Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3d2f2f4a-463e-4cda-83ca-17f711e5d8a6.roa
File:                     3d2f2f4a-463e-4cda-83ca-17f711e5d8a6.roa (raw, json)
Hash identifier:          X3AQC92Z5MY/IaRre7ClAc/yQlKVc5lYRzrQJhCu7CA=
Subject key identifier:   DD:6D:8D:4F:57:C5:F0:9D:C6:50:26:33:84:05:83:13:57:DE:EC:10
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       289338BA4A3FDEBC6516B9D738AF0EA64483C384
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3d2f2f4a-463e-4cda-83ca-17f711e5d8a6.roa
Signing time:             Sun 18 Jun 2023 00:00:00 +0000
ROA not before:           Sun 18 Jun 2023 00:00:00 +0000
ROA not after:            Sun 23 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:93:38:ba:4a:3f:de:bc:65:16:b9:d7:38:af:0e:a6:44:83:c3:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 18 00:00:00 2023 GMT
            Not After : Jul 23 23:59:59 2023 GMT
        Subject: serialNumber=be341859023be51cba29cc33518f74749361328fd28cc2d60d0fc46fa44ebf12, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:bf:af:c9:fa:47:01:55:d8:a9:ee:94:ca:03:
                    83:6b:20:f2:89:78:47:67:2e:d8:dc:1a:4a:de:fb:
                    0e:88:8f:d9:5c:fe:f1:ba:b0:4b:78:b4:86:31:f0:
                    38:63:4f:39:fa:96:30:08:9a:62:d9:51:af:66:2b:
                    e5:ce:0e:37:39:57:6d:b0:1f:73:f2:bb:2a:28:a2:
                    01:91:62:85:0a:39:cf:c4:4e:78:e2:44:8f:3f:e4:
                    b1:d5:44:5f:04:b8:18:87:eb:1a:d1:7d:f3:a8:67:
                    9f:25:eb:31:00:e3:c9:04:44:89:67:0c:5a:80:e5:
                    a3:f0:8f:e0:14:1d:e4:a3:a3:00:c5:27:49:ee:fd:
                    2c:7d:fe:43:86:7b:82:43:10:3c:4f:af:b2:e5:d9:
                    59:ea:52:aa:ad:a7:04:46:46:0b:fd:43:18:04:b4:
                    a1:3f:8c:51:8d:5b:ff:9c:9d:d6:8b:0a:e1:7f:7e:
                    89:5d:58:72:e2:b7:31:db:73:d1:90:ee:8b:6a:78:
                    d7:55:98:54:3b:c5:96:a4:3a:12:30:f8:5b:4c:3c:
                    04:32:17:84:a6:4d:44:5f:8e:d7:88:6c:f6:70:a1:
                    9d:90:9a:06:17:e7:e5:7f:ed:1c:d8:b0:52:19:0c:
                    99:6f:b0:43:2d:9d:27:c9:f7:94:be:48:06:38:7d:
                    42:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:6D:8D:4F:57:C5:F0:9D:C6:50:26:33:84:05:83:13:57:DE:EC:10
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3d2f2f4a-463e-4cda-83ca-17f711e5d8a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:07:c5:4d:7e:62:e5:3e:23:b8:6d:0a:4c:34:6f:ba:e8:44:
         bc:d4:dc:89:a2:dc:95:5c:60:8e:79:a9:37:f9:e6:73:70:f4:
         7b:28:50:fc:1e:32:32:ef:12:76:7c:40:73:8a:9d:5b:47:d6:
         0f:6d:d2:a6:2d:e3:26:fe:38:24:f1:d0:12:33:cb:8f:fe:25:
         d3:ae:5b:61:b7:6f:85:24:eb:29:12:f5:48:b0:8a:3b:69:ea:
         9a:dc:50:64:93:88:e0:9e:7b:a7:55:e4:1f:ed:09:e2:5f:3d:
         9f:6f:af:55:fd:8c:35:09:4a:56:07:33:47:ec:0b:89:04:fe:
         9e:a8:3e:58:c0:ca:b7:54:ff:2a:9d:8c:7b:e1:b9:52:0b:e4:
         0d:48:b4:04:6f:85:b1:72:41:f9:8c:a7:89:97:63:05:84:fb:
         49:9f:d4:f6:18:00:a0:af:ab:1c:cd:7f:0a:84:38:9a:b2:71:
         bd:01:b2:35:e3:87:6c:03:f4:0d:37:c5:c3:24:9d:96:46:5b:
         a5:4f:ae:89:0a:84:9a:fe:c2:1a:7d:d8:a1:22:7a:2f:6c:13:
         1f:54:a6:59:81:ee:ea:4b:6b:46:5a:69:cf:31:48:cf:ae:6f:
         5c:25:fe:f5:a2:bd:e9:a2:23:01:3a:c7:d2:8e:40:23:56:66:
         73:78:af:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKJM4uko/3rxlFrnXOK8OpkSDw4QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjE4MDAwMDAwWhcNMjMwNzIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZTM0MTg1OTAyM2JlNTFjYmEyOWNjMzM1MThmNzQ3NDkz
NjEzMjhmZDI4Y2MyZDYwZDBmYzQ2ZmE0NGViZjEyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLv6/J+kcBVdip7pTKA4NrIPKJeEdnLtjcGkre+w6Ij9lc
/vG6sEt4tIYx8DhjTzn6ljAImmLZUa9mK+XODjc5V22wH3PyuyooogGRYoUKOc/E
TnjiRI8/5LHVRF8EuBiH6xrRffOoZ58l6zEA48kERIlnDFqA5aPwj+AUHeSjowDF
J0nu/Sx9/kOGe4JDEDxPr7Ll2VnqUqqtpwRGRgv9QxgEtKE/jFGNW/+cndaLCuF/
foldWHLitzHbc9GQ7otqeNdVmFQ7xZakOhIw+FtMPAQyF4SmTURfjteIbPZwoZ2Q
mgYX5+V/7RzYsFIZDJlvsEMtnSfJ95S+SAY4fULvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3W2NT1fF8J3GUCYzhAWDE1fe7BAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNkMmYyZjRhLTQ2M2UtNGNkYS04M2NhLTE3ZjcxMWU1ZDhhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABoHxU1+YuU+I7htCkw0b7roRLzU
3Imi3JVcYI55qTf55nNw9HsoUPweMjLvEnZ8QHOKnVtH1g9t0qYt4yb+OCTx0BIz
y4/+JdOuW2G3b4Uk6ykS9Uiwijtp6prcUGSTiOCee6dV5B/tCeJfPZ9vr1X9jDUJ
SlYHM0fsC4kE/p6oPljAyrdU/yqdjHvhuVIL5A1ItARvhbFyQfmMp4mXYwWE+0mf
1PYYAKCvqxzNfwqEOJqycb0BsjXjh2wD9A03xcMknZZGW6VProkKhJr+whp92KEi
ei9sEx9UplmB7upLa0Zaac8xSM+ub1wl/vWivemiIwE6x9KOQCNWZnN4r8I=
-----END CERTIFICATE-----