Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/76be135c-c3fd-4740-a285-e29ec8f240cd.roa
File:                     76be135c-c3fd-4740-a285-e29ec8f240cd.roa (raw, json)
Hash identifier:          w3At4/7l4t+nbGpJxv5ex3ln8/3/svHo2/pxSmT6bGM=
Subject key identifier:   40:79:2E:7B:86:B0:29:A2:FB:07:4F:C0:9A:00:95:21:8A:C5:3F:90
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2122DC4935EB9205DCBFED23B2E38CF0D12E6ECE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/76be135c-c3fd-4740-a285-e29ec8f240cd.roa
Signing time:             Mon 10 Jul 2023 00:00:00 +0000
ROA not before:           Mon 10 Jul 2023 00:00:00 +0000
ROA not after:            Mon 14 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:22:dc:49:35:eb:92:05:dc:bf:ed:23:b2:e3:8c:f0:d1:2e:6e:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 10 00:00:00 2023 GMT
            Not After : Aug 14 23:59:59 2023 GMT
        Subject: serialNumber=1593c6422a1710d48de40d4ecdb66d656d688ef5dc1509c921623decde34b5f9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7f:36:0b:98:f9:58:31:77:5a:bc:4f:46:0d:
                    45:70:c9:c1:9c:1b:f9:d7:d6:ee:60:dd:8d:49:79:
                    39:67:3b:83:69:07:21:ce:d1:5d:db:2c:e4:bf:e5:
                    38:02:f9:b1:b7:c9:a3:45:2d:e5:b2:4a:b0:44:f4:
                    66:30:74:db:c4:52:08:eb:86:c2:aa:b8:2b:3b:59:
                    cd:ef:22:75:f1:65:ff:3c:d0:11:18:ca:ec:75:af:
                    d6:49:52:4e:63:1f:7e:c1:70:fe:d1:eb:fd:50:93:
                    27:2a:5a:20:13:70:04:16:bb:f2:fe:a4:66:85:a1:
                    66:82:2c:7e:bd:73:93:70:03:d9:11:c7:a4:f1:bb:
                    97:0b:85:4e:9d:24:84:4e:5f:1e:77:08:32:e9:a4:
                    62:71:30:be:05:da:ab:77:8a:7a:26:a9:94:a0:c5:
                    eb:e6:0f:97:d9:1c:5d:aa:fd:32:64:c4:ed:0b:20:
                    44:f6:7b:8a:88:68:0a:ac:11:4a:98:7c:21:1d:58:
                    b6:bd:12:f1:ae:93:ef:23:df:1a:3b:9f:2c:a0:05:
                    dc:68:f9:84:fe:a2:4f:c1:41:ae:67:0a:b3:9f:d7:
                    b6:93:f0:61:ce:f3:76:d2:27:66:2e:38:08:ff:d1:
                    a6:58:c4:9d:a5:03:16:8c:94:4f:29:48:5d:dd:d2:
                    f5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:79:2E:7B:86:B0:29:A2:FB:07:4F:C0:9A:00:95:21:8A:C5:3F:90
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/76be135c-c3fd-4740-a285-e29ec8f240cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:3f:2b:03:86:3b:b2:ee:d6:f4:ae:a5:d9:7c:ea:ab:79:91:
         f2:1d:7f:1b:98:82:db:89:60:a0:cc:c2:e5:f8:26:2a:48:24:
         c9:2b:b6:b3:94:68:95:de:ed:73:61:76:55:94:6c:0a:ea:f5:
         c6:62:11:cf:6f:ec:43:63:18:55:05:51:6a:64:c8:61:da:83:
         b9:5b:42:84:4f:d9:ad:e1:07:c1:7d:bf:cd:91:b9:a8:e6:1b:
         ec:85:71:c0:f4:00:8a:22:bd:b6:02:58:5c:c5:c4:82:94:37:
         4a:10:31:c5:f5:3d:ff:f9:65:9a:85:94:74:62:fe:1a:42:df:
         03:58:62:63:44:11:90:b4:d9:03:85:fc:9a:d7:99:53:ae:7d:
         4f:ff:12:8f:16:a5:00:5f:d3:df:06:0f:d4:bd:19:d6:78:78:
         4f:1c:7f:90:93:3f:64:f8:c3:ff:42:f3:34:b4:f9:df:50:21:
         09:08:6f:ba:7d:60:cb:e1:4d:5c:e2:f2:1f:ff:e8:80:a3:b6:
         c0:b9:19:06:c9:65:dd:8a:34:96:cc:be:ae:57:61:ba:3e:3b:
         aa:52:59:ea:f5:9a:de:a0:f5:71:7c:c9:87:b2:8d:9e:ca:98:
         2d:50:a5:0e:13:61:fc:cc:bf:c1:67:f2:94:8f:9b:c4:52:3c:
         6b:ec:70:5c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUISLcSTXrkgXcv+0jsuOM8NEubs4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzEwMDAwMDAwWhcNMjMwODE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTkzYzY0MjJhMTcxMGQ0OGRlNDBkNGVjZGI2NmQ2NTZk
Njg4ZWY1ZGMxNTA5YzkyMTYyM2RlY2RlMzRiNWY5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCafzYLmPlYMXdavE9GDUVwycGcG/nX1u5g3Y1JeTlnO4Np
ByHO0V3bLOS/5TgC+bG3yaNFLeWySrBE9GYwdNvEUgjrhsKquCs7Wc3vInXxZf88
0BEYyux1r9ZJUk5jH37BcP7R6/1QkycqWiATcAQWu/L+pGaFoWaCLH69c5NwA9kR
x6Txu5cLhU6dJIROXx53CDLppGJxML4F2qt3inomqZSgxevmD5fZHF2q/TJkxO0L
IET2e4qIaAqsEUqYfCEdWLa9EvGuk+8j3xo7nyygBdxo+YT+ok/BQa5nCrOf17aT
8GHO83bSJ2YuOAj/0aZYxJ2lAxaMlE8pSF3d0vW/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQHkue4awKaL7B0/AmgCVIYrFP5AwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc2YmUxMzVjLWMzZmQtNDc0MC1hMjg1LWUyOWVjOGYyNDBjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIY/KwOGO7Lu1vSupdl86qt5kfId
fxuYgtuJYKDMwuX4JipIJMkrtrOUaJXe7XNhdlWUbArq9cZiEc9v7ENjGFUFUWpk
yGHag7lbQoRP2a3hB8F9v82RuajmG+yFccD0AIoivbYCWFzFxIKUN0oQMcX1Pf/5
ZZqFlHRi/hpC3wNYYmNEEZC02QOF/JrXmVOufU//Eo8WpQBf098GD9S9GdZ4eE8c
f5CTP2T4w/9C8zS0+d9QIQkIb7p9YMvhTVzi8h//6ICjtsC5GQbJZd2KNJbMvq5X
Ybo+O6pSWer1mt6g9XF8yYeyjZ7KmC1QpQ4TYfzMv8Fn8pSPm8RSPGvscFw=
-----END CERTIFICATE-----