Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/90e2a8d6-607e-49dd-9e92-fdd8696bc99b.roa
File:                     90e2a8d6-607e-49dd-9e92-fdd8696bc99b.roa (raw, json)
Hash identifier:          7RbpMc/2AkhCH+YMlwDSUrGEwpCPTz5GqRId5f47eSc=
Subject key identifier:   49:36:24:0B:11:30:FD:52:EA:F3:E7:78:DB:D2:D4:4D:38:8E:6E:27
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       112F99DD7BF08554821994A3EB0D8552171B09F7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/90e2a8d6-607e-49dd-9e92-fdd8696bc99b.roa
Signing time:             Sat 22 Jul 2023 00:00:00 +0000
ROA not before:           Sat 22 Jul 2023 00:00:00 +0000
ROA not after:            Sat 26 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:2f:99:dd:7b:f0:85:54:82:19:94:a3:eb:0d:85:52:17:1b:09:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 22 00:00:00 2023 GMT
            Not After : Aug 26 23:59:59 2023 GMT
        Subject: serialNumber=7116f32726ce8da0b28b0d1e8e9af5564dbb9c0831a587091cbfa3be45f9b2cb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fb:92:46:ef:0f:b1:50:d1:97:28:c3:ed:60:
                    80:ad:31:6a:03:7d:bd:78:69:80:1c:66:3f:ab:9f:
                    7a:0b:1f:95:3f:28:19:99:23:e5:64:e0:1a:a2:a4:
                    39:43:f4:c0:36:40:87:ad:4f:36:15:8b:a2:3f:c0:
                    15:5c:c4:7a:c7:ea:52:79:29:65:82:36:af:fd:77:
                    3c:bf:77:16:f4:fd:23:0a:60:10:c2:98:cb:ca:30:
                    10:93:e6:5b:10:41:df:8a:e7:c4:f9:32:f8:07:63:
                    6c:11:63:0a:b1:d6:d3:76:c3:bb:8b:32:a6:32:48:
                    ae:10:fd:ff:0b:12:9d:6a:7e:8b:c1:c3:95:c5:f6:
                    1f:50:eb:b2:44:2d:71:24:78:2a:4d:80:08:22:6d:
                    77:a4:41:72:c6:3e:e3:8c:67:a3:5d:ab:08:ed:f5:
                    19:34:8f:22:ed:56:d0:02:54:6d:7e:60:19:6f:b7:
                    25:34:cb:42:78:c7:2f:78:3c:b8:d6:4a:b6:d4:8f:
                    fc:ad:9c:9f:84:5e:44:e8:32:8f:d0:fc:ac:6d:35:
                    a3:d0:8b:03:d7:05:9b:80:62:cd:bf:af:a7:40:0d:
                    80:7d:43:95:fd:bc:21:7f:57:d2:dd:c3:3e:f0:87:
                    31:86:4c:f9:97:cb:32:82:fa:54:97:51:c6:9b:3b:
                    ea:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:36:24:0B:11:30:FD:52:EA:F3:E7:78:DB:D2:D4:4D:38:8E:6E:27
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/90e2a8d6-607e-49dd-9e92-fdd8696bc99b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:c1:a2:d8:3f:0c:1c:5a:22:c4:18:c1:72:97:a4:f8:bd:93:
         28:5a:54:a5:56:c5:f3:11:52:fe:da:7a:67:8c:1a:40:51:f1:
         7c:58:de:ad:3c:03:9b:07:75:70:9a:ca:1d:50:0a:dc:20:34:
         ac:ce:d4:4d:8c:a1:e3:2d:99:9d:d5:16:2f:29:cf:a6:84:82:
         82:5f:e4:fb:7c:4a:5c:b0:8a:29:d9:fe:69:93:f6:d1:16:2e:
         d4:bf:48:bd:16:43:59:0d:31:a7:f1:28:b3:ad:a6:66:37:d5:
         3a:d2:90:ee:0b:a7:54:3f:69:f3:1f:28:df:59:e6:33:96:bb:
         2f:b2:c5:78:a6:9e:bb:e1:38:dc:f1:77:86:1d:4d:c8:b1:55:
         f0:89:f4:02:03:88:11:0f:5c:fa:a4:3f:c7:e7:36:77:38:8d:
         7c:4d:17:35:c9:5b:7d:d5:7b:24:cb:20:9f:ae:56:d6:97:e2:
         62:12:9b:5c:a0:da:32:c6:7e:f8:b5:f8:de:08:c3:5c:9a:9e:
         45:a2:fb:55:cf:48:1f:03:65:dc:4c:a9:8e:15:d1:2b:ac:ba:
         c4:f2:9a:ed:59:6c:57:4f:85:65:f9:90:42:06:48:82:37:cc:
         fc:c5:9c:f1:2b:30:5b:aa:34:c1:d0:f7:df:3a:bc:72:8e:b6:
         32:d5:b3:3a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUES+Z3XvwhVSCGZSj6w2FUhcbCfcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzIyMDAwMDAwWhcNMjMwODI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MTE2ZjMyNzI2Y2U4ZGEwYjI4YjBkMWU4ZTlhZjU1NjRk
YmI5YzA4MzFhNTg3MDkxY2JmYTNiZTQ1ZjliMmNiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCt+5JG7w+xUNGXKMPtYICtMWoDfb14aYAcZj+rn3oLH5U/
KBmZI+Vk4BqipDlD9MA2QIetTzYVi6I/wBVcxHrH6lJ5KWWCNq/9dzy/dxb0/SMK
YBDCmMvKMBCT5lsQQd+K58T5MvgHY2wRYwqx1tN2w7uLMqYySK4Q/f8LEp1qfovB
w5XF9h9Q67JELXEkeCpNgAgibXekQXLGPuOMZ6Ndqwjt9Rk0jyLtVtACVG1+YBlv
tyU0y0J4xy94PLjWSrbUj/ytnJ+EXkToMo/Q/KxtNaPQiwPXBZuAYs2/r6dADYB9
Q5X9vCF/V9Ldwz7whzGGTPmXyzKC+lSXUcabO+pTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSTYkCxEw/VLq8+d429LUTTiObicwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzkwZTJhOGQ2LTYwN2UtNDlkZC05ZTkyLWZkZDg2OTZiYzk5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALLBotg/DBxaIsQYwXKXpPi9kyha
VKVWxfMRUv7aemeMGkBR8XxY3q08A5sHdXCayh1QCtwgNKzO1E2MoeMtmZ3VFi8p
z6aEgoJf5Pt8SlywiinZ/mmT9tEWLtS/SL0WQ1kNMafxKLOtpmY31TrSkO4Lp1Q/
afMfKN9Z5jOWuy+yxXimnrvhONzxd4YdTcixVfCJ9AIDiBEPXPqkP8fnNnc4jXxN
FzXJW33VeyTLIJ+uVtaX4mISm1yg2jLGfvi1+N4Iw1yankWi+1XPSB8DZdxMqY4V
0SususTymu1ZbFdPhWX5kEIGSII3zPzFnPErMFuqNMHQ9986vHKOtjLVszo=
-----END CERTIFICATE-----