Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/370044b3-2fb9-4a65-affe-968a0ddcfe91.roa
File:                     370044b3-2fb9-4a65-affe-968a0ddcfe91.roa (raw, json)
Hash identifier:          Sq1VLh605vFkCYTxU6zzLi8ytk7UqWFSJlt0Fo0lsI0=
Subject key identifier:   C5:C2:BA:42:A9:26:24:DB:87:C5:0B:14:F6:D8:77:1B:7C:C7:54:25
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       32FAEFCE83DA8ED0B712A57093C08BDEEAD24C00
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/370044b3-2fb9-4a65-affe-968a0ddcfe91.roa
Signing time:             Tue 15 Aug 2023 00:00:00 +0000
ROA not before:           Tue 15 Aug 2023 00:00:00 +0000
ROA not after:            Tue 19 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:fa:ef:ce:83:da:8e:d0:b7:12:a5:70:93:c0:8b:de:ea:d2:4c:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 15 00:00:00 2023 GMT
            Not After : Sep 19 23:59:59 2023 GMT
        Subject: serialNumber=4c74297989598f495b625ed2e4586d6a25ecfdf6a533a182c2c6b3de455b489f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:42:4e:78:1c:fd:21:d8:2d:70:30:6c:11:a5:
                    15:88:77:f9:69:fa:c0:89:ff:20:9e:a2:05:fe:1e:
                    1f:c0:35:ae:c9:6b:66:1a:32:9a:98:38:1f:b7:f6:
                    96:45:9b:0d:9c:cd:56:29:3e:1e:e2:f3:19:f9:6f:
                    a9:ab:d7:7d:72:80:b5:4b:02:40:fa:85:8b:db:b9:
                    62:99:21:38:f4:b3:aa:63:cf:a9:1b:00:a8:0c:38:
                    b3:32:73:af:a7:5d:a7:a8:e2:ef:5b:60:00:1d:c9:
                    36:bc:15:17:c2:d3:f6:c1:f0:16:0b:b8:37:00:97:
                    80:14:45:de:85:e3:f8:ab:94:13:86:06:ba:d0:ec:
                    ce:4d:bf:9f:3d:5e:22:a2:74:23:b7:7e:fa:ee:f7:
                    bf:10:5e:9e:ea:bb:56:77:ee:51:f3:43:47:32:05:
                    36:28:93:79:93:ee:ee:9a:3d:04:29:89:67:81:e7:
                    25:00:ca:6f:08:cb:e0:e4:64:9d:20:88:dd:4f:52:
                    87:ab:2f:42:fc:86:cb:89:df:7f:1f:b1:1c:17:f4:
                    39:60:33:de:c7:75:2b:00:c0:cd:e9:d3:98:74:16:
                    0b:ca:50:c7:92:9e:f8:25:64:b6:5d:bb:14:ef:ee:
                    c7:c8:71:c5:c2:40:6a:74:54:a8:8d:11:94:c3:d8:
                    9d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:C2:BA:42:A9:26:24:DB:87:C5:0B:14:F6:D8:77:1B:7C:C7:54:25
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/370044b3-2fb9-4a65-affe-968a0ddcfe91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:d2:9b:af:b5:5b:70:48:ee:86:0d:80:a8:78:64:bb:35:aa:
         73:60:81:ab:96:9e:64:22:83:29:2d:9b:81:87:75:9a:10:d3:
         10:b3:f8:c5:da:b2:14:da:c0:da:b7:69:ec:4e:e1:73:b1:99:
         08:b5:1b:1b:ee:60:2a:b1:23:fd:ae:36:2d:b4:8e:95:75:5d:
         65:15:41:77:b2:f3:a4:fe:7e:ce:d7:e2:94:38:74:9b:19:de:
         43:37:1e:f2:47:0f:ce:5f:57:8c:96:4b:29:6b:3e:46:58:fe:
         88:e2:f6:ec:11:fa:e0:97:78:ba:02:e7:0f:ea:77:03:56:f2:
         c3:e3:f0:86:51:71:8d:59:e9:6f:43:88:55:43:3d:f6:c2:4e:
         08:8f:6c:cf:e3:a7:90:c1:5f:b9:5a:c8:7b:bd:17:78:5e:64:
         b3:5d:ae:46:54:69:93:a3:ca:f2:da:15:d9:11:e0:80:bf:9e:
         4c:18:c4:31:97:b2:c2:7e:00:3b:cb:99:cb:37:9c:d6:41:62:
         45:ae:1f:85:f9:61:83:7f:88:b2:ee:21:23:65:94:0b:ba:0c:
         32:29:71:b0:6c:31:b4:da:c8:b6:0b:47:ce:3d:7f:d1:8c:5e:
         98:f8:51:f3:6a:ab:22:a5:9f:b8:56:a5:24:d0:eb:28:54:f9:
         63:d8:d6:d4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMvrvzoPajtC3EqVwk8CL3urSTAAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE1MDAwMDAwWhcNMjMwOTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Yzc0Mjk3OTg5NTk4ZjQ5NWI2MjVlZDJlNDU4NmQ2YTI1
ZWNmZGY2YTUzM2ExODJjMmM2YjNkZTQ1NWI0ODlmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeQk54HP0h2C1wMGwRpRWId/lp+sCJ/yCeogX+Hh/ANa7J
a2YaMpqYOB+39pZFmw2czVYpPh7i8xn5b6mr131ygLVLAkD6hYvbuWKZITj0s6pj
z6kbAKgMOLMyc6+nXaeo4u9bYAAdyTa8FRfC0/bB8BYLuDcAl4AURd6F4/irlBOG
BrrQ7M5Nv589XiKidCO3fvru978QXp7qu1Z37lHzQ0cyBTYok3mT7u6aPQQpiWeB
5yUAym8Iy+DkZJ0giN1PUoerL0L8hsuJ338fsRwX9DlgM97HdSsAwM3p05h0FgvK
UMeSnvglZLZduxTv7sfIccXCQGp0VKiNEZTD2J2bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxcK6QqkmJNuHxQsU9th3G3zHVCUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM3MDA0NGIzLTJmYjktNGE2NS1hZmZlLTk2OGEwZGRjZmU5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD/Sm6+1W3BI7oYNgKh4ZLs1qnNg
gauWnmQigyktm4GHdZoQ0xCz+MXashTawNq3aexO4XOxmQi1GxvuYCqxI/2uNi20
jpV1XWUVQXey86T+fs7X4pQ4dJsZ3kM3HvJHD85fV4yWSylrPkZY/oji9uwR+uCX
eLoC5w/qdwNW8sPj8IZRcY1Z6W9DiFVDPfbCTgiPbM/jp5DBX7layHu9F3heZLNd
rkZUaZOjyvLaFdkR4IC/nkwYxDGXssJ+ADvLmcs3nNZBYkWuH4X5YYN/iLLuISNl
lAu6DDIpcbBsMbTayLYLR849f9GMXpj4UfNqqyKln7hWpSTQ6yhU+WPY1tQ=
-----END CERTIFICATE-----