Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6dd5727d-94d6-4c62-97c8-432ff103daeb.roa
File:                     6dd5727d-94d6-4c62-97c8-432ff103daeb.roa (raw, json)
Hash identifier:          bDXyl8/DF+LHZ1Bhqe27j2xzilVNZlvqsouz/+WLOTA=
Subject key identifier:   D9:E6:43:44:7A:91:71:55:A9:B6:D7:20:91:BF:A1:97:6D:84:FC:CF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       672C4A6BFB21609FE2E797CF0B50F721E92889F7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6dd5727d-94d6-4c62-97c8-432ff103daeb.roa
Signing time:             Wed 23 Aug 2023 00:00:00 +0000
ROA not before:           Wed 23 Aug 2023 00:00:00 +0000
ROA not after:            Wed 27 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:2c:4a:6b:fb:21:60:9f:e2:e7:97:cf:0b:50:f7:21:e9:28:89:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 23 00:00:00 2023 GMT
            Not After : Sep 27 23:59:59 2023 GMT
        Subject: serialNumber=858eba23475fc1370df7ac34ae94d21712019c4a196a214dca1c553ee3e555c4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:55:ff:fd:60:95:a7:de:a5:71:17:32:c8:66:
                    71:ed:7c:7e:eb:22:f1:b8:66:1e:e6:5b:f3:eb:8f:
                    3d:4c:e0:f7:23:2b:a7:9a:06:d4:99:7b:a1:33:6e:
                    52:5a:a4:ae:0a:5c:24:d6:60:ee:d5:59:7d:f2:11:
                    35:8b:3b:3b:97:55:b6:ef:29:66:12:75:08:4f:40:
                    68:62:07:a6:bb:e8:60:66:7d:cc:54:9e:7f:fa:41:
                    65:51:06:48:86:24:00:f7:79:b6:b0:fa:73:6a:81:
                    db:2f:c0:47:3b:16:21:e6:3a:97:60:a1:65:83:f0:
                    de:c7:71:2d:8c:d4:74:c6:3b:43:a7:09:ca:4f:77:
                    23:08:f4:4b:2b:0a:af:61:87:6d:a4:54:35:3f:e7:
                    ba:b7:89:c2:6b:27:45:14:8b:7a:e7:c6:13:be:ba:
                    6a:d4:3e:32:62:d3:84:08:22:1b:5f:0e:a8:11:d7:
                    02:f0:42:65:8a:31:4e:29:ce:ff:cc:1e:ce:66:3b:
                    91:7f:b5:36:73:49:29:c9:75:0f:d1:87:09:f9:3a:
                    5d:fd:42:15:e0:ca:ae:25:af:ab:a9:61:5c:3d:f3:
                    e1:bf:7f:2c:cc:ef:14:be:2e:3d:27:86:1b:94:2e:
                    76:8b:d6:ab:73:d0:67:0c:76:61:ae:83:a1:53:f8:
                    d9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:E6:43:44:7A:91:71:55:A9:B6:D7:20:91:BF:A1:97:6D:84:FC:CF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6dd5727d-94d6-4c62-97c8-432ff103daeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:e2:53:55:94:be:44:64:e7:ff:11:e6:7d:73:14:02:fa:ab:
         6a:f0:53:8e:08:a0:58:02:f2:45:2c:62:88:96:f9:16:16:85:
         de:d0:01:6f:24:de:cc:95:05:a8:5c:90:3c:c9:28:ba:cb:0a:
         9d:b4:a8:b7:aa:48:4a:d0:91:63:af:08:4e:37:df:c5:ce:3a:
         f6:73:13:31:73:62:07:5c:f2:eb:99:52:4c:e1:35:88:4a:f7:
         ad:c2:f3:e5:e3:9c:a6:bc:55:b4:02:a7:56:a5:13:8e:37:73:
         26:30:f1:1c:d3:86:81:16:91:d3:46:c9:65:1f:ae:f0:b0:3c:
         0d:1f:14:b4:52:ee:a3:d2:d7:ec:0d:ff:8f:e6:3c:74:f1:72:
         f7:5d:ec:d8:e1:f4:87:f6:97:bb:a2:b3:1a:6c:2a:cc:0f:fa:
         87:1c:e8:7b:74:a8:4b:53:b4:b7:1c:dc:ab:9e:70:ef:63:90:
         95:67:b7:69:09:7d:66:bb:65:0d:df:d3:85:3f:c7:8d:34:86:
         75:11:17:8a:a4:aa:5f:8e:cb:ab:9a:49:12:8a:91:0d:59:0d:
         bc:17:90:93:46:2a:12:92:c8:6d:0c:5d:e4:48:35:cb:a3:b5:
         ae:eb:38:88:c1:43:d0:c3:08:8e:81:9b:ab:83:94:47:e4:7d:
         25:68:c8:78
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZyxKa/shYJ/i55fPC1D3IekoifcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODIzMDAwMDAwWhcNMjMwOTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NThlYmEyMzQ3NWZjMTM3MGRmN2FjMzRhZTk0ZDIxNzEy
MDE5YzRhMTk2YTIxNGRjYTFjNTUzZWUzZTU1NWM0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/Vf/9YJWn3qVxFzLIZnHtfH7rIvG4Zh7mW/Prjz1M4Pcj
K6eaBtSZe6EzblJapK4KXCTWYO7VWX3yETWLOzuXVbbvKWYSdQhPQGhiB6a76GBm
fcxUnn/6QWVRBkiGJAD3ebaw+nNqgdsvwEc7FiHmOpdgoWWD8N7HcS2M1HTGO0On
CcpPdyMI9EsrCq9hh22kVDU/57q3icJrJ0UUi3rnxhO+umrUPjJi04QIIhtfDqgR
1wLwQmWKMU4pzv/MHs5mO5F/tTZzSSnJdQ/Rhwn5Ol39QhXgyq4lr6upYVw98+G/
fyzM7xS+Lj0nhhuULnaL1qtz0GcMdmGug6FT+NmhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2eZDRHqRcVWpttcgkb+hl22E/M8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzZkZDU3MjdkLTk0ZDYtNGM2Mi05N2M4LTQzMmZmMTAzZGFlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFXiU1WUvkRk5/8R5n1zFAL6q2rw
U44IoFgC8kUsYoiW+RYWhd7QAW8k3syVBahckDzJKLrLCp20qLeqSErQkWOvCE43
38XOOvZzEzFzYgdc8uuZUkzhNYhK963C8+XjnKa8VbQCp1alE443cyYw8RzThoEW
kdNGyWUfrvCwPA0fFLRS7qPS1+wN/4/mPHTxcvdd7Njh9If2l7uisxpsKswP+occ
6Ht0qEtTtLcc3KuecO9jkJVnt2kJfWa7ZQ3f04U/x400hnURF4qkql+Oy6uaSRKK
kQ1ZDbwXkJNGKhKSyG0MXeRINcujta7rOIjBQ9DDCI6Bm6uDlEfkfSVoyHg=
-----END CERTIFICATE-----