Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a8bddb17-2bac-429c-8fcc-cc866ae581e2.roa
File:                     a8bddb17-2bac-429c-8fcc-cc866ae581e2.roa (raw, json)
Hash identifier:          +plheKGoO9jjluUTLiZLffV6Q0nEvn08WK1kwZ4oEGw=
Subject key identifier:   7C:F3:8E:8A:9B:57:75:DB:E1:CC:79:25:09:8A:82:BD:31:84:CA:70
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       49FAC21CFD8AD145CE2A29E96BE553B1B383BDF0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a8bddb17-2bac-429c-8fcc-cc866ae581e2.roa
Signing time:             Wed 16 Aug 2023 00:00:00 +0000
ROA not before:           Wed 16 Aug 2023 00:00:00 +0000
ROA not after:            Wed 20 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:fa:c2:1c:fd:8a:d1:45:ce:2a:29:e9:6b:e5:53:b1:b3:83:bd:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 16 00:00:00 2023 GMT
            Not After : Sep 20 23:59:59 2023 GMT
        Subject: serialNumber=9d37fe2fb792bf91f7cdbb54cf7b364be885230ccb81cb54396a43364fb77250, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:87:a7:d3:09:36:66:9f:cb:bd:66:b4:c4:fa:
                    91:58:3a:2d:bb:dc:d4:a3:be:8c:6f:5c:68:ee:42:
                    fd:6d:60:f1:f0:89:64:28:b0:57:31:ae:89:3f:ac:
                    d4:10:06:26:46:75:1b:ec:b4:bc:21:9b:23:fc:7a:
                    b1:3a:de:14:17:5d:d3:f9:e6:1b:98:b2:35:55:0f:
                    0a:5c:d9:e9:7e:63:1f:e2:66:dc:96:fb:1e:73:1f:
                    f1:a7:b7:da:ca:ea:17:d1:d6:74:1e:24:f9:75:d3:
                    0a:3d:f2:b2:0c:8f:da:3b:fd:59:58:e2:b6:91:5e:
                    fc:5e:b5:f3:46:8b:10:77:0f:e4:71:bc:a1:65:35:
                    74:85:32:1b:b3:a3:1c:59:b7:0c:0b:b8:db:4f:80:
                    c0:4e:69:87:1d:6e:80:ef:db:fc:f7:13:7f:38:3f:
                    50:eb:1b:4a:e3:c3:8d:16:b1:ad:b1:b5:fa:b7:be:
                    ea:9c:a8:17:a7:39:37:68:fb:87:91:3e:e1:0c:3e:
                    1f:24:bb:ba:ad:78:a0:f0:29:2e:13:1c:1d:c0:af:
                    5e:4a:69:6b:cb:52:7a:05:21:cd:5f:28:3a:02:de:
                    dd:ca:40:b4:36:61:f2:ad:a5:6a:77:49:43:08:62:
                    c5:13:da:31:fb:f4:fd:ac:4a:75:c0:a3:92:29:ad:
                    ab:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F3:8E:8A:9B:57:75:DB:E1:CC:79:25:09:8A:82:BD:31:84:CA:70
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a8bddb17-2bac-429c-8fcc-cc866ae581e2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:be:8a:14:5e:d1:d0:36:4d:50:64:6c:09:00:78:28:70:ba:
         47:60:98:4a:2f:14:7a:15:cf:ca:6c:f4:3c:0c:7c:01:3b:c4:
         74:a0:dd:ac:04:e5:dd:96:96:e5:c5:6b:09:15:0a:ab:35:c8:
         fb:c6:57:96:3e:19:94:4a:80:45:c0:28:21:60:d1:86:74:53:
         e7:b8:6f:b5:1f:16:b2:b5:80:48:3c:0d:6c:5f:a9:94:42:f1:
         f9:e5:9b:18:67:01:be:8c:ab:0a:84:52:14:6b:2f:2a:3e:77:
         e4:f6:c3:23:7d:79:6e:52:c0:70:8a:11:c5:63:df:84:67:da:
         d2:75:4e:56:c6:47:f0:20:c6:7a:2d:cb:e6:79:c6:e7:0c:53:
         5b:5e:8a:c4:23:03:7a:3d:a2:db:d7:e5:65:d1:06:16:78:3c:
         cf:e5:81:63:b6:67:bd:53:04:c3:77:b9:d1:c6:4f:6e:61:49:
         de:74:f3:c4:c6:cb:65:c2:5d:3a:8c:9e:a2:f1:10:6e:df:0d:
         da:f6:97:38:b3:bd:28:34:5b:95:ef:22:9d:68:55:55:5e:b6:
         f6:61:c2:ae:48:e0:68:64:e0:81:25:19:b1:4d:1f:45:53:27:
         a8:59:2e:37:d7:df:a5:a3:d5:a7:7e:e7:90:3c:bc:5e:11:5d:
         54:70:f1:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSfrCHP2K0UXOKinpa+VTsbODvfAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE2MDAwMDAwWhcNMjMwOTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDM3ZmUyZmI3OTJiZjkxZjdjZGJiNTRjZjdiMzY0YmU4
ODUyMzBjY2I4MWNiNTQzOTZhNDMzNjRmYjc3MjUwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgh6fTCTZmn8u9ZrTE+pFYOi273NSjvoxvXGjuQv1tYPHw
iWQosFcxrok/rNQQBiZGdRvstLwhmyP8erE63hQXXdP55huYsjVVDwpc2el+Yx/i
ZtyW+x5zH/Gnt9rK6hfR1nQeJPl10wo98rIMj9o7/VlY4raRXvxetfNGixB3D+Rx
vKFlNXSFMhuzoxxZtwwLuNtPgMBOaYcdboDv2/z3E384P1DrG0rjw40Wsa2xtfq3
vuqcqBenOTdo+4eRPuEMPh8ku7qteKDwKS4THB3Ar15KaWvLUnoFIc1fKDoC3t3K
QLQ2YfKtpWp3SUMIYsUT2jH79P2sSnXAo5IpravJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfPOOiptXddvhzHklCYqCvTGEynAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E4YmRkYjE3LTJiYWMtNDI5Yy04ZmNjLWNjODY2YWU1ODFlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGO+ihRe0dA2TVBkbAkAeChwukdg
mEovFHoVz8ps9DwMfAE7xHSg3awE5d2WluXFawkVCqs1yPvGV5Y+GZRKgEXAKCFg
0YZ0U+e4b7UfFrK1gEg8DWxfqZRC8fnlmxhnAb6MqwqEUhRrLyo+d+T2wyN9eW5S
wHCKEcVj34Rn2tJ1TlbGR/Agxnoty+Z5xucMU1teisQjA3o9otvX5WXRBhZ4PM/l
gWO2Z71TBMN3udHGT25hSd5088TGy2XCXTqMnqLxEG7fDdr2lzizvSg0W5XvIp1o
VVVetvZhwq5I4Ghk4IElGbFNH0VTJ6hZLjfX36Wj1ad+55A8vF4RXVRw8dg=
-----END CERTIFICATE-----