Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dde7979-77e1-47e6-b716-f940a7809260.roa
File:                     7dde7979-77e1-47e6-b716-f940a7809260.roa (raw, json)
Hash identifier:          hLjJA04mwMEGmxj6ou3ZFUna0YPZdiA2GlXzIgkN7Zg=
Subject key identifier:   28:60:73:8D:42:D0:94:4E:F5:C2:45:4A:04:27:0D:6E:B5:73:A4:09
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       461CF355C26C3A85CCC75A396D9DA6012CCF3AE4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dde7979-77e1-47e6-b716-f940a7809260.roa
Signing time:             Mon 07 Aug 2023 00:00:00 +0000
ROA not before:           Mon 07 Aug 2023 00:00:00 +0000
ROA not after:            Mon 11 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:1c:f3:55:c2:6c:3a:85:cc:c7:5a:39:6d:9d:a6:01:2c:cf:3a:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  7 00:00:00 2023 GMT
            Not After : Sep 11 23:59:59 2023 GMT
        Subject: serialNumber=d813f5b14c0a766c847fe65bd47d166d2e5912e4db7ee56f9cba38350fceac30, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b7:64:14:69:bc:ce:78:62:68:19:8c:eb:24:
                    93:0e:38:85:cd:2c:38:a7:b3:80:6e:72:6b:29:f5:
                    f5:29:72:d9:f2:67:72:ec:51:67:7f:31:9d:6a:b1:
                    79:25:2c:26:2a:07:d0:41:cb:89:c0:2b:65:5a:ce:
                    d8:19:35:93:88:c4:a3:58:54:30:0a:be:f2:41:74:
                    75:9e:a3:a8:06:4b:5d:1d:28:3a:75:59:52:99:e1:
                    b4:2c:82:19:cb:92:db:66:2f:2a:4d:55:28:a9:fa:
                    31:6d:24:fd:66:a1:1b:4d:a4:55:c4:f9:fe:93:f6:
                    a1:74:62:21:81:15:ec:fa:3d:52:33:de:fc:3c:f2:
                    0f:04:54:e5:d6:bb:99:1a:31:9f:14:40:17:1e:55:
                    05:fc:7e:04:1a:3d:10:d1:5e:91:2f:90:34:9a:c0:
                    4c:d7:36:a7:ab:d9:2e:c8:27:03:d8:39:a3:ef:a5:
                    75:5f:b0:1d:e0:27:d8:52:d1:40:49:23:64:6d:c4:
                    b3:4e:7a:98:ad:fe:b6:29:a5:2e:0b:68:a6:2e:09:
                    87:d9:15:62:77:01:f1:62:c1:0e:76:f5:d6:33:b6:
                    36:df:a7:b0:37:31:9a:97:f5:fb:48:da:11:4b:2a:
                    f7:ac:98:b4:20:67:75:c2:da:ef:e8:cf:ba:f6:25:
                    4a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:60:73:8D:42:D0:94:4E:F5:C2:45:4A:04:27:0D:6E:B5:73:A4:09
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dde7979-77e1-47e6-b716-f940a7809260.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:34:b6:ff:b6:27:78:d6:e3:73:4a:f5:33:62:c8:f1:7a:67:
         19:d4:76:47:49:6a:f0:b2:4d:2a:66:e1:9d:e3:ff:aa:eb:a1:
         63:c0:ca:cd:f1:93:cc:4c:4f:62:5c:e8:87:84:a1:63:cb:18:
         53:75:11:3e:00:76:2d:5f:54:e4:4e:40:92:a2:c6:0a:48:ea:
         d9:ea:6d:3d:8d:b7:8d:2a:cc:2a:89:1e:8f:08:53:d3:c9:56:
         45:fa:44:e3:f1:bf:8f:f7:e0:87:1b:f0:35:e7:d9:24:98:71:
         aa:1f:34:d1:f6:a7:b3:69:02:f0:f9:79:f5:ed:12:a6:25:56:
         9c:6a:af:88:63:20:84:eb:50:19:ed:0c:69:aa:3a:60:1d:03:
         a2:1b:47:f0:58:39:6e:86:82:4d:68:31:0c:62:62:cf:92:8e:
         e3:0a:43:40:56:5a:8a:41:d5:d4:37:97:df:10:42:db:c8:96:
         e2:21:2b:6a:ae:e9:a8:e6:b7:31:45:3c:63:8f:bb:f7:1b:a4:
         2f:ed:f2:1f:3b:fe:06:d8:48:10:56:9d:08:92:ae:25:fa:f2:
         62:57:b4:38:56:3e:33:31:e6:7f:d9:94:cd:e5:9b:7c:7f:bf:
         28:e0:19:83:74:f5:6e:53:64:7b:6b:0f:04:4b:e6:9f:5e:3b:
         d4:28:9b:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURhzzVcJsOoXMx1o5bZ2mASzPOuQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODA3MDAwMDAwWhcNMjMwOTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BkODEzZjViMTRjMGE3NjZjODQ3ZmU2NWJkNDdkMTY2ZDJl
NTkxMmU0ZGI3ZWU1NmY5Y2JhMzgzNTBmY2VhYzMwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDet2QUabzOeGJoGYzrJJMOOIXNLDins4Bucmsp9fUpctny
Z3LsUWd/MZ1qsXklLCYqB9BBy4nAK2VaztgZNZOIxKNYVDAKvvJBdHWeo6gGS10d
KDp1WVKZ4bQsghnLkttmLypNVSip+jFtJP1moRtNpFXE+f6T9qF0YiGBFez6PVIz
3vw88g8EVOXWu5kaMZ8UQBceVQX8fgQaPRDRXpEvkDSawEzXNqer2S7IJwPYOaPv
pXVfsB3gJ9hS0UBJI2RtxLNOepit/rYppS4LaKYuCYfZFWJ3AfFiwQ529dYztjbf
p7A3MZqX9ftI2hFLKvesmLQgZ3XC2u/oz7r2JUqpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKGBzjULQlE71wkVKBCcNbrVzpAkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdkZGU3OTc5LTc3ZTEtNDdlNi1iNzE2LWY5NDBhNzgwOTI2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKs0tv+2J3jW43NK9TNiyPF6ZxnU
dkdJavCyTSpm4Z3j/6rroWPAys3xk8xMT2Jc6IeEoWPLGFN1ET4Adi1fVOROQJKi
xgpI6tnqbT2Nt40qzCqJHo8IU9PJVkX6ROPxv4/34Icb8DXn2SSYcaofNNH2p7Np
AvD5efXtEqYlVpxqr4hjIITrUBntDGmqOmAdA6IbR/BYOW6Ggk1oMQxiYs+SjuMK
Q0BWWopB1dQ3l98QQtvIluIhK2qu6ajmtzFFPGOPu/cbpC/t8h87/gbYSBBWnQiS
riX68mJXtDhWPjMx5n/ZlM3lm3x/vyjgGYN09W5TZHtrDwRL5p9eO9QomyI=
-----END CERTIFICATE-----