Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7cb9bdf7-faca-4996-b8b0-4d2af7feb460.roa
File:                     7cb9bdf7-faca-4996-b8b0-4d2af7feb460.roa (raw, json)
Hash identifier:          4C7zNZBPECxccT5xfzhG9k+D4z0acAHHTdRmWC9oTGE=
Subject key identifier:   AC:2C:C2:3B:85:A9:26:01:5E:5B:F3:06:06:80:13:DC:02:54:E7:5E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0D34A2EFF4CDCA79328D5AF310E52171C45A60E3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7cb9bdf7-faca-4996-b8b0-4d2af7feb460.roa
Signing time:             Fri 28 Jul 2023 00:00:00 +0000
ROA not before:           Fri 28 Jul 2023 00:00:00 +0000
ROA not after:            Fri 01 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:34:a2:ef:f4:cd:ca:79:32:8d:5a:f3:10:e5:21:71:c4:5a:60:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 28 00:00:00 2023 GMT
            Not After : Sep  1 23:59:59 2023 GMT
        Subject: serialNumber=57e3d30d8ec88778100150eea277099998806bc2a2813738974d80a0abe982b8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a1:86:87:d8:29:1f:53:aa:7f:bb:d0:24:01:
                    5b:6b:01:02:a2:8f:e8:26:10:7f:f3:ac:cb:95:b3:
                    63:c7:e4:97:af:5a:40:bb:dd:16:87:16:b7:94:54:
                    3e:34:67:47:b7:e0:86:db:bd:61:bf:42:3d:1c:16:
                    6e:8e:03:87:a2:24:31:68:57:9f:99:c4:ac:c6:6b:
                    63:0b:89:4d:60:8a:d1:b3:6f:53:9e:ef:2a:91:20:
                    d7:ca:48:09:f3:8f:f5:02:c0:54:a7:6c:9a:ae:d4:
                    1c:c5:7f:14:73:d4:f8:85:52:80:24:bc:80:6a:d6:
                    1c:cb:38:cc:7e:7b:e2:f3:38:29:84:f2:17:11:f2:
                    b2:59:ce:32:44:b1:4b:98:4b:36:74:3b:38:52:34:
                    1b:4c:94:cd:9a:fc:3e:d9:bb:69:2b:bd:95:fc:d1:
                    46:4e:56:66:0d:d3:cc:eb:d5:14:6d:5c:1e:e2:59:
                    08:b4:db:4e:f1:4f:ce:ff:a4:42:94:aa:a9:52:0b:
                    05:f5:00:89:e0:3f:cf:8a:08:fc:83:92:9a:a0:7e:
                    58:28:21:61:ba:00:67:64:40:28:79:c5:1e:b9:01:
                    bc:62:8f:7f:71:dd:b6:ce:59:be:ef:14:0d:ec:b0:
                    5a:f8:c4:9a:77:af:46:b2:c1:88:94:c9:d3:a0:f7:
                    f4:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:2C:C2:3B:85:A9:26:01:5E:5B:F3:06:06:80:13:DC:02:54:E7:5E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7cb9bdf7-faca-4996-b8b0-4d2af7feb460.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:fe:e8:fb:45:23:49:d7:bf:0d:a2:71:f3:bc:ab:6c:39:8c:
         31:ee:c0:47:bb:8f:48:30:b4:e9:94:2c:b1:89:09:a4:7e:90:
         8d:3f:77:bc:83:7c:86:99:a4:47:81:e7:10:02:e6:c6:56:3c:
         5f:d5:f9:fb:dd:b2:c2:3e:a7:21:5c:5f:a9:38:a2:89:79:8f:
         76:49:3a:7b:6b:c2:4b:a4:c3:18:6e:db:35:30:86:7d:6c:c3:
         0b:3d:73:33:12:81:ed:3b:80:2e:47:3e:4f:03:05:8c:69:12:
         0f:98:6b:aa:f7:cf:ac:d9:ff:96:87:f0:61:22:8b:e6:b9:85:
         ea:73:61:1f:7f:da:f2:b3:5f:e8:f5:59:eb:af:be:e5:a5:84:
         fb:e3:91:48:7c:b0:fc:aa:70:6d:6d:be:0f:21:7c:f7:3b:54:
         a5:ab:ac:7b:f9:55:31:db:a4:c7:7a:1e:44:1c:e6:0f:60:f1:
         0c:ed:48:90:95:1c:5f:da:a5:02:89:41:34:81:1e:54:12:d7:
         da:31:0b:31:ca:9a:99:e8:ea:94:c4:10:90:89:7c:8e:93:4e:
         80:87:79:c6:25:dc:4a:79:e9:01:08:e5:76:29:94:46:78:fc:
         fb:6a:67:63:a4:db:27:fb:73:12:6c:ff:14:53:5d:c9:4c:17:
         9a:0b:a6:d2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDTSi7/TNynkyjVrzEOUhccRaYOMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzI4MDAwMDAwWhcNMjMwOTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1N2UzZDMwZDhlYzg4Nzc4MTAwMTUwZWVhMjc3MDk5OTk4
ODA2YmMyYTI4MTM3Mzg5NzRkODBhMGFiZTk4MmI4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyoYaH2CkfU6p/u9AkAVtrAQKij+gmEH/zrMuVs2PH5Jev
WkC73RaHFreUVD40Z0e34IbbvWG/Qj0cFm6OA4eiJDFoV5+ZxKzGa2MLiU1gitGz
b1Oe7yqRINfKSAnzj/UCwFSnbJqu1BzFfxRz1PiFUoAkvIBq1hzLOMx+e+LzOCmE
8hcR8rJZzjJEsUuYSzZ0OzhSNBtMlM2a/D7Zu2krvZX80UZOVmYN08zr1RRtXB7i
WQi0207xT87/pEKUqqlSCwX1AIngP8+KCPyDkpqgflgoIWG6AGdkQCh5xR65Abxi
j39x3bbOWb7vFA3ssFr4xJp3r0aywYiUydOg9/TJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrCzCO4WpJgFeW/MGBoAT3AJU514wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdjYjliZGY3LWZhY2EtNDk5Ni1iOGIwLTRkMmFmN2ZlYjQ2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABn+6PtFI0nXvw2icfO8q2w5jDHu
wEe7j0gwtOmULLGJCaR+kI0/d7yDfIaZpEeB5xAC5sZWPF/V+fvdssI+pyFcX6k4
ool5j3ZJOntrwkukwxhu2zUwhn1swws9czMSge07gC5HPk8DBYxpEg+Ya6r3z6zZ
/5aH8GEii+a5hepzYR9/2vKzX+j1WeuvvuWlhPvjkUh8sPyqcG1tvg8hfPc7VKWr
rHv5VTHbpMd6HkQc5g9g8QztSJCVHF/apQKJQTSBHlQS19oxCzHKmpno6pTEEJCJ
fI6TToCHecYl3Ep56QEI5XYplEZ4/PtqZ2Ok2yf7cxJs/xRTXclMF5oLptI=
-----END CERTIFICATE-----