Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3336532e-4bbe-41a3-b575-2b6c65a7e286.roa
File:                     3336532e-4bbe-41a3-b575-2b6c65a7e286.roa (raw, json)
Hash identifier:          jTFkVC2WJfOoITeTipp/53JyvFOIdSbYZ0yaqWzXJK8=
Subject key identifier:   92:18:87:D2:31:10:86:7E:74:B8:D0:A4:D5:7F:69:A9:21:0E:BE:CB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3AC77D2E0FCC3713B3396B894D0DFE8DCEC6D89C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3336532e-4bbe-41a3-b575-2b6c65a7e286.roa
Signing time:             Tue 11 Jul 2023 00:00:00 +0000
ROA not before:           Tue 11 Jul 2023 00:00:00 +0000
ROA not after:            Tue 15 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:c7:7d:2e:0f:cc:37:13:b3:39:6b:89:4d:0d:fe:8d:ce:c6:d8:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 11 00:00:00 2023 GMT
            Not After : Aug 15 23:59:59 2023 GMT
        Subject: serialNumber=249e38b2966ed97b29bd5b4ab937e69234ed295fce6d8093aab7fea0dd408e43, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f7:94:a9:21:11:d4:ea:36:f9:5e:12:22:92:
                    54:34:65:6c:b2:18:18:5b:95:38:8a:cd:41:28:b0:
                    ab:25:24:1c:21:88:19:67:6e:f8:f7:c7:6c:53:7b:
                    c0:d3:38:b8:cb:84:c3:b3:5d:06:50:e3:94:0d:e6:
                    09:85:5a:eb:6e:a8:bf:22:d0:07:03:af:93:a6:eb:
                    d7:d2:08:74:f2:7a:17:40:f9:6e:f1:3c:22:2e:d4:
                    8a:51:e5:34:37:ed:57:5b:c8:47:17:79:a2:04:a4:
                    a7:94:1a:2e:6d:cf:34:ec:78:75:4f:46:80:ea:0c:
                    50:bc:e4:f3:9d:31:1b:9c:2c:ec:fc:97:4c:fc:78:
                    6e:5d:a4:19:a3:86:c8:5d:ce:f2:58:8e:61:76:a0:
                    27:04:68:87:c7:0a:9d:b9:87:3a:21:0f:66:bf:02:
                    29:36:d2:61:b8:b2:bb:0d:0f:70:bb:0a:f8:0c:c1:
                    cb:5d:4f:b3:cf:76:6f:09:12:09:ab:8f:c9:1f:8c:
                    df:0b:8c:09:5d:18:18:68:7c:b8:4a:24:d7:f5:ab:
                    1f:d4:ad:96:44:a6:72:6b:06:27:12:20:9a:10:78:
                    0d:c9:c5:b2:85:dd:a4:26:02:30:b0:3a:ea:58:ff:
                    df:94:54:0c:e2:6f:91:0b:cd:07:db:75:ed:7d:60:
                    b0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:18:87:D2:31:10:86:7E:74:B8:D0:A4:D5:7F:69:A9:21:0E:BE:CB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3336532e-4bbe-41a3-b575-2b6c65a7e286.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:4e:7a:16:21:ee:e3:a2:99:0d:35:43:63:e7:eb:a0:db:68:
         c9:63:ad:7d:41:da:cc:7a:26:c0:47:b5:6b:a2:a1:77:88:7c:
         20:40:c8:76:45:b9:69:6a:61:ca:31:fa:00:0b:16:5c:dd:f6:
         3b:78:45:4a:77:05:87:2e:cd:38:81:d2:a9:6e:70:f2:6e:3d:
         76:3b:ab:bf:c3:dd:8a:50:5f:54:84:29:fe:22:d9:ff:a2:b3:
         cd:99:13:b5:f8:d6:db:61:4b:5c:86:b9:38:a0:e6:2e:ae:13:
         87:e8:ff:8a:4d:2f:c2:e9:40:f3:b9:d4:54:3e:ff:df:64:e3:
         2b:a6:77:1b:6d:d2:0d:9d:77:94:ee:92:42:81:21:50:ff:22:
         8c:d8:cd:c8:4d:4c:39:47:f7:81:e2:34:05:b6:03:09:8a:10:
         a4:95:22:83:8d:7c:6d:94:22:1e:09:15:c5:47:43:2f:3e:90:
         a7:6e:c7:49:68:5e:99:24:92:7a:96:e2:43:f9:2e:c4:22:d4:
         2f:a0:0a:a2:26:f4:6a:46:a6:54:de:60:2e:05:21:79:c8:44:
         1f:e6:1a:23:b2:b1:f6:75:9d:37:88:5c:15:c8:61:b1:c0:72:
         7f:79:8c:af:46:a9:42:07:8a:76:f3:3b:69:31:c9:13:90:dc:
         97:61:25:7a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOsd9Lg/MNxOzOWuJTQ3+jc7G2JwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzExMDAwMDAwWhcNMjMwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDllMzhiMjk2NmVkOTdiMjliZDViNGFiOTM3ZTY5MjM0
ZWQyOTVmY2U2ZDgwOTNhYWI3ZmVhMGRkNDA4ZTQzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd95SpIRHU6jb5XhIiklQ0ZWyyGBhblTiKzUEosKslJBwh
iBlnbvj3x2xTe8DTOLjLhMOzXQZQ45QN5gmFWutuqL8i0AcDr5Om69fSCHTyehdA
+W7xPCIu1IpR5TQ37VdbyEcXeaIEpKeUGi5tzzTseHVPRoDqDFC85POdMRucLOz8
l0z8eG5dpBmjhshdzvJYjmF2oCcEaIfHCp25hzohD2a/Aik20mG4srsND3C7CvgM
wctdT7PPdm8JEgmrj8kfjN8LjAldGBhofLhKJNf1qx/UrZZEpnJrBicSIJoQeA3J
xbKF3aQmAjCwOupY/9+UVAzib5ELzQfbde19YLAbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkhiH0jEQhn50uNCk1X9pqSEOvsswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMzMzY1MzJlLTRiYmUtNDFhMy1iNTc1LTJiNmM2NWE3ZTI4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA5OehYh7uOimQ01Q2Pn66DbaMlj
rX1B2sx6JsBHtWuioXeIfCBAyHZFuWlqYcox+gALFlzd9jt4RUp3BYcuzTiB0qlu
cPJuPXY7q7/D3YpQX1SEKf4i2f+is82ZE7X41tthS1yGuTig5i6uE4fo/4pNL8Lp
QPO51FQ+/99k4yumdxtt0g2dd5TukkKBIVD/IozYzchNTDlH94HiNAW2AwmKEKSV
IoONfG2UIh4JFcVHQy8+kKdux0loXpkkknqW4kP5LsQi1C+gCqIm9GpGplTeYC4F
IXnIRB/mGiOysfZ1nTeIXBXIYbHAcn95jK9GqUIHinbzO2kxyROQ3JdhJXo=
-----END CERTIFICATE-----