Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a4088bff-ee77-402a-b02f-a851f4ac7850.roa
File:                     a4088bff-ee77-402a-b02f-a851f4ac7850.roa (raw, json)
Hash identifier:          VAn6It95JWDfcoiMOYixxKgCXP/qWpPLmzcmdBUkJ20=
Subject key identifier:   A0:DA:3B:B4:BE:C8:CD:9D:34:2A:AA:8D:96:B7:65:67:5B:AF:75:52
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3943233D390854230B4F0173E7AC4D500341FF31
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a4088bff-ee77-402a-b02f-a851f4ac7850.roa
Signing time:             Sat 24 Jun 2023 00:00:00 +0000
ROA not before:           Sat 24 Jun 2023 00:00:00 +0000
ROA not after:            Sat 29 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:43:23:3d:39:08:54:23:0b:4f:01:73:e7:ac:4d:50:03:41:ff:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 24 00:00:00 2023 GMT
            Not After : Jul 29 23:59:59 2023 GMT
        Subject: serialNumber=e674587f489898f26b99d53db44e3665b1b08602be7c172d45bed43bcf841959, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:69:35:a3:45:af:ef:5e:24:df:a6:df:f5:e0:
                    96:28:64:2c:fd:1c:6e:c3:13:02:4b:87:1f:7a:84:
                    bd:a1:12:b4:08:6a:bd:53:c0:e5:7d:ea:ea:18:3c:
                    e8:76:64:16:ab:05:bd:1d:c4:68:e0:3d:d5:bb:3b:
                    54:f3:24:c4:30:ef:c7:7f:1a:c4:51:21:12:d0:b3:
                    ae:0c:0a:7b:bb:88:30:fd:36:9b:0c:c6:45:aa:34:
                    5b:75:51:8a:42:8e:d0:e3:9a:4e:fc:69:06:9f:28:
                    62:d2:2c:12:ac:c6:ba:ec:0f:54:23:ec:26:2f:21:
                    53:88:24:0f:5b:ec:36:c5:81:82:be:38:20:0b:46:
                    d4:d0:fe:bf:47:88:17:6a:5c:0b:1f:a6:25:4b:40:
                    b1:71:76:90:88:77:07:07:e7:73:8d:93:86:cc:cf:
                    5d:26:f0:8d:20:e8:a8:d3:91:38:d6:cb:c4:b2:d0:
                    29:7d:c1:e0:5d:53:42:39:03:c6:63:5c:21:13:4e:
                    a5:fa:31:a0:16:33:3a:c7:19:5a:19:d3:ce:94:3c:
                    51:91:2d:8c:01:d5:d7:d3:6b:e3:73:15:e3:ca:88:
                    dc:46:29:8e:8c:0b:2a:f9:14:6e:83:9f:fa:45:d8:
                    7e:31:96:1b:8a:fc:80:19:34:59:c3:70:01:b8:e9:
                    8f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:DA:3B:B4:BE:C8:CD:9D:34:2A:AA:8D:96:B7:65:67:5B:AF:75:52
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a4088bff-ee77-402a-b02f-a851f4ac7850.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:cd:49:72:d1:0a:71:3e:bb:5e:5a:1c:0c:8c:e7:4a:c0:ec:
         0c:9f:52:2d:88:1f:f9:df:99:b8:7c:7a:38:b4:20:88:ab:a3:
         29:b5:26:e5:54:e1:bd:35:d1:fa:ff:48:a7:a7:c0:66:31:5d:
         e9:c9:9e:21:4c:00:fe:ae:2a:64:86:41:45:c8:69:fb:6d:cf:
         4a:d0:80:68:a9:0a:a4:fb:2a:bd:4f:c3:a3:1a:4c:d2:98:4f:
         f8:b1:f2:1b:46:05:45:5f:be:83:77:8b:76:1d:db:b5:30:6e:
         08:91:5f:e4:24:7b:29:84:a6:a0:9e:ac:0f:60:c3:d8:53:3d:
         7b:e1:e7:2f:ee:ab:d9:86:fb:a8:61:33:a2:39:07:39:e4:a6:
         65:c2:4f:dc:70:2c:14:92:56:2d:e1:8f:9a:93:12:0d:18:b0:
         1d:59:1a:ac:f0:7a:57:7c:f0:04:ce:f9:01:0b:6b:68:0e:a9:
         22:c3:99:5c:35:40:8a:81:c0:f3:55:59:ae:53:17:fd:9b:fd:
         3e:fd:be:8f:97:a0:7f:6f:f0:92:e4:4d:45:32:56:0e:66:8e:
         94:75:5c:9d:74:4d:70:9a:7b:b5:fa:25:bf:c6:b1:ee:58:1e:
         16:3b:5f:2f:f9:6a:14:7b:50:f6:fc:a6:1e:61:f0:9f:85:fa:
         20:1f:05:67
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOUMjPTkIVCMLTwFz56xNUANB/zEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI0MDAwMDAwWhcNMjMwNzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNjc0NTg3ZjQ4OTg5OGYyNmI5OWQ1M2RiNDRlMzY2NWIx
YjA4NjAyYmU3YzE3MmQ0NWJlZDQzYmNmODQxOTU5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1aTWjRa/vXiTfpt/14JYoZCz9HG7DEwJLhx96hL2hErQI
ar1TwOV96uoYPOh2ZBarBb0dxGjgPdW7O1TzJMQw78d/GsRRIRLQs64MCnu7iDD9
NpsMxkWqNFt1UYpCjtDjmk78aQafKGLSLBKsxrrsD1Qj7CYvIVOIJA9b7DbFgYK+
OCALRtTQ/r9HiBdqXAsfpiVLQLFxdpCIdwcH53ONk4bMz10m8I0g6KjTkTjWy8Sy
0Cl9weBdU0I5A8ZjXCETTqX6MaAWMzrHGVoZ086UPFGRLYwB1dfTa+NzFePKiNxG
KY6MCyr5FG6Dn/pF2H4xlhuK/IAZNFnDcAG46Y+fAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoNo7tL7IzZ00KqqNlrdlZ1uvdVIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E0MDg4YmZmLWVlNzctNDAyYS1iMDJmLWE4NTFmNGFjNzg1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHLNSXLRCnE+u15aHAyM50rA7Ayf
Ui2IH/nfmbh8eji0IIiroym1JuVU4b010fr/SKenwGYxXenJniFMAP6uKmSGQUXI
afttz0rQgGipCqT7Kr1Pw6MaTNKYT/ix8htGBUVfvoN3i3Yd27UwbgiRX+QkeymE
pqCerA9gw9hTPXvh5y/uq9mG+6hhM6I5BznkpmXCT9xwLBSSVi3hj5qTEg0YsB1Z
Gqzweld88ATO+QELa2gOqSLDmVw1QIqBwPNVWa5TF/2b/T79vo+XoH9v8JLkTUUy
Vg5mjpR1XJ10TXCae7X6Jb/Gse5YHhY7Xy/5ahR7UPb8ph5h8J+F+iAfBWc=
-----END CERTIFICATE-----