Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a6da1bf9-fe95-492b-ae80-ccf5fde84f5d.roa
File:                     a6da1bf9-fe95-492b-ae80-ccf5fde84f5d.roa (raw, json)
Hash identifier:          yAM0/ZDqF4j15FHm0YOPtq0eskCTHZa/1nfrj7USd/I=
Subject key identifier:   CB:77:5B:95:88:09:AE:66:3C:DE:C4:79:E5:C6:54:7B:89:03:55:9D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       066B724D6D6E7F9C1DFFBB7A5EACD5C39A3788DB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a6da1bf9-fe95-492b-ae80-ccf5fde84f5d.roa
Signing time:             Sun 16 Jul 2023 00:00:00 +0000
ROA not before:           Sun 16 Jul 2023 00:00:00 +0000
ROA not after:            Sun 20 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:6b:72:4d:6d:6e:7f:9c:1d:ff:bb:7a:5e:ac:d5:c3:9a:37:88:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 16 00:00:00 2023 GMT
            Not After : Aug 20 23:59:59 2023 GMT
        Subject: serialNumber=8abb1cbfc71786ced54513c2b49a40ed72e05ccd87301a45cadd780ea44cddc0, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a7:2c:41:d8:33:64:23:f4:8a:dd:8d:df:c7:
                    93:75:f3:2b:f0:96:09:89:95:d3:9a:83:d6:83:5a:
                    d1:f7:86:29:c1:03:74:63:c1:b0:cb:eb:70:4d:76:
                    0e:b8:72:f5:e0:55:26:cb:f6:ae:6c:ee:87:7c:8f:
                    6a:cd:2d:dd:29:80:7f:f0:b6:a3:9b:0e:3d:32:c8:
                    59:e4:52:bf:9f:30:16:9b:fc:b1:98:f8:fe:c8:2a:
                    2a:74:e1:f8:b1:cb:67:e2:70:a7:f1:2c:3b:09:6b:
                    8b:d3:23:0b:b7:a0:89:e4:26:d3:95:b3:77:af:13:
                    44:7d:ae:6a:64:89:38:62:d1:d7:74:9d:e2:42:aa:
                    7f:28:62:ef:c3:c0:3d:27:cf:d8:79:ef:6f:16:bd:
                    87:35:ed:f7:66:5c:ba:26:62:ab:67:97:02:50:f9:
                    da:7d:f4:64:36:fd:87:20:11:97:ee:1c:d7:25:82:
                    5e:a9:dd:4c:fe:32:d9:f0:4e:3b:d6:6c:42:62:fc:
                    90:68:87:db:2f:6c:bd:8c:58:13:8d:dc:53:6b:63:
                    9f:05:b9:0f:7b:c3:f0:5a:67:a5:ec:14:69:31:bf:
                    ef:4e:dc:87:8e:a8:05:53:91:ad:d6:d5:3f:5a:97:
                    b0:06:89:65:fd:19:56:74:ae:2a:b4:56:09:2a:e8:
                    4d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:77:5B:95:88:09:AE:66:3C:DE:C4:79:E5:C6:54:7B:89:03:55:9D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a6da1bf9-fe95-492b-ae80-ccf5fde84f5d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:a9:93:e2:11:ce:54:df:5d:12:24:d9:5e:ee:83:e8:c3:cd:
         79:09:8a:6e:1c:cf:1c:1d:bd:b9:9c:3f:df:44:eb:30:7e:02:
         02:46:a1:f6:c8:76:10:3e:69:75:e4:53:aa:90:2f:f8:40:95:
         3c:94:29:4f:cc:f5:23:69:9c:86:ba:7a:c5:32:36:17:fd:af:
         e8:52:71:67:85:de:70:0e:8f:8c:d8:b2:63:ad:8b:1e:b6:d0:
         7a:44:d8:28:29:fc:32:49:ee:dd:e6:d1:aa:d0:ab:d7:bd:e8:
         11:10:c7:32:88:c2:aa:b8:31:fc:17:ca:88:3a:df:3e:28:72:
         c3:aa:2d:6d:b7:f7:f6:6d:cf:7d:57:3a:46:cf:9b:6b:0f:74:
         f2:7d:ac:60:f1:74:00:30:9e:d7:2f:94:38:8c:97:08:de:84:
         2c:34:1e:b7:d7:b4:44:66:a9:11:14:55:19:3e:05:a1:4d:f9:
         5e:25:27:ad:b2:39:7e:48:d2:a0:66:a5:9f:3c:93:c8:f3:b8:
         4c:23:dc:f3:80:d4:c9:cc:8c:aa:13:77:b5:4f:bf:f9:95:be:
         43:fa:24:40:8c:64:e8:c3:21:9e:b0:7d:60:56:35:28:07:f6:
         81:d1:6e:3f:90:93:f6:94:11:66:b7:a8:af:f8:93:3f:da:2c:
         de:be:42:f4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBmtyTW1uf5wd/7t6XqzVw5o3iNswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE2MDAwMDAwWhcNMjMwODIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YWJiMWNiZmM3MTc4NmNlZDU0NTEzYzJiNDlhNDBlZDcy
ZTA1Y2NkODczMDFhNDVjYWRkNzgwZWE0NGNkZGMwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdpyxB2DNkI/SK3Y3fx5N18yvwlgmJldOag9aDWtH3hinB
A3RjwbDL63BNdg64cvXgVSbL9q5s7od8j2rNLd0pgH/wtqObDj0yyFnkUr+fMBab
/LGY+P7IKip04fixy2ficKfxLDsJa4vTIwu3oInkJtOVs3evE0R9rmpkiThi0dd0
neJCqn8oYu/DwD0nz9h5728WvYc17fdmXLomYqtnlwJQ+dp99GQ2/YcgEZfuHNcl
gl6p3Uz+MtnwTjvWbEJi/JBoh9svbL2MWBON3FNrY58FuQ97w/BaZ6XsFGkxv+9O
3IeOqAVTka3W1T9al7AGiWX9GVZ0riq0Vgkq6E0rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUy3dblYgJrmY83sR55cZUe4kDVZ0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E2ZGExYmY5LWZlOTUtNDkyYi1hZTgwLWNjZjVmZGU4NGY1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG6pk+IRzlTfXRIk2V7ug+jDzXkJ
im4czxwdvbmcP99E6zB+AgJGofbIdhA+aXXkU6qQL/hAlTyUKU/M9SNpnIa6esUy
Nhf9r+hScWeF3nAOj4zYsmOtix620HpE2Cgp/DJJ7t3m0arQq9e96BEQxzKIwqq4
MfwXyog63z4ocsOqLW239/Ztz31XOkbPm2sPdPJ9rGDxdAAwntcvlDiMlwjehCw0
HrfXtERmqREUVRk+BaFN+V4lJ62yOX5I0qBmpZ88k8jzuEwj3POA1MnMjKoTd7VP
v/mVvkP6JECMZOjDIZ6wfWBWNSgH9oHRbj+Qk/aUEWa3qK/4kz/aLN6+QvQ=
-----END CERTIFICATE-----