Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9416c6d8-428a-47e0-bb3d-b0676c16abd9.roa
File:                     9416c6d8-428a-47e0-bb3d-b0676c16abd9.roa (raw, json)
Hash identifier:          Gl1z8gPuYqolIYywlZJz3JytAifUP3PuLkTV0w1hKN4=
Subject key identifier:   1A:A9:A2:ED:89:02:86:9E:31:30:3D:61:D2:C3:3F:6F:34:DF:BE:6B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5756E9839C76ABECB3BBB718306F6AC65867972B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9416c6d8-428a-47e0-bb3d-b0676c16abd9.roa
Signing time:             Sat 22 Jul 2023 00:00:00 +0000
ROA not before:           Sat 22 Jul 2023 00:00:00 +0000
ROA not after:            Sat 26 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:56:e9:83:9c:76:ab:ec:b3:bb:b7:18:30:6f:6a:c6:58:67:97:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 22 00:00:00 2023 GMT
            Not After : Aug 26 23:59:59 2023 GMT
        Subject: serialNumber=14f41d4160625530ec71b1ae2c6226bcb373b570e59d198398c5722b802e5cee, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:84:3b:44:a4:2a:f7:7b:0b:06:be:09:69:86:
                    ab:c8:c9:d1:25:b3:84:3a:bb:88:c3:74:35:71:67:
                    bc:b5:b8:52:8e:1c:88:68:03:e1:cc:67:73:c3:ee:
                    8e:94:fe:40:71:8b:59:86:26:7e:c1:e2:6c:f3:43:
                    4c:4d:36:81:e8:80:0a:af:cf:2e:bf:fc:76:87:87:
                    57:04:d6:11:4a:94:df:2a:9f:55:b2:69:46:4c:90:
                    27:1f:ef:04:b6:8c:59:55:7b:cd:87:5a:48:7c:2d:
                    14:3d:80:cf:e6:14:40:00:29:cd:6b:5a:73:c1:dc:
                    63:ef:44:03:a6:5f:78:a2:cc:6e:e6:83:01:e4:5b:
                    e2:58:14:1b:0b:5e:ae:85:64:05:10:e7:56:4d:f7:
                    27:01:54:bf:f9:d3:dc:14:7e:2f:cf:ab:c5:9c:7e:
                    36:4e:27:05:5f:07:91:0d:be:27:23:ac:52:22:37:
                    4e:61:55:e6:56:a7:7c:7a:ab:17:69:6e:25:de:90:
                    dd:ea:86:9a:65:37:73:d7:6d:09:ee:ec:09:4a:31:
                    cf:01:bc:45:5a:c0:cc:6e:ab:9f:fb:af:59:ad:1e:
                    3b:61:8c:20:c1:31:db:fa:2b:43:5c:b0:6c:f4:c0:
                    e5:cc:2b:fd:64:da:6d:2e:31:83:bc:05:74:bd:95:
                    95:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A9:A2:ED:89:02:86:9E:31:30:3D:61:D2:C3:3F:6F:34:DF:BE:6B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9416c6d8-428a-47e0-bb3d-b0676c16abd9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:05:c1:f6:fe:29:54:01:5c:7c:9b:3c:d3:e4:e6:2d:68:16:
         ff:4b:a1:68:d6:ae:c7:73:10:97:b6:f8:4e:83:7e:5b:a4:ac:
         f4:3a:95:d5:51:9a:51:b2:79:7e:16:36:c8:3d:ae:c2:69:24:
         4a:25:bd:46:ad:3d:d5:ba:e3:dd:24:20:27:77:4d:6a:3a:f2:
         81:6e:77:77:fc:be:97:91:34:08:cb:83:bd:57:b9:63:de:19:
         e2:f4:79:ba:48:13:bf:53:74:03:52:96:e3:07:4a:27:b9:ae:
         c0:93:c8:95:c7:cd:3d:16:bb:3e:a8:ad:2b:24:1d:44:f9:d2:
         0e:59:14:23:9e:80:81:c4:41:af:1e:3f:63:ea:3c:81:b6:b0:
         30:38:6a:6d:86:ca:8a:3b:cc:14:ed:13:82:50:86:bc:22:02:
         70:14:3b:62:aa:01:ff:f4:9e:d1:58:6b:f2:c1:27:78:ea:a1:
         5b:bc:65:d3:a1:9c:24:54:9f:0a:51:4e:60:50:9a:26:16:6f:
         f2:6f:61:6a:bf:e8:c4:40:0f:e3:b4:ea:8c:af:79:5a:0f:bc:
         6c:a5:bb:de:f2:44:ce:0b:67:49:2e:4a:ab:7f:aa:40:c8:27:
         e9:3c:fd:55:6d:ad:3f:86:91:96:c0:74:cf:d0:97:31:f1:57:
         db:97:0a:cd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV1bpg5x2q+yzu7cYMG9qxlhnlyswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzIyMDAwMDAwWhcNMjMwODI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNGY0MWQ0MTYwNjI1NTMwZWM3MWIxYWUyYzYyMjZiY2Iz
NzNiNTcwZTU5ZDE5ODM5OGM1NzIyYjgwMmU1Y2VlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDShDtEpCr3ewsGvglphqvIydEls4Q6u4jDdDVxZ7y1uFKO
HIhoA+HMZ3PD7o6U/kBxi1mGJn7B4mzzQ0xNNoHogAqvzy6//HaHh1cE1hFKlN8q
n1WyaUZMkCcf7wS2jFlVe82HWkh8LRQ9gM/mFEAAKc1rWnPB3GPvRAOmX3iizG7m
gwHkW+JYFBsLXq6FZAUQ51ZN9ycBVL/509wUfi/Pq8WcfjZOJwVfB5ENvicjrFIi
N05hVeZWp3x6qxdpbiXekN3qhpplN3PXbQnu7AlKMc8BvEVawMxuq5/7r1mtHjth
jCDBMdv6K0NcsGz0wOXMK/1k2m0uMYO8BXS9lZXpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGqmi7YkChp4xMD1h0sM/bzTfvmswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk0MTZjNmQ4LTQyOGEtNDdlMC1iYjNkLWIwNjc2YzE2YWJkOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABwFwfb+KVQBXHybPNPk5i1oFv9L
oWjWrsdzEJe2+E6DflukrPQ6ldVRmlGyeX4WNsg9rsJpJEolvUatPdW6490kICd3
TWo68oFud3f8vpeRNAjLg71XuWPeGeL0ebpIE79TdANSluMHSie5rsCTyJXHzT0W
uz6orSskHUT50g5ZFCOegIHEQa8eP2PqPIG2sDA4am2Gyoo7zBTtE4JQhrwiAnAU
O2KqAf/0ntFYa/LBJ3jqoVu8ZdOhnCRUnwpRTmBQmiYWb/JvYWq/6MRAD+O06oyv
eVoPvGylu97yRM4LZ0kuSqt/qkDIJ+k8/VVtrT+GkZbAdM/QlzHxV9uXCs0=
-----END CERTIFICATE-----