Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4db006ac-d3d5-4a64-915d-76ea5ffc6cd0.roa
File:                     4db006ac-d3d5-4a64-915d-76ea5ffc6cd0.roa (raw, json)
Hash identifier:          NHXeaelQN+IcuBC5HhDvSLSpIyvZEoUaTrNhUdSLt+4=
Subject key identifier:   9A:6D:5F:70:FC:7D:30:79:9C:BB:9E:E3:CE:4D:E8:02:31:22:1C:B9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       61CBF3529FBAF01020C54EB1C25BFF512735CC50
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4db006ac-d3d5-4a64-915d-76ea5ffc6cd0.roa
Signing time:             Sat 26 Aug 2023 00:00:00 +0000
ROA not before:           Sat 26 Aug 2023 00:00:00 +0000
ROA not after:            Sat 30 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:cb:f3:52:9f:ba:f0:10:20:c5:4e:b1:c2:5b:ff:51:27:35:cc:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 26 00:00:00 2023 GMT
            Not After : Sep 30 23:59:59 2023 GMT
        Subject: serialNumber=d83568d9420e71f237c1ea5a6c8a00c317e3fbc92aeac8cc674c0b215c2873c9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:de:9a:79:c9:2d:bb:fc:27:80:8f:2d:e9:4b:
                    b6:f6:cf:f6:f1:a4:6b:41:4c:e7:a3:72:eb:e9:77:
                    7f:51:90:51:90:52:80:d9:e2:d2:26:ec:bd:5b:a3:
                    4a:7f:dd:bd:51:ff:4f:e9:39:d3:0e:16:07:ac:18:
                    04:19:de:fa:b5:f8:d0:eb:1e:a1:dd:05:53:95:71:
                    e3:d9:16:02:76:cf:8d:e5:16:f4:fc:4b:c3:ab:21:
                    84:1b:78:b8:4d:94:2a:fd:db:33:a5:c9:6f:00:2c:
                    94:42:6e:c3:dc:72:ed:07:c0:86:35:cf:25:a9:63:
                    af:a7:c0:d8:d3:56:7e:f0:91:0b:4b:1a:0a:69:7c:
                    a4:57:81:c6:63:86:0e:d7:a7:d6:4d:41:67:df:c1:
                    5a:a8:27:c7:c8:03:2d:7a:46:aa:27:d3:ba:95:dc:
                    c2:c6:bb:c2:cc:96:c1:01:82:54:50:6c:86:7d:ea:
                    62:cc:2a:9e:41:7e:84:08:45:4a:46:82:1e:69:c4:
                    ef:61:e3:d8:e5:9c:2a:46:d7:0e:2c:e2:43:86:8a:
                    3c:70:1b:cc:f7:f1:2b:dc:b6:82:bb:08:8e:87:9d:
                    96:17:85:4b:fb:bf:19:7b:24:1d:1a:52:bd:51:ba:
                    1f:c0:53:cb:64:f3:7b:86:af:10:75:5b:c7:4b:b1:
                    9a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:6D:5F:70:FC:7D:30:79:9C:BB:9E:E3:CE:4D:E8:02:31:22:1C:B9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4db006ac-d3d5-4a64-915d-76ea5ffc6cd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:42:ab:82:cc:4d:43:f7:ad:e5:d2:fd:3f:f6:d2:e0:7c:ea:
         06:c7:66:5b:25:e9:de:34:04:d5:30:1e:ec:7f:e5:3a:1b:9b:
         46:2a:7e:65:1c:41:b9:f6:0c:25:95:0c:13:81:7b:8a:81:2e:
         2a:46:df:5a:b2:18:ad:22:46:f7:bd:ad:16:98:77:0c:cf:97:
         87:67:eb:e5:69:17:81:e9:0f:07:e9:1e:65:35:2d:51:fc:35:
         cc:8a:89:6a:db:5f:4c:97:1a:f9:14:54:44:8a:4d:46:a3:3c:
         45:1e:06:2a:c9:95:25:18:f8:b6:24:2e:55:3c:1f:cb:ee:28:
         ee:bf:4d:cc:21:e7:8e:d5:bb:1e:da:5c:3e:7b:a2:34:d7:fe:
         a9:24:f8:ab:c8:4f:cb:f3:1c:ff:1b:87:37:86:c0:fc:09:10:
         68:f3:e5:09:90:e2:30:e5:a8:ff:70:07:10:91:03:92:0b:d5:
         98:1f:6c:af:fc:d3:22:61:89:77:97:66:cc:79:7c:77:d3:b6:
         3c:ac:83:8f:30:4b:1d:5f:fb:13:91:75:24:e0:5a:4a:25:63:
         9f:86:96:55:90:92:b0:0f:b3:7b:68:72:62:7b:a5:11:be:6c:
         71:96:75:ed:fe:ac:a3:b5:94:06:fb:5c:b3:be:96:e4:7e:09:
         f8:5f:ff:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYcvzUp+68BAgxU6xwlv/USc1zFAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI2MDAwMDAwWhcNMjMwOTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkODM1NjhkOTQyMGU3MWYyMzdjMWVhNWE2YzhhMDBjMzE3
ZTNmYmM5MmFlYWM4Y2M2NzRjMGIyMTVjMjg3M2M5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDG3pp5yS27/CeAjy3pS7b2z/bxpGtBTOejcuvpd39RkFGQ
UoDZ4tIm7L1bo0p/3b1R/0/pOdMOFgesGAQZ3vq1+NDrHqHdBVOVcePZFgJ2z43l
FvT8S8OrIYQbeLhNlCr92zOlyW8ALJRCbsPccu0HwIY1zyWpY6+nwNjTVn7wkQtL
GgppfKRXgcZjhg7Xp9ZNQWffwVqoJ8fIAy16Rqon07qV3MLGu8LMlsEBglRQbIZ9
6mLMKp5BfoQIRUpGgh5pxO9h49jlnCpG1w4s4kOGijxwG8z38SvctoK7CI6HnZYX
hUv7vxl7JB0aUr1Ruh/AU8tk83uGrxB1W8dLsZpVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmm1fcPx9MHmcu57jzk3oAjEiHLkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRkYjAwNmFjLWQzZDUtNGE2NC05MTVkLTc2ZWE1ZmZjNmNkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAChCq4LMTUP3reXS/T/20uB86gbH
Zlsl6d40BNUwHux/5Tobm0YqfmUcQbn2DCWVDBOBe4qBLipG31qyGK0iRve9rRaY
dwzPl4dn6+VpF4HpDwfpHmU1LVH8NcyKiWrbX0yXGvkUVESKTUajPEUeBirJlSUY
+LYkLlU8H8vuKO6/Tcwh547Vux7aXD57ojTX/qkk+KvIT8vzHP8bhzeGwPwJEGjz
5QmQ4jDlqP9wBxCRA5IL1ZgfbK/80yJhiXeXZsx5fHfTtjysg48wSx1f+xORdSTg
WkolY5+GllWQkrAPs3tocmJ7pRG+bHGWde3+rKO1lAb7XLO+luR+Cfhf/8A=
-----END CERTIFICATE-----