Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/86d7720d-f658-493d-aa47-7c9f6c45a8cb.roa
File:                     86d7720d-f658-493d-aa47-7c9f6c45a8cb.roa (raw, json)
Hash identifier:          VlGyThf5WXaMdOQb6IsKl9E0YTw4rUfezcJfJ31cn34=
Subject key identifier:   A4:42:12:BA:A5:28:B5:81:B6:33:F2:0B:63:F5:9B:F7:67:9C:AE:3B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5D4105F419117DC8F333080CC8F7B77BA80B169A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/86d7720d-f658-493d-aa47-7c9f6c45a8cb.roa
Signing time:             Wed 12 Jul 2023 00:00:00 +0000
ROA not before:           Wed 12 Jul 2023 00:00:00 +0000
ROA not after:            Wed 16 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:41:05:f4:19:11:7d:c8:f3:33:08:0c:c8:f7:b7:7b:a8:0b:16:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 12 00:00:00 2023 GMT
            Not After : Aug 16 23:59:59 2023 GMT
        Subject: serialNumber=e917c5b2a85eeb8122ef5217caf6653ec9ddf20ec11693b53410b0ab7386fd33, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:37:fb:0c:21:24:ed:76:34:16:d5:12:ef:92:
                    70:d6:66:8e:de:41:97:ca:6b:d2:1f:0d:79:02:43:
                    09:81:5e:ab:83:d8:0c:a9:df:e2:e3:22:82:c0:56:
                    a6:73:86:b9:52:3c:1a:e3:6d:a5:32:11:01:d6:50:
                    2b:15:6d:a0:20:bc:0c:4d:c2:81:a8:f9:35:92:96:
                    04:70:f7:5b:7b:77:f0:91:59:1a:df:ca:d1:0d:d5:
                    1d:22:a4:e8:08:cf:8e:96:4a:5a:5f:f1:c8:1b:4d:
                    58:ed:bb:dc:ef:d8:5c:f6:1b:b4:19:ed:3f:03:75:
                    13:0d:60:87:71:19:5f:12:fd:c4:13:52:15:78:94:
                    a8:30:9d:b5:89:35:c7:7d:a8:21:06:74:7c:da:1e:
                    77:fd:31:3d:17:f3:c0:d9:9b:f4:17:19:2d:95:4e:
                    ec:ec:ad:23:63:e6:1e:90:30:5d:21:c1:fe:52:d9:
                    52:5f:60:a2:28:a0:62:79:2b:3f:47:c8:68:e1:51:
                    54:eb:e6:93:62:c3:1c:10:a5:da:3a:e8:e5:91:41:
                    90:7d:3a:0b:d2:77:4a:e4:5c:7e:ba:63:46:3d:01:
                    72:33:26:bb:08:2b:eb:9f:70:28:11:a7:7f:a9:80:
                    7b:c1:8c:28:25:01:69:7c:a0:66:ba:e9:77:02:b1:
                    52:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:42:12:BA:A5:28:B5:81:B6:33:F2:0B:63:F5:9B:F7:67:9C:AE:3B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/86d7720d-f658-493d-aa47-7c9f6c45a8cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:16:cc:b5:35:53:d5:b8:38:99:6c:4a:ea:bd:b5:a0:fa:1e:
         30:b6:43:4b:4c:af:aa:07:ac:21:c2:08:c5:30:d3:14:8e:a5:
         70:c1:33:b9:41:a8:ef:9c:6e:6c:7f:97:82:fb:c6:1b:1b:be:
         06:22:5d:a4:56:b8:20:bd:43:bc:96:57:c0:3b:e6:5d:77:a6:
         d3:97:e4:28:31:19:af:40:90:14:ad:1a:ed:cc:e2:e4:38:e8:
         99:0c:1b:d3:41:e8:a7:4e:3f:b7:56:8a:7c:88:76:d0:cd:01:
         66:ac:66:2c:a3:3e:d7:b9:43:4b:a1:9f:83:44:9f:33:db:3a:
         dc:2a:09:9c:68:a5:08:ab:be:45:0c:d4:81:d6:7b:0b:95:ff:
         68:bc:3b:5a:16:3f:60:9b:2e:f1:51:88:75:59:88:02:bc:49:
         20:49:47:51:29:89:ba:ff:c3:35:f4:de:66:48:bb:13:0f:d0:
         c6:83:e1:c5:35:97:c1:4a:68:7a:89:79:18:79:61:cd:2a:7c:
         e5:6c:88:66:fa:04:70:27:88:5c:a7:6f:49:6f:45:2d:20:0c:
         eb:7f:06:e7:da:00:b2:c0:c0:30:61:46:cc:bc:1f:fb:a7:62:
         b5:fb:3b:5a:19:a9:11:06:70:8a:1a:d5:c9:80:30:f0:38:4a:
         9f:89:6b:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXUEF9BkRfcjzMwgMyPe3e6gLFpowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzEyMDAwMDAwWhcNMjMwODE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTE3YzViMmE4NWVlYjgxMjJlZjUyMTdjYWY2NjUzZWM5
ZGRmMjBlYzExNjkzYjUzNDEwYjBhYjczODZmZDMzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQN/sMISTtdjQW1RLvknDWZo7eQZfKa9IfDXkCQwmBXquD
2Ayp3+LjIoLAVqZzhrlSPBrjbaUyEQHWUCsVbaAgvAxNwoGo+TWSlgRw91t7d/CR
WRrfytEN1R0ipOgIz46WSlpf8cgbTVjtu9zv2Fz2G7QZ7T8DdRMNYIdxGV8S/cQT
UhV4lKgwnbWJNcd9qCEGdHzaHnf9MT0X88DZm/QXGS2VTuzsrSNj5h6QMF0hwf5S
2VJfYKIooGJ5Kz9HyGjhUVTr5pNiwxwQpdo66OWRQZB9OgvSd0rkXH66Y0Y9AXIz
JrsIK+ufcCgRp3+pgHvBjCglAWl8oGa66XcCsVIDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpEISuqUotYG2M/ILY/Wb92ecrjswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg2ZDc3MjBkLWY2NTgtNDkzZC1hYTQ3LTdjOWY2YzQ1YThjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD4WzLU1U9W4OJlsSuq9taD6HjC2
Q0tMr6oHrCHCCMUw0xSOpXDBM7lBqO+cbmx/l4L7xhsbvgYiXaRWuCC9Q7yWV8A7
5l13ptOX5CgxGa9AkBStGu3M4uQ46JkMG9NB6KdOP7dWinyIdtDNAWasZiyjPte5
Q0uhn4NEnzPbOtwqCZxopQirvkUM1IHWewuV/2i8O1oWP2CbLvFRiHVZiAK8SSBJ
R1Epibr/wzX03mZIuxMP0MaD4cU1l8FKaHqJeRh5Yc0qfOVsiGb6BHAniFynb0lv
RS0gDOt/BufaALLAwDBhRsy8H/unYrX7O1oZqREGcIoa1cmAMPA4Sp+Ja0g=
-----END CERTIFICATE-----