Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/804d684c-77eb-4117-99be-112513b8fbac.roa
File:                     804d684c-77eb-4117-99be-112513b8fbac.roa (raw, json)
Hash identifier:          f2W/pY70Vbjqqb9rnnUiXIMWtOZ8vYtg6c6WLUEKUwY=
Subject key identifier:   AA:3B:89:DC:B8:D9:46:BB:62:DF:BF:74:BE:0E:9A:74:6D:EE:3A:5C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       78A434F98DE1AF70C0B2ED7835C42DA091192593
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/804d684c-77eb-4117-99be-112513b8fbac.roa
Signing time:             Thu 10 Aug 2023 00:00:00 +0000
ROA not before:           Thu 10 Aug 2023 00:00:00 +0000
ROA not after:            Thu 14 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:a4:34:f9:8d:e1:af:70:c0:b2:ed:78:35:c4:2d:a0:91:19:25:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 10 00:00:00 2023 GMT
            Not After : Sep 14 23:59:59 2023 GMT
        Subject: serialNumber=855a1cb47a9574f2527e2e5ce2c527ce802abe8884c4fb312bc1ac63ff21b52e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:80:7b:05:01:fd:90:92:5d:aa:ad:04:f8:c1:
                    ed:c4:04:8a:5b:cc:ba:94:ca:72:51:ab:31:3f:04:
                    eb:bd:6e:9a:49:74:f1:1d:82:63:9d:d5:9e:2f:b3:
                    52:b5:24:ab:3c:f1:3f:ce:20:92:0c:13:bd:d1:8e:
                    aa:2b:b5:35:a6:ee:ad:68:2e:3f:cc:71:f9:3f:cc:
                    53:ce:1f:e0:7b:d3:7f:00:94:6b:2c:af:6f:4a:d1:
                    83:43:0c:90:48:42:fd:ee:57:c0:43:34:42:22:91:
                    b6:24:fc:0b:8c:b8:5a:98:07:29:02:84:f2:bf:36:
                    58:d1:fa:74:39:50:8e:af:57:27:0c:f6:9b:1f:80:
                    7a:a4:c8:02:d3:aa:1d:6c:d9:d3:05:20:67:ad:72:
                    42:62:ec:de:3a:95:ea:0c:01:e8:dd:bf:cc:86:72:
                    2e:e0:e7:87:28:72:97:63:08:d4:09:9e:88:ec:67:
                    b2:e1:ef:99:9f:5a:65:4f:1c:cb:a0:b7:c8:6e:b8:
                    79:f5:3f:6f:a9:8b:85:26:60:08:74:3f:07:29:14:
                    d9:3d:23:07:c4:90:be:1c:45:e1:6e:26:92:47:ab:
                    4d:25:9e:07:cf:1a:67:db:73:a4:d1:b9:76:6c:73:
                    e9:d6:ad:20:b1:12:6b:db:fa:73:3c:e3:e9:c6:0c:
                    ac:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:3B:89:DC:B8:D9:46:BB:62:DF:BF:74:BE:0E:9A:74:6D:EE:3A:5C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/804d684c-77eb-4117-99be-112513b8fbac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:96:99:1b:15:f2:cc:f4:54:b9:7d:62:a1:f4:2a:f1:71:15:
         f0:9a:e8:13:8a:05:43:8e:b1:43:87:9a:bc:2c:24:68:17:09:
         ff:50:60:20:66:ea:5e:d0:a7:b6:44:25:19:1f:e6:6d:82:f4:
         97:df:ac:79:a2:9b:3f:37:d7:68:de:7c:e9:14:da:38:71:79:
         40:59:f9:42:d8:dc:07:8b:bd:23:fa:ee:c3:21:70:ee:71:5c:
         80:7e:6a:3f:dd:63:09:26:a8:9a:d1:a3:ba:a9:6b:ac:5c:92:
         7e:d1:3c:d6:b6:7d:bd:f2:dd:5c:28:4a:f1:e0:75:97:d0:10:
         01:d2:89:1c:6b:13:ad:69:23:be:77:35:c7:52:50:d5:cd:0f:
         ed:60:1c:47:23:e6:62:d0:44:f2:34:5c:a0:2d:4d:7a:fe:30:
         cb:71:0b:7b:d7:4f:71:74:36:23:c6:45:7d:21:0b:25:60:a2:
         ff:bc:88:9c:0a:49:f5:7a:ea:34:ee:4b:22:d9:55:68:17:1f:
         5f:e8:ef:18:d4:9b:a9:37:f0:ac:c7:d3:e2:f6:29:63:21:c6:
         bb:3b:09:7e:0b:34:0e:21:b9:63:ba:61:80:af:fc:86:c0:76:
         9d:21:20:16:4a:68:54:4f:2a:62:7a:44:a4:99:9f:20:c4:24:
         d9:be:2f:5e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeKQ0+Y3hr3DAsu14NcQtoJEZJZMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODEwMDAwMDAwWhcNMjMwOTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTVhMWNiNDdhOTU3NGYyNTI3ZTJlNWNlMmM1MjdjZTgw
MmFiZTg4ODRjNGZiMzEyYmMxYWM2M2ZmMjFiNTJlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4gHsFAf2Qkl2qrQT4we3EBIpbzLqUynJRqzE/BOu9bppJ
dPEdgmOd1Z4vs1K1JKs88T/OIJIME73RjqortTWm7q1oLj/Mcfk/zFPOH+B7038A
lGssr29K0YNDDJBIQv3uV8BDNEIikbYk/AuMuFqYBykChPK/NljR+nQ5UI6vVycM
9psfgHqkyALTqh1s2dMFIGetckJi7N46leoMAejdv8yGci7g54cocpdjCNQJnojs
Z7Lh75mfWmVPHMugt8huuHn1P2+pi4UmYAh0PwcpFNk9IwfEkL4cReFuJpJHq00l
ngfPGmfbc6TRuXZsc+nWrSCxEmvb+nM84+nGDKxDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqjuJ3LjZRrti3790vg6adG3uOlwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgwNGQ2ODRjLTc3ZWItNDExNy05OWJlLTExMjUxM2I4ZmJhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADuWmRsV8sz0VLl9YqH0KvFxFfCa
6BOKBUOOsUOHmrwsJGgXCf9QYCBm6l7Qp7ZEJRkf5m2C9JffrHmimz8312jefOkU
2jhxeUBZ+ULY3AeLvSP67sMhcO5xXIB+aj/dYwkmqJrRo7qpa6xckn7RPNa2fb3y
3VwoSvHgdZfQEAHSiRxrE61pI753NcdSUNXND+1gHEcj5mLQRPI0XKAtTXr+MMtx
C3vXT3F0NiPGRX0hCyVgov+8iJwKSfV66jTuSyLZVWgXH1/o7xjUm6k38KzH0+L2
KWMhxrs7CX4LNA4huWO6YYCv/IbAdp0hIBZKaFRPKmJ6RKSZnyDEJNm+L14=
-----END CERTIFICATE-----