Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/614337a4-3546-476d-a61a-e2ba2461aec4.roa
File:                     614337a4-3546-476d-a61a-e2ba2461aec4.roa (raw, json)
Hash identifier:          Gtk2HKmLGfHz752cfWFvfzzCL8vE7zZ/ruj4yEBieEE=
Subject key identifier:   D9:59:50:1E:D0:64:2D:1E:10:C1:E2:73:06:7E:B6:A4:1A:1F:12:BC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       617FD02682913E3684402768B6DDDA09581A841B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/614337a4-3546-476d-a61a-e2ba2461aec4.roa
Signing time:             Sat 15 Jul 2023 00:00:00 +0000
ROA not before:           Sat 15 Jul 2023 00:00:00 +0000
ROA not after:            Sat 19 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:7f:d0:26:82:91:3e:36:84:40:27:68:b6:dd:da:09:58:1a:84:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 15 00:00:00 2023 GMT
            Not After : Aug 19 23:59:59 2023 GMT
        Subject: serialNumber=1c6d89f9cf7e29e1ce82131db0ee9c9663d172a6bb66215bcab815c6bb05c907, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:94:4e:a2:98:2b:51:2b:09:3f:45:1e:0c:ee:
                    25:eb:7b:23:a4:72:99:84:8d:0f:47:fb:f3:14:96:
                    62:19:2e:b8:91:0c:c3:e4:b4:f4:46:c6:79:40:fc:
                    57:3b:48:70:c8:6f:51:54:85:c8:c2:55:a7:6c:30:
                    53:bc:4c:ea:76:2f:f5:96:f2:2d:f9:4b:d8:b1:5d:
                    e5:b3:03:11:bd:10:bf:bf:8a:c6:41:8e:d6:69:f6:
                    63:d3:22:36:92:64:06:86:9b:ca:74:23:46:e1:a5:
                    d6:2a:80:d6:d7:06:92:0a:18:81:44:68:af:59:8d:
                    f6:dc:bb:cd:92:12:03:b0:fa:ef:84:18:97:d4:aa:
                    88:57:f7:82:04:9c:13:7a:1b:0f:94:5a:64:50:1b:
                    02:f1:33:cb:b0:dc:fb:a1:4c:5d:5e:24:38:e0:ed:
                    a3:00:ed:22:41:6f:71:0e:4d:ae:86:3c:26:c6:91:
                    4b:74:8d:1e:08:5f:4b:cb:e1:18:cb:18:12:2c:ec:
                    60:54:88:f5:5c:f3:ee:f4:0d:94:e5:9c:48:b2:10:
                    22:e3:09:e2:a6:91:85:20:86:57:f5:83:58:9c:83:
                    7a:18:c1:33:ff:a9:1a:6c:b5:fc:1e:17:f1:4d:48:
                    9b:d3:15:3c:6d:03:62:1d:74:b0:de:0a:d9:2d:dd:
                    34:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:59:50:1E:D0:64:2D:1E:10:C1:E2:73:06:7E:B6:A4:1A:1F:12:BC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/614337a4-3546-476d-a61a-e2ba2461aec4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:62:e9:ff:73:16:8e:18:db:cc:ab:04:c1:74:03:78:8e:ba:
         10:a1:c4:be:f4:38:ee:f0:72:2b:e4:b3:0b:d6:cd:3e:9e:4f:
         a6:a9:98:26:29:89:83:da:c3:a4:1a:31:c7:72:37:ad:68:9b:
         5e:b8:ea:6f:78:fb:e8:66:42:f1:0f:84:45:ba:91:a5:53:fb:
         13:52:0a:94:1e:ca:91:9b:85:bf:ef:e9:8b:0f:19:2a:97:87:
         e9:5e:a7:69:7b:42:26:de:51:37:be:bc:67:15:69:9c:ab:f6:
         da:69:2e:a0:7a:76:59:b1:0b:2b:ab:30:7a:39:29:f4:a4:33:
         8b:2e:5e:5d:b7:aa:37:de:86:48:b1:50:cd:6f:e7:a6:75:10:
         d6:33:71:31:63:7b:5c:aa:6a:81:ef:13:95:50:2a:e2:7f:87:
         1f:05:91:43:58:21:e2:4e:63:a7:63:76:c7:d3:f1:c9:d5:67:
         5b:7c:05:f8:3c:9a:71:84:89:9f:f0:6f:09:19:95:45:94:64:
         77:92:54:41:af:97:5b:cb:db:f3:44:91:74:6b:70:c7:27:a3:
         82:20:35:79:72:10:68:92:82:67:23:98:ad:0c:da:e9:87:ff:
         95:1d:8f:4b:90:e9:6e:2a:44:55:eb:39:12:3d:1f:e2:d1:22:
         e5:14:fa:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYX/QJoKRPjaEQCdott3aCVgahBswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE1MDAwMDAwWhcNMjMwODE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYzZkODlmOWNmN2UyOWUxY2U4MjEzMWRiMGVlOWM5NjYz
ZDE3MmE2YmI2NjIxNWJjYWI4MTVjNmJiMDVjOTA3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDblE6imCtRKwk/RR4M7iXreyOkcpmEjQ9H+/MUlmIZLriR
DMPktPRGxnlA/Fc7SHDIb1FUhcjCVadsMFO8TOp2L/WW8i35S9ixXeWzAxG9EL+/
isZBjtZp9mPTIjaSZAaGm8p0I0bhpdYqgNbXBpIKGIFEaK9Zjfbcu82SEgOw+u+E
GJfUqohX94IEnBN6Gw+UWmRQGwLxM8uw3PuhTF1eJDjg7aMA7SJBb3EOTa6GPCbG
kUt0jR4IX0vL4RjLGBIs7GBUiPVc8+70DZTlnEiyECLjCeKmkYUghlf1g1icg3oY
wTP/qRpstfweF/FNSJvTFTxtA2IddLDeCtkt3TQhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2VlQHtBkLR4QweJzBn62pBofErwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYxNDMzN2E0LTM1NDYtNDc2ZC1hNjFhLWUyYmEyNDYxYWVjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAANi6f9zFo4Y28yrBMF0A3iOuhCh
xL70OO7wcivkswvWzT6eT6apmCYpiYPaw6QaMcdyN61om1646m94++hmQvEPhEW6
kaVT+xNSCpQeypGbhb/v6YsPGSqXh+lep2l7QibeUTe+vGcVaZyr9tppLqB6dlmx
CyurMHo5KfSkM4suXl23qjfehkixUM1v56Z1ENYzcTFje1yqaoHvE5VQKuJ/hx8F
kUNYIeJOY6djdsfT8cnVZ1t8Bfg8mnGEiZ/wbwkZlUWUZHeSVEGvl1vL2/NEkXRr
cMcno4IgNXlyEGiSgmcjmK0M2umH/5Udj0uQ6W4qRFXrORI9H+LRIuUU+hs=
-----END CERTIFICATE-----