Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6f2cd5a5-c8fa-4f29-97a1-23037471f3eb.roa
File:                     6f2cd5a5-c8fa-4f29-97a1-23037471f3eb.roa (raw, json)
Hash identifier:          hWHofDM9Jhdg5pHk2AFKu6LVAyVsSKPKdjtxBLNmKYA=
Subject key identifier:   23:13:C4:31:0C:A8:A5:67:09:43:4D:9F:63:B9:43:83:ED:4B:F2:8C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       17562F24E9E144094AC73094AEC33D001D4254F2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6f2cd5a5-c8fa-4f29-97a1-23037471f3eb.roa
Signing time:             Wed 21 Jun 2023 00:00:00 +0000
ROA not before:           Wed 21 Jun 2023 00:00:00 +0000
ROA not after:            Wed 26 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:56:2f:24:e9:e1:44:09:4a:c7:30:94:ae:c3:3d:00:1d:42:54:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 21 00:00:00 2023 GMT
            Not After : Jul 26 23:59:59 2023 GMT
        Subject: serialNumber=3456e7be5c57c069e3f8563f14a230a4a64f38e6e391c399ccc9fb0556e10bc7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:fb:21:e8:89:a7:21:48:8c:92:ac:37:3a:c8:
                    83:ce:58:22:ca:67:5d:85:ff:92:60:68:87:48:91:
                    90:7d:e6:07:ef:a4:0c:b6:d1:ad:26:91:f7:b3:0a:
                    c5:ce:fb:38:af:22:54:49:2f:b4:d1:6c:70:3d:de:
                    07:ff:75:7b:04:02:6e:3f:77:a4:d7:a4:bf:49:2f:
                    ce:a5:3f:4a:32:ab:0f:d1:20:38:66:7f:df:b3:a3:
                    4e:c2:8e:eb:87:06:22:cc:65:64:09:31:da:d4:26:
                    49:07:34:cf:89:b7:ec:40:77:df:e6:ff:e0:28:e1:
                    9b:12:ba:37:e8:2b:94:8c:c0:1b:e8:ac:ee:26:bc:
                    66:95:a8:20:7c:ed:b0:86:6e:90:a1:3b:14:86:e2:
                    d3:e1:52:e5:dd:52:14:ea:48:82:90:e5:00:22:52:
                    36:92:96:dd:51:0f:61:40:d7:19:28:09:3a:2f:a4:
                    df:b3:a3:6d:13:de:81:ec:90:20:d8:27:b9:43:4d:
                    bf:fe:b6:c5:60:15:27:2a:5e:44:77:27:81:23:9a:
                    e3:74:d9:19:df:0d:f4:ec:c7:2a:9c:72:13:ff:18:
                    ec:99:f4:4a:32:b9:bd:ed:40:46:a6:78:0a:12:97:
                    0a:04:d1:5a:9b:3a:a6:01:c7:b2:33:bf:fe:c7:0d:
                    75:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:13:C4:31:0C:A8:A5:67:09:43:4D:9F:63:B9:43:83:ED:4B:F2:8C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6f2cd5a5-c8fa-4f29-97a1-23037471f3eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:a9:75:d3:0e:6e:28:4a:2a:8e:65:08:a9:9c:30:23:1f:71:
         ce:57:11:9d:ad:ff:de:74:5d:2a:c6:0e:5a:1b:44:58:84:90:
         a4:70:81:8b:a5:92:45:83:b4:c0:a8:38:b3:b2:c2:e6:ba:3f:
         ce:02:92:58:fe:53:63:7d:d0:ae:80:66:40:d6:cc:af:61:7b:
         08:db:5e:8f:aa:93:a7:ef:f7:75:3c:36:bf:c8:40:21:77:56:
         5d:e9:56:b1:2d:02:50:c1:8e:6e:08:bf:79:2d:8e:ce:d9:3b:
         04:84:e5:c1:ab:e1:98:2b:90:4d:59:5f:92:22:25:ff:78:0e:
         39:ab:ff:79:8c:39:fa:b7:b7:12:18:98:a2:f8:d0:4b:ff:2e:
         9f:18:8c:33:0d:e3:47:2f:d0:ff:74:c1:e9:ca:22:91:28:05:
         6e:1b:14:77:67:3a:23:e4:94:15:aa:a7:cf:6a:50:ea:38:61:
         31:05:93:31:a5:14:ac:75:80:0f:b8:df:77:de:83:b6:90:11:
         f4:0c:a2:08:2e:d7:2d:ec:25:14:36:49:7c:35:80:bb:47:00:
         d6:30:fa:b0:d0:69:2b:c6:b1:f0:23:20:cc:56:63:7b:ce:7f:
         33:c5:f2:cd:1a:6f:53:b4:c4:2c:8d:c8:55:c6:ef:7d:27:b4:
         ab:47:0f:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF1YvJOnhRAlKxzCUrsM9AB1CVPIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjIxMDAwMDAwWhcNMjMwNzI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDU2ZTdiZTVjNTdjMDY5ZTNmODU2M2YxNGEyMzBhNGE2
NGYzOGU2ZTM5MWMzOTljY2M5ZmIwNTU2ZTEwYmM3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQ+yHoiachSIySrDc6yIPOWCLKZ12F/5JgaIdIkZB95gfv
pAy20a0mkfezCsXO+zivIlRJL7TRbHA93gf/dXsEAm4/d6TXpL9JL86lP0oyqw/R
IDhmf9+zo07CjuuHBiLMZWQJMdrUJkkHNM+Jt+xAd9/m/+Ao4ZsSujfoK5SMwBvo
rO4mvGaVqCB87bCGbpChOxSG4tPhUuXdUhTqSIKQ5QAiUjaSlt1RD2FA1xkoCTov
pN+zo20T3oHskCDYJ7lDTb/+tsVgFScqXkR3J4EjmuN02RnfDfTsxyqcchP/GOyZ
9Eoyub3tQEameAoSlwoE0VqbOqYBx7Izv/7HDXXxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIxPEMQyopWcJQ02fY7lDg+1L8owwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzZmMmNkNWE1LWM4ZmEtNGYyOS05N2ExLTIzMDM3NDcxZjNlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALOpddMObihKKo5lCKmcMCMfcc5X
EZ2t/950XSrGDlobRFiEkKRwgYulkkWDtMCoOLOywua6P84Cklj+U2N90K6AZkDW
zK9hewjbXo+qk6fv93U8Nr/IQCF3Vl3pVrEtAlDBjm4Iv3ktjs7ZOwSE5cGr4Zgr
kE1ZX5IiJf94Djmr/3mMOfq3txIYmKL40Ev/Lp8YjDMN40cv0P90wenKIpEoBW4b
FHdnOiPklBWqp89qUOo4YTEFkzGlFKx1gA+433feg7aQEfQMoggu1y3sJRQ2SXw1
gLtHANYw+rDQaSvGsfAjIMxWY3vOfzPF8s0ab1O0xCyNyFXG730ntKtHD04=
-----END CERTIFICATE-----