Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/913074e3-1ae0-4a2f-a71a-90195192fdba.roa
File:                     913074e3-1ae0-4a2f-a71a-90195192fdba.roa (raw, json)
Hash identifier:          ZTRllElNDzxrPyaSzYdwRpSaID8ZzByAoC7/gTXJpxk=
Subject key identifier:   70:F8:E4:2E:14:FC:E2:10:B7:AD:8D:56:15:E9:C0:CA:05:60:84:90
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6CA517F1538AC2A3A4DF591FBB64F51479BA4D03
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/913074e3-1ae0-4a2f-a71a-90195192fdba.roa
Signing time:             Fri 11 Aug 2023 00:00:00 +0000
ROA not before:           Fri 11 Aug 2023 00:00:00 +0000
ROA not after:            Fri 15 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:a5:17:f1:53:8a:c2:a3:a4:df:59:1f:bb:64:f5:14:79:ba:4d:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 11 00:00:00 2023 GMT
            Not After : Sep 15 23:59:59 2023 GMT
        Subject: serialNumber=358780eb72e6bcba48d5dae5721bb431fcd5618aea96ecf8bfe66222a090bf02, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ea:63:ad:a7:86:7a:b7:f4:2b:d1:dc:b7:26:
                    f1:85:37:b0:58:a6:c1:be:87:99:50:02:6d:24:9e:
                    ef:7c:60:fd:d7:6f:79:c3:8f:ee:04:ca:4a:bc:f6:
                    39:3e:c9:50:62:53:12:be:26:a0:b5:50:2c:6c:30:
                    06:d3:2f:58:dd:45:d9:e7:ed:9b:5f:4c:3d:96:17:
                    73:4c:3a:80:5c:9b:78:ca:43:96:2e:fa:00:1f:d1:
                    4c:03:a4:eb:f9:2c:bb:0a:51:79:56:26:51:dc:9f:
                    1a:c7:5b:8f:a2:5f:ad:52:08:b4:8e:ef:b6:28:f0:
                    23:b8:51:69:db:55:24:9f:c6:92:c6:98:53:b1:a9:
                    29:84:8b:e4:ef:a9:bc:79:b5:06:f3:92:f1:f1:db:
                    20:3e:dd:48:d9:eb:de:89:c5:68:c8:54:ad:6b:32:
                    c7:0b:b3:c3:dc:1a:82:45:fa:93:6d:74:a6:8c:0e:
                    bd:92:c8:80:58:41:34:8f:ae:4a:bd:8e:54:7e:63:
                    90:6e:ca:0b:ae:86:7a:41:a5:af:b3:32:78:83:27:
                    00:95:3c:b1:eb:3a:50:51:c2:a5:62:09:84:08:cc:
                    78:34:c2:b4:c0:00:7b:dc:2d:0a:71:29:7b:79:92:
                    59:49:ca:2c:76:7c:38:fe:a4:99:5c:34:47:f4:e1:
                    28:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:F8:E4:2E:14:FC:E2:10:B7:AD:8D:56:15:E9:C0:CA:05:60:84:90
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/913074e3-1ae0-4a2f-a71a-90195192fdba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:9a:7a:d8:7b:db:f3:5b:9b:30:af:c2:ad:06:1d:51:83:a7:
         f9:3b:e3:32:74:87:dd:2d:ca:53:c0:c8:ee:56:7c:50:4d:2b:
         e1:68:f6:3b:01:21:89:ea:c0:94:45:f9:c8:00:76:5b:e3:1c:
         e0:32:1f:d8:d3:e8:62:e8:2a:83:22:b1:11:36:a5:25:8e:ca:
         4c:6d:24:8d:d8:9b:e3:c1:d2:16:51:69:3b:fd:00:61:d3:cb:
         88:f8:95:86:51:63:33:b4:53:9d:bb:9f:31:15:e8:9d:c7:a0:
         0f:d8:4a:b8:3a:b8:69:fa:e7:06:67:3c:92:de:25:dc:07:24:
         23:32:c7:dd:eb:0a:f1:01:fd:9a:6d:6d:61:82:e2:b3:6f:b7:
         88:9c:4d:a2:f7:f4:82:9d:fd:a3:52:cd:75:54:78:46:b9:5f:
         6e:6b:11:af:56:7a:00:74:28:2a:a4:eb:e7:c2:3c:13:43:64:
         d9:7b:cd:30:02:53:cb:47:d8:72:9d:a4:a6:d5:ee:74:d9:5d:
         cc:86:03:f5:a1:da:4f:f2:67:71:59:b3:3e:16:23:fc:a6:c3:
         54:b5:8a:91:b2:1f:d4:bb:46:1a:4c:23:a3:a2:56:a2:c7:59:
         54:eb:b9:d3:ae:24:45:01:35:2a:e3:dd:9d:61:79:51:a5:45:
         74:91:5b:a4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbKUX8VOKwqOk31kfu2T1FHm6TQMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODExMDAwMDAwWhcNMjMwOTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNTg3ODBlYjcyZTZiY2JhNDhkNWRhZTU3MjFiYjQzMWZj
ZDU2MThhZWE5NmVjZjhiZmU2NjIyMmEwOTBiZjAyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs6mOtp4Z6t/Qr0dy3JvGFN7BYpsG+h5lQAm0knu98YP3X
b3nDj+4Eykq89jk+yVBiUxK+JqC1UCxsMAbTL1jdRdnn7ZtfTD2WF3NMOoBcm3jK
Q5Yu+gAf0UwDpOv5LLsKUXlWJlHcnxrHW4+iX61SCLSO77Yo8CO4UWnbVSSfxpLG
mFOxqSmEi+Tvqbx5tQbzkvHx2yA+3UjZ696JxWjIVK1rMscLs8PcGoJF+pNtdKaM
Dr2SyIBYQTSPrkq9jlR+Y5BuyguuhnpBpa+zMniDJwCVPLHrOlBRwqViCYQIzHg0
wrTAAHvcLQpxKXt5kllJyix2fDj+pJlcNEf04ShRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcPjkLhT84hC3rY1WFenAygVghJAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzkxMzA3NGUzLTFhZTAtNGEyZi1hNzFhLTkwMTk1MTkyZmRiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACOaeth72/NbmzCvwq0GHVGDp/k7
4zJ0h90tylPAyO5WfFBNK+Fo9jsBIYnqwJRF+cgAdlvjHOAyH9jT6GLoKoMisRE2
pSWOykxtJI3Ym+PB0hZRaTv9AGHTy4j4lYZRYzO0U527nzEV6J3HoA/YSrg6uGn6
5wZnPJLeJdwHJCMyx93rCvEB/ZptbWGC4rNvt4icTaL39IKd/aNSzXVUeEa5X25r
Ea9WegB0KCqk6+fCPBNDZNl7zTACU8tH2HKdpKbV7nTZXcyGA/Wh2k/yZ3FZsz4W
I/ymw1S1ipGyH9S7RhpMI6OiVqLHWVTrudOuJEUBNSrj3Z1heVGlRXSRW6Q=
-----END CERTIFICATE-----