uy3dZwFnDzJlR
s0M0KxkvANAF/E2dNipShRSTj3K9JkEuxWjli7NSAR1mehAogBuPLO0+3frd0FMx
HnwhDc2+XOUEI+q0bpfJkZ/9qUrkuWYOar0GgPQ/DFeoKkeObiI4JdfvG8Q=
-----END CERTIFICATE-----