Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7f9d66a0-0df9-482e-a11d-f38bf805207a.roa
File:                     7f9d66a0-0df9-482e-a11d-f38bf805207a.roa (raw, json)
Hash identifier:          fRl9loLPKzT2t2/3iD+QlcE1MFQ6vs2LWnU/p1J7zB4=
Subject key identifier:   2E:FC:28:A8:A6:BC:8F:F4:25:65:96:CF:71:42:84:9D:C5:44:48:03
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       47B412DFAEAF3E4A23F1593A50027342476D110A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7f9d66a0-0df9-482e-a11d-f38bf805207a.roa
Signing time:             Thu 22 Jun 2023 00:00:00 +0000
ROA not before:           Thu 22 Jun 2023 00:00:00 +0000
ROA not after:            Thu 27 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:b4:12:df:ae:af:3e:4a:23:f1:59:3a:50:02:73:42:47:6d:11:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 22 00:00:00 2023 GMT
            Not After : Jul 27 23:59:59 2023 GMT
        Subject: serialNumber=a2e32b4a8d16c4d462c32404e43d12df5eba008a9428abda1cb369979096f9f0, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e8:89:07:1c:db:4d:d0:c0:d5:9e:3c:95:fb:
                    d9:d5:69:68:12:92:03:01:c2:50:2b:83:bd:3e:37:
                    f0:14:90:d0:df:3e:7f:db:04:ae:3a:38:f9:84:bc:
                    0e:70:0b:b5:23:61:ee:02:2e:d9:d6:a2:ea:89:10:
                    9f:6c:8f:9b:dd:6c:7f:de:29:53:b1:ea:18:c4:fd:
                    2c:7b:d5:b2:d4:17:94:f2:2b:a2:45:32:13:d2:d2:
                    5b:3f:4b:3a:8e:4b:c4:be:cd:81:60:ab:3f:65:53:
                    fd:66:4e:15:81:7e:87:b3:48:21:e2:d8:81:15:a2:
                    5c:39:29:60:81:ef:89:30:10:97:49:cc:d5:61:9d:
                    5a:f7:32:e5:b8:a9:18:1b:77:70:66:17:b4:db:95:
                    b9:67:b2:ea:50:3c:69:f2:14:e3:0b:fc:87:62:89:
                    e4:36:07:02:5f:28:80:ab:2a:5e:7f:57:b6:16:4e:
                    84:d0:57:91:1c:fa:cd:d6:18:85:78:77:d0:67:2a:
                    9d:a9:1c:78:c3:84:82:8d:f3:db:b8:a4:4d:cb:72:
                    9e:a1:86:5e:2d:37:e7:ab:8c:e4:38:df:8b:d4:ca:
                    1d:62:73:62:fd:b9:66:92:29:00:5c:18:0a:59:8e:
                    77:8b:13:7a:9e:a8:9e:25:14:d8:cf:85:36:1f:36:
                    3d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:FC:28:A8:A6:BC:8F:F4:25:65:96:CF:71:42:84:9D:C5:44:48:03
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7f9d66a0-0df9-482e-a11d-f38bf805207a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:68:66:d9:04:aa:63:62:5f:ea:4c:88:c3:76:0e:8f:0a:08:
         14:54:c3:60:81:9d:50:51:59:86:3d:83:ff:77:98:f6:22:a9:
         20:5e:76:1c:15:f3:ec:e4:a3:70:2f:06:43:f9:aa:ba:3b:15:
         86:2d:9d:a0:a1:6f:23:3b:11:6b:91:c7:81:d4:f4:77:33:de:
         09:b9:9c:b7:3a:6f:b2:e3:d1:aa:6a:21:e6:c7:0d:d2:08:1a:
         db:c9:a5:52:9d:9c:33:39:bd:10:97:a3:64:e0:a5:52:c1:ef:
         56:ff:15:07:40:a3:ac:f2:61:87:28:77:21:09:24:d3:7a:12:
         1c:4d:85:76:9e:8b:03:1d:0f:3c:bf:b5:2d:32:65:56:06:1e:
         c8:81:94:65:8f:f9:27:f1:53:fe:76:42:0b:65:bf:7a:6a:a8:
         83:2c:0e:bb:db:06:70:7f:34:50:d8:6f:fc:00:e7:80:d5:6e:
         c3:d5:e8:8c:38:a1:35:70:a4:12:b2:a0:da:d6:ab:6d:06:28:
         cf:38:b0:cb:1d:8e:ad:30:b7:99:0d:a7:30:1c:6c:17:fa:74:
         5e:f5:c4:9a:48:e5:16:b1:4f:a8:cb:4e:69:09:0a:a4:d6:19:
         35:4b:1d:c8:f0:98:d8:a9:5f:f9:34:d4:c8:e2:eb:30:44:e9:
         49:52:21:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR7QS366vPkoj8Vk6UAJzQkdtEQowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjIyMDAwMDAwWhcNMjMwNzI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMmUzMmI0YThkMTZjNGQ0NjJjMzI0MDRlNDNkMTJkZjVl
YmEwMDhhOTQyOGFiZGExY2IzNjk5NzkwOTZmOWYwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz6IkHHNtN0MDVnjyV+9nVaWgSkgMBwlArg70+N/AUkNDf
Pn/bBK46OPmEvA5wC7UjYe4CLtnWouqJEJ9sj5vdbH/eKVOx6hjE/Sx71bLUF5Ty
K6JFMhPS0ls/SzqOS8S+zYFgqz9lU/1mThWBfoezSCHi2IEVolw5KWCB74kwEJdJ
zNVhnVr3MuW4qRgbd3BmF7TblblnsupQPGnyFOML/IdiieQ2BwJfKICrKl5/V7YW
ToTQV5Ec+s3WGIV4d9BnKp2pHHjDhIKN89u4pE3Lcp6hhl4tN+erjOQ434vUyh1i
c2L9uWaSKQBcGApZjneLE3qeqJ4lFNjPhTYfNj3bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULvwoqKa8j/QlZZbPcUKEncVESAMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdmOWQ2NmEwLTBkZjktNDgyZS1hMTFkLWYzOGJmODA1MjA3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABhoZtkEqmNiX+pMiMN2Do8KCBRU
w2CBnVBRWYY9g/93mPYiqSBedhwV8+zko3AvBkP5qro7FYYtnaChbyM7EWuRx4HU
9Hcz3gm5nLc6b7Lj0apqIebHDdIIGtvJpVKdnDM5vRCXo2TgpVLB71b/FQdAo6zy
YYcodyEJJNN6EhxNhXaeiwMdDzy/tS0yZVYGHsiBlGWP+SfxU/52Qgtlv3pqqIMs
DrvbBnB/NFDYb/wA54DVbsPV6Iw4oTVwpBKyoNrWq20GKM84sMsdjq0wt5kNpzAc
bBf6dF71xJpI5RaxT6jLTmkJCqTWGTVLHcjwmNipX/k01Mji6zBE6UlSIWo=
-----END CERTIFICATE-----