Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f461a93-356c-4285-b2a1-f4b46f60ac72.roa
File:                     5f461a93-356c-4285-b2a1-f4b46f60ac72.roa (raw, json)
Hash identifier:          YSfdF/mdYniCAG4Zsjau2a4s64dLs1Zho3mz1Z6XQtg=
Subject key identifier:   A5:80:93:59:5B:46:6C:B0:82:61:94:31:36:4E:B3:4B:1F:09:63:71
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       55C2FCAA777A6E79B006B2F148C119FBC2810E86
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f461a93-356c-4285-b2a1-f4b46f60ac72.roa
Signing time:             Tue 22 Aug 2023 00:00:00 +0000
ROA not before:           Tue 22 Aug 2023 00:00:00 +0000
ROA not after:            Tue 26 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:c2:fc:aa:77:7a:6e:79:b0:06:b2:f1:48:c1:19:fb:c2:81:0e:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 22 00:00:00 2023 GMT
            Not After : Sep 26 23:59:59 2023 GMT
        Subject: serialNumber=89d407d709c28776d3d1416b9d4915f2ce158c9754fe959207bc7bc6325ca943, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:03:c3:62:9f:70:31:73:bb:90:15:31:d5:7d:
                    21:c4:ab:7f:cf:35:c4:ab:fa:45:92:37:8b:ef:36:
                    9d:a1:8d:dc:bb:4b:06:82:6d:60:c0:e3:6c:28:05:
                    5e:25:f6:29:0d:bb:de:b2:e9:52:1a:33:39:ca:7a:
                    2c:f7:1d:ae:5e:aa:98:4c:d7:2b:e3:30:70:9b:ff:
                    61:86:ff:c0:62:54:5d:6f:70:67:29:23:46:cf:3f:
                    13:af:e9:68:dd:38:6a:fa:52:05:04:a1:be:b6:f0:
                    62:56:4a:9e:3b:c0:bf:9a:d8:9b:01:d9:9c:c6:d2:
                    42:8d:7e:52:3d:9b:52:1c:90:39:c5:a0:5a:b6:b9:
                    fd:60:10:30:5a:53:d7:8d:f7:de:3a:74:31:07:eb:
                    d5:21:cd:ff:fc:ab:ab:96:e3:73:2e:53:e2:4f:dd:
                    f3:56:53:3e:07:3d:b5:f1:4a:ad:b6:1e:9f:ac:6c:
                    14:e8:01:4c:ae:2f:4d:28:2f:99:aa:2c:33:83:d9:
                    a2:20:8a:a0:7c:71:5e:f9:33:59:63:65:71:89:e4:
                    a6:22:86:57:10:d8:5f:72:72:70:1c:72:e3:1a:35:
                    b8:a3:f8:b0:30:5d:77:08:11:58:41:8f:d0:5e:fc:
                    81:e3:80:8c:29:53:ed:40:08:62:2c:15:a8:36:82:
                    be:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:80:93:59:5B:46:6C:B0:82:61:94:31:36:4E:B3:4B:1F:09:63:71
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f461a93-356c-4285-b2a1-f4b46f60ac72.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:9e:bc:8e:70:82:52:6a:6e:6a:7e:74:82:40:77:10:0c:3f:
         18:a0:52:a8:08:a5:21:da:32:dc:28:c3:f8:13:36:fe:eb:b6:
         3e:75:6d:11:d1:60:40:98:7e:9c:d3:00:f9:14:28:5f:88:25:
         c9:e3:96:44:c0:d4:4a:69:2d:55:b0:70:97:42:a8:91:1f:9c:
         41:0b:f4:7f:a8:68:31:d4:e5:02:38:ff:21:62:eb:7e:74:78:
         72:93:19:62:f7:5a:4b:31:70:3a:19:d4:31:30:87:a6:1c:17:
         f1:b3:a5:d3:3e:bc:c3:f2:10:96:a7:bb:4c:da:28:2c:29:e2:
         ba:5d:c6:ff:bb:b3:21:24:7b:11:9c:f3:fe:e0:19:a1:42:52:
         0d:2f:38:20:ba:8a:ee:e4:8c:73:0c:25:95:de:c2:86:b0:b8:
         d1:78:1e:6c:6c:51:de:85:c9:1b:49:30:c2:11:d8:ab:e3:f4:
         49:b2:53:01:51:ba:86:fe:7b:c6:97:66:b6:fb:13:f8:9a:a0:
         27:5e:8d:9b:6c:4a:f5:5f:01:bf:2d:82:33:8d:cb:82:9a:f0:
         ac:59:3f:64:69:57:ad:04:ac:1c:fb:cd:64:3d:8f:90:bd:b3:
         55:08:41:62:e8:ec:43:2e:ea:83:a0:b7:c9:ea:48:9e:f6:ce:
         e9:e0:fc:ed
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVcL8qnd6bnmwBrLxSMEZ+8KBDoYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODIyMDAwMDAwWhcNMjMwOTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OWQ0MDdkNzA5YzI4Nzc2ZDNkMTQxNmI5ZDQ5MTVmMmNl
MTU4Yzk3NTRmZTk1OTIwN2JjN2JjNjMyNWNhOTQzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnA8Nin3Axc7uQFTHVfSHEq3/PNcSr+kWSN4vvNp2hjdy7
SwaCbWDA42woBV4l9ikNu96y6VIaMznKeiz3Ha5eqphM1yvjMHCb/2GG/8BiVF1v
cGcpI0bPPxOv6WjdOGr6UgUEob628GJWSp47wL+a2JsB2ZzG0kKNflI9m1IckDnF
oFq2uf1gEDBaU9eN9946dDEH69Uhzf/8q6uW43MuU+JP3fNWUz4HPbXxSq22Hp+s
bBToAUyuL00oL5mqLDOD2aIgiqB8cV75M1ljZXGJ5KYihlcQ2F9ycnAccuMaNbij
+LAwXXcIEVhBj9Be/IHjgIwpU+1ACGIsFag2gr4tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpYCTWVtGbLCCYZQxNk6zSx8JY3EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVmNDYxYTkzLTM1NmMtNDI4NS1iMmExLWY0YjQ2ZjYwYWM3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALaevI5wglJqbmp+dIJAdxAMPxig
UqgIpSHaMtwow/gTNv7rtj51bRHRYECYfpzTAPkUKF+IJcnjlkTA1EppLVWwcJdC
qJEfnEEL9H+oaDHU5QI4/yFi6350eHKTGWL3WksxcDoZ1DEwh6YcF/GzpdM+vMPy
EJanu0zaKCwp4rpdxv+7syEkexGc8/7gGaFCUg0vOCC6iu7kjHMMJZXewoawuNF4
HmxsUd6FyRtJMMIR2Kvj9EmyUwFRuob+e8aXZrb7E/iaoCdejZtsSvVfAb8tgjON
y4Ka8KxZP2RpV60ErBz7zWQ9j5C9s1UIQWLo7EMu6oOgt8nqSJ72zung/O0=
-----END CERTIFICATE-----