Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6075e99f-af40-4b24-b485-f367784f0a09.roa
File:                     6075e99f-af40-4b24-b485-f367784f0a09.roa (raw, json)
Hash identifier:          K6X6J7n+CLSMHYul8dYeyCrgFRsr/zZqyNWS1uPM/cg=
Subject key identifier:   7E:D8:C2:7E:8E:4C:90:18:95:CF:3D:94:D7:8E:B7:89:48:E5:04:0A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2D52B48DC872DE6B106196D06F8D0CCFA8B9B13E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6075e99f-af40-4b24-b485-f367784f0a09.roa
Signing time:             Thu 13 Jul 2023 00:00:00 +0000
ROA not before:           Thu 13 Jul 2023 00:00:00 +0000
ROA not after:            Thu 17 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:52:b4:8d:c8:72:de:6b:10:61:96:d0:6f:8d:0c:cf:a8:b9:b1:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 13 00:00:00 2023 GMT
            Not After : Aug 17 23:59:59 2023 GMT
        Subject: serialNumber=8abd505fafd90d51c0ca6589952df1c3ae2887ff36ad98acd5090fb78381b80a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:01:1e:1b:f6:cd:92:47:81:d0:58:15:c9:e5:
                    c4:c0:63:6a:20:28:27:ff:0b:56:f7:4f:e5:15:dc:
                    aa:a0:99:ef:a1:05:d7:fa:11:d7:8b:3b:4a:b9:a3:
                    1e:33:29:20:85:00:c4:e4:13:b4:62:4a:a2:7a:d7:
                    6d:26:39:fe:ed:88:8b:55:0c:df:08:b2:19:8a:63:
                    2e:9d:00:f9:4e:62:9e:2f:54:c4:f8:d1:0e:21:b0:
                    3e:e5:2b:1e:f0:a3:96:f0:98:24:ea:90:b8:af:15:
                    26:94:b9:ea:27:04:17:dc:74:a7:0e:1c:4a:68:5d:
                    01:4a:f1:08:82:9f:43:68:c4:3b:4a:0f:24:43:38:
                    b4:f3:86:37:8f:1e:f5:1e:28:90:47:6d:33:5c:e7:
                    b0:cd:43:c8:89:a0:06:ab:22:fd:4d:c4:77:10:8b:
                    e2:a5:27:c8:7c:a2:cb:1b:86:c1:70:fa:be:24:ca:
                    4b:e4:90:af:56:22:e0:5a:aa:80:9a:8c:73:13:14:
                    5f:ad:8e:d7:d2:2a:e3:ef:49:3a:b9:68:cd:8f:61:
                    c0:52:ff:c6:eb:b8:23:19:1d:fb:0d:3f:3a:69:12:
                    d2:e6:39:7b:58:e9:e2:e1:ef:04:d8:70:ff:f9:24:
                    8b:d6:7d:70:22:3d:70:6e:57:03:5f:4d:03:38:33:
                    b6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D8:C2:7E:8E:4C:90:18:95:CF:3D:94:D7:8E:B7:89:48:E5:04:0A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6075e99f-af40-4b24-b485-f367784f0a09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:4f:1c:c1:19:98:a0:dd:b2:cf:5c:09:c3:56:46:1a:ce:de:
         4b:f0:17:f1:30:c5:7c:7a:93:5b:58:69:5b:78:df:a0:44:9a:
         4e:05:84:49:25:95:4c:a8:27:44:96:53:83:9f:d2:b3:cb:09:
         36:11:65:34:ef:9b:73:29:71:74:7e:aa:93:fe:2d:2e:21:d7:
         ed:86:6f:b9:23:84:02:06:9c:1b:08:ac:a5:6b:61:b6:c7:cd:
         38:7f:ce:f7:a8:07:98:40:d9:93:70:1a:32:31:42:41:3e:90:
         30:28:88:47:d0:2d:5c:cd:f2:12:1b:33:39:66:87:25:50:81:
         25:78:09:43:a8:d2:2f:c0:62:c4:7b:74:d2:58:ac:79:79:af:
         7f:d3:8a:2d:80:65:9a:81:76:02:91:e8:14:d5:ef:2a:3a:69:
         5b:16:b5:7d:18:cd:23:29:c8:e5:06:8e:00:a4:58:36:0f:2c:
         e7:2c:1a:b8:55:1b:c7:2e:92:36:6e:ac:e6:09:ef:86:f9:0a:
         dd:c5:6f:5f:d8:b5:3a:ba:d8:53:4a:f7:e7:9c:7a:bf:ec:ca:
         da:6f:04:6b:36:8d:8b:7f:34:4d:a7:c9:64:d0:22:2b:6c:b4:
         40:75:c0:23:91:13:da:54:14:25:64:72:d7:22:53:55:91:a1:
         27:2f:a4:24
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULVK0jchy3msQYZbQb40Mz6i5sT4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzEzMDAwMDAwWhcNMjMwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YWJkNTA1ZmFmZDkwZDUxYzBjYTY1ODk5NTJkZjFjM2Fl
Mjg4N2ZmMzZhZDk4YWNkNTA5MGZiNzgzODFiODBhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtAR4b9s2SR4HQWBXJ5cTAY2ogKCf/C1b3T+UV3Kqgme+h
Bdf6EdeLO0q5ox4zKSCFAMTkE7RiSqJ6120mOf7tiItVDN8IshmKYy6dAPlOYp4v
VMT40Q4hsD7lKx7wo5bwmCTqkLivFSaUueonBBfcdKcOHEpoXQFK8QiCn0NoxDtK
DyRDOLTzhjePHvUeKJBHbTNc57DNQ8iJoAarIv1NxHcQi+KlJ8h8ossbhsFw+r4k
ykvkkK9WIuBaqoCajHMTFF+tjtfSKuPvSTq5aM2PYcBS/8bruCMZHfsNPzppEtLm
OXtY6eLh7wTYcP/5JIvWfXAiPXBuVwNfTQM4M7bzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUftjCfo5MkBiVzz2U1463iUjlBAowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYwNzVlOTlmLWFmNDAtNGIyNC1iNDg1LWYzNjc3ODRmMGEwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADhPHMEZmKDdss9cCcNWRhrO3kvw
F/EwxXx6k1tYaVt436BEmk4FhEkllUyoJ0SWU4Of0rPLCTYRZTTvm3MpcXR+qpP+
LS4h1+2Gb7kjhAIGnBsIrKVrYbbHzTh/zveoB5hA2ZNwGjIxQkE+kDAoiEfQLVzN
8hIbMzlmhyVQgSV4CUOo0i/AYsR7dNJYrHl5r3/Tii2AZZqBdgKR6BTV7yo6aVsW
tX0YzSMpyOUGjgCkWDYPLOcsGrhVG8cukjZurOYJ74b5Ct3Fb1/YtTq62FNK9+ec
er/sytpvBGs2jYt/NE2nyWTQIitstEB1wCORE9pUFCVkctciU1WRoScvpCQ=
-----END CERTIFICATE-----