Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/61816e03-8948-4e0d-8e28-c740ab9c375a.roa
File:                     61816e03-8948-4e0d-8e28-c740ab9c375a.roa (raw, json)
Hash identifier:          5hXJaRJYniAZGKbGTJFjOgVovXf6tT4aiivAIFE0skI=
Subject key identifier:   75:91:08:61:F4:F4:94:32:4F:59:4C:7E:8E:48:1D:E5:1D:39:4C:55
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3BF01ECF30D47E5E507124D14AA09A970CE7FA2F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/61816e03-8948-4e0d-8e28-c740ab9c375a.roa
Signing time:             Thu 20 Jul 2023 00:00:00 +0000
ROA not before:           Thu 20 Jul 2023 00:00:00 +0000
ROA not after:            Thu 24 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:f0:1e:cf:30:d4:7e:5e:50:71:24:d1:4a:a0:9a:97:0c:e7:fa:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 20 00:00:00 2023 GMT
            Not After : Aug 24 23:59:59 2023 GMT
        Subject: serialNumber=0ab2afb2dd0bfb04a767f3e6a2267af1e2a671da96955a37cfd8c4464e0cc46e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d2:1b:2a:a5:a1:df:97:97:e4:3d:52:a0:70:
                    b9:a6:c0:05:62:7b:1e:b0:bb:ce:4a:b1:4a:c2:e2:
                    d9:b1:68:c8:e5:51:f8:dc:59:e2:05:06:88:f9:2c:
                    2f:dc:c9:47:d2:3b:9b:f7:e0:18:b0:ba:03:d5:37:
                    87:80:8a:ff:c9:33:88:99:58:c5:3c:df:5b:c9:2e:
                    66:34:fa:67:c2:40:b2:e2:5c:72:59:24:af:59:10:
                    84:99:2d:a2:4a:f7:20:16:64:f7:bf:3a:86:89:36:
                    b2:f6:ae:cc:16:bc:4e:71:12:6c:14:b6:24:a9:61:
                    5f:e0:25:14:2a:4c:56:68:63:3d:4c:64:e1:da:1c:
                    cd:8d:9a:d2:bc:44:b5:1a:13:03:a6:5c:cc:bd:87:
                    ad:67:67:d0:fe:64:62:36:59:d3:d8:06:62:c7:ad:
                    f2:61:06:ac:3b:2c:0f:64:e6:49:d1:a6:55:c7:0f:
                    36:00:83:34:0a:67:c3:6b:0e:86:9d:98:51:52:64:
                    67:d0:8b:20:81:23:fb:9d:f2:2a:29:18:fb:05:54:
                    99:61:8a:e9:be:52:9c:07:f7:7d:ec:8c:38:4d:08:
                    35:43:43:31:ee:0f:de:ab:c5:c4:cf:df:b4:fa:7d:
                    51:f6:72:49:3a:2a:58:38:e7:c1:9c:67:d2:b6:c7:
                    dd:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:91:08:61:F4:F4:94:32:4F:59:4C:7E:8E:48:1D:E5:1D:39:4C:55
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/61816e03-8948-4e0d-8e28-c740ab9c375a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b0:5a:dd:58:1d:95:e6:9f:ad:9c:76:39:5c:b6:f9:ab:a9:
         09:aa:46:e9:c1:43:c7:5b:92:38:31:6c:2f:b3:db:26:ff:d1:
         84:4a:b2:0e:91:71:a1:84:b8:c0:ab:5a:16:ad:d0:6a:ab:77:
         51:e1:b3:12:91:59:36:33:2b:5e:77:1b:f0:fc:3a:04:99:31:
         65:d6:21:03:45:96:ab:f6:13:12:da:36:31:54:c4:69:b4:af:
         8a:ca:e4:c8:8e:44:e6:98:81:b6:9a:3d:59:1b:a4:45:52:37:
         70:9b:7a:a1:31:01:f7:61:40:e5:ec:17:da:2e:95:c3:77:a7:
         b5:b9:fb:35:fa:11:b2:7b:c4:2c:20:0f:f5:5e:67:1f:d2:18:
         6a:50:63:a9:40:f6:f6:11:cd:fa:d4:7f:82:2a:66:b5:8d:0e:
         dd:72:71:f9:bc:2d:4f:4c:d6:1f:6d:67:dd:18:d3:c2:ad:5b:
         ba:08:95:da:7d:72:8b:bd:5a:3a:80:20:fc:5c:5e:da:80:9b:
         eb:b0:84:a2:23:5f:5b:c9:eb:e1:0b:3e:e0:46:ff:3a:43:f3:
         b1:4b:ca:67:66:c8:f3:a0:8b:fd:41:37:c8:89:53:01:44:30:
         07:a6:6f:63:01:27:e3:94:df:7c:77:ff:82:df:fe:41:8f:25:
         6e:3d:5a:7a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO/AezzDUfl5QcSTRSqCalwzn+i8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzIwMDAwMDAwWhcNMjMwODI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYWIyYWZiMmRkMGJmYjA0YTc2N2YzZTZhMjI2N2FmMWUy
YTY3MWRhOTY5NTVhMzdjZmQ4YzQ0NjRlMGNjNDZlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCx0hsqpaHfl5fkPVKgcLmmwAViex6wu85KsUrC4tmxaMjl
UfjcWeIFBoj5LC/cyUfSO5v34BiwugPVN4eAiv/JM4iZWMU831vJLmY0+mfCQLLi
XHJZJK9ZEISZLaJK9yAWZPe/OoaJNrL2rswWvE5xEmwUtiSpYV/gJRQqTFZoYz1M
ZOHaHM2NmtK8RLUaEwOmXMy9h61nZ9D+ZGI2WdPYBmLHrfJhBqw7LA9k5knRplXH
DzYAgzQKZ8NrDoadmFFSZGfQiyCBI/ud8iopGPsFVJlhium+UpwH933sjDhNCDVD
QzHuD96rxcTP37T6fVH2ckk6Klg458GcZ9K2x90hAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdZEIYfT0lDJPWUx+jkgd5R05TFUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYxODE2ZTAzLTg5NDgtNGUwZC04ZTI4LWM3NDBhYjljMzc1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGywWt1YHZXmn62cdjlctvmrqQmq
RunBQ8dbkjgxbC+z2yb/0YRKsg6RcaGEuMCrWhat0Gqrd1HhsxKRWTYzK153G/D8
OgSZMWXWIQNFlqv2ExLaNjFUxGm0r4rK5MiOROaYgbaaPVkbpEVSN3CbeqExAfdh
QOXsF9oulcN3p7W5+zX6EbJ7xCwgD/VeZx/SGGpQY6lA9vYRzfrUf4IqZrWNDt1y
cfm8LU9M1h9tZ90Y08KtW7oIldp9cou9WjqAIPxcXtqAm+uwhKIjX1vJ6+ELPuBG
/zpD87FLymdmyPOgi/1BN8iJUwFEMAemb2MBJ+OU33x3/4Lf/kGPJW49Wno=
-----END CERTIFICATE-----