Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4f4cff53-f294-4441-9fd3-95e48cda6d10.roa
File:                     4f4cff53-f294-4441-9fd3-95e48cda6d10.roa (raw, json)
Hash identifier:          9j4e9cd1Ve5s0sHH6N9VjnFC/VMIG7rU5MpdkWOf6+E=
Subject key identifier:   28:D8:7D:FD:C6:82:00:15:8A:E1:25:4F:17:39:BA:89:11:BD:FC:37
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       12CABDA506546F862EDAECA5320DEFCE5DE257F8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4f4cff53-f294-4441-9fd3-95e48cda6d10.roa
Signing time:             Fri 07 Jul 2023 00:00:00 +0000
ROA not before:           Fri 07 Jul 2023 00:00:00 +0000
ROA not after:            Fri 11 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:ca:bd:a5:06:54:6f:86:2e:da:ec:a5:32:0d:ef:ce:5d:e2:57:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  7 00:00:00 2023 GMT
            Not After : Aug 11 23:59:59 2023 GMT
        Subject: serialNumber=25e02cf3debea8df177f8fc89fdb6f9746080c3c149612d7b3219a8d110b603d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:14:4d:6f:e8:68:fb:e6:af:29:7d:63:1a:01:
                    f7:52:be:fb:f0:16:07:e5:e5:15:9b:df:d0:69:98:
                    16:88:81:42:a8:b2:f3:8b:a0:25:32:d1:c3:f4:b0:
                    f6:fe:ec:c6:96:7e:f1:59:6f:95:64:ee:2d:56:7e:
                    a2:3b:77:46:a5:ce:fb:77:8a:08:e9:47:3a:ed:93:
                    2d:26:9f:af:26:72:29:18:de:3d:12:60:e1:67:fa:
                    dd:cf:19:64:80:3c:00:b4:5e:f3:59:eb:54:19:fe:
                    41:7e:0c:68:26:77:f2:6b:ce:7f:79:0c:14:33:06:
                    f6:13:5a:9d:57:fc:2c:9f:70:5d:99:b5:3e:75:e7:
                    cb:c0:0c:6a:d6:75:86:ed:97:47:fc:07:67:f5:39:
                    3f:3b:3e:8f:43:64:88:de:62:98:26:e2:32:4a:95:
                    8a:5a:d0:c2:e2:a6:e6:66:e5:16:65:8b:97:31:05:
                    2b:3d:56:22:43:e6:9e:8c:ef:85:c0:e0:75:14:78:
                    2a:b2:59:25:2f:a5:15:e7:76:f0:dc:d0:cf:2a:d1:
                    14:08:12:5b:97:41:79:90:f9:f0:03:05:0e:86:69:
                    af:d9:48:82:b1:eb:bc:97:e0:1e:64:96:d3:1a:0d:
                    86:47:73:b7:3a:dc:ba:c3:b7:f7:08:71:b1:40:8b:
                    51:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D8:7D:FD:C6:82:00:15:8A:E1:25:4F:17:39:BA:89:11:BD:FC:37
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4f4cff53-f294-4441-9fd3-95e48cda6d10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:a7:7d:f1:74:b1:12:24:6f:8f:35:44:8d:35:e5:2d:f9:f5:
         60:91:3e:af:f4:cf:50:e5:d0:c7:84:d5:d4:ff:29:ce:79:c5:
         ae:41:48:7e:97:ed:cc:2b:15:a5:1a:d6:5c:80:6c:2d:6a:23:
         f0:02:cb:4f:38:df:12:fb:d4:38:f0:d8:97:af:c3:ca:64:4d:
         a0:ef:89:ea:e9:2d:f5:f9:3a:5e:09:90:dd:27:e5:6d:5d:78:
         86:5f:9a:81:eb:1e:e9:ae:ba:d9:f8:51:cb:d9:13:35:d1:df:
         20:ef:43:ad:cc:c1:0b:51:95:f0:63:97:25:af:75:26:af:f1:
         42:a2:08:29:df:1c:59:ff:d5:6a:75:34:fe:23:af:56:7e:80:
         62:8d:cc:83:57:f7:ea:0f:a1:a5:fe:31:e5:25:5f:b8:64:c4:
         f3:52:7e:30:8d:0e:9e:14:f6:a0:bc:03:f0:01:db:ba:86:a3:
         6e:f0:4f:1a:93:6d:15:69:2e:2e:0e:38:08:b9:ff:50:bc:c5:
         4a:bf:ee:eb:52:36:3c:82:d9:dc:46:d9:8b:0c:b5:da:ab:24:
         3a:00:2a:a0:95:6e:13:02:94:cf:81:16:63:14:78:ce:09:91:
         77:cc:22:02:b9:57:8b:a8:c4:28:bc:36:84:cd:c3:b4:75:ba:
         78:ca:d3:70
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEsq9pQZUb4Yu2uylMg3vzl3iV/gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzA3MDAwMDAwWhcNMjMwODExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNWUwMmNmM2RlYmVhOGRmMTc3ZjhmYzg5ZmRiNmY5NzQ2
MDgwYzNjMTQ5NjEyZDdiMzIxOWE4ZDExMGI2MDNkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOFE1v6Gj75q8pfWMaAfdSvvvwFgfl5RWb39BpmBaIgUKo
svOLoCUy0cP0sPb+7MaWfvFZb5Vk7i1WfqI7d0alzvt3igjpRzrtky0mn68mcikY
3j0SYOFn+t3PGWSAPAC0XvNZ61QZ/kF+DGgmd/Jrzn95DBQzBvYTWp1X/CyfcF2Z
tT5158vADGrWdYbtl0f8B2f1OT87Po9DZIjeYpgm4jJKlYpa0MLipuZm5RZli5cx
BSs9ViJD5p6M74XA4HUUeCqyWSUvpRXndvDc0M8q0RQIEluXQXmQ+fADBQ6Gaa/Z
SIKx67yX4B5kltMaDYZHc7c63LrDt/cIcbFAi1FHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKNh9/caCABWK4SVPFzm6iRG9/DcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRmNGNmZjUzLWYyOTQtNDQ0MS05ZmQzLTk1ZTQ4Y2RhNmQxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADOnffF0sRIkb481RI015S359WCR
Pq/0z1Dl0MeE1dT/Kc55xa5BSH6X7cwrFaUa1lyAbC1qI/ACy0843xL71Djw2Jev
w8pkTaDvierpLfX5Ol4JkN0n5W1deIZfmoHrHumuutn4UcvZEzXR3yDvQ63MwQtR
lfBjlyWvdSav8UKiCCnfHFn/1Wp1NP4jr1Z+gGKNzINX9+oPoaX+MeUlX7hkxPNS
fjCNDp4U9qC8A/AB27qGo27wTxqTbRVpLi4OOAi5/1C8xUq/7utSNjyC2dxG2YsM
tdqrJDoAKqCVbhMClM+BFmMUeM4JkXfMIgK5V4uoxCi8NoTNw7R1unjK03A=
-----END CERTIFICATE-----