Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aa2cf65a-339e-4e00-aa1d-094ea632abfe.roa
File:                     aa2cf65a-339e-4e00-aa1d-094ea632abfe.roa (raw, json)
Hash identifier:          iZlLWWlVG6p18a6IMo4C3E4gOLEaEXcBPCSfJNiN2k0=
Subject key identifier:   A3:9E:7A:95:7C:BF:CE:F6:0B:C7:A8:39:FD:4E:7C:C0:E3:00:B3:FF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2004402FE3A163E50AB88105FCA6A838D3E9D392
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aa2cf65a-339e-4e00-aa1d-094ea632abfe.roa
Signing time:             Wed 23 Aug 2023 00:00:00 +0000
ROA not before:           Wed 23 Aug 2023 00:00:00 +0000
ROA not after:            Wed 27 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:04:40:2f:e3:a1:63:e5:0a:b8:81:05:fc:a6:a8:38:d3:e9:d3:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 23 00:00:00 2023 GMT
            Not After : Sep 27 23:59:59 2023 GMT
        Subject: serialNumber=798475f87cc1d5c6c2baaa0eca39eccdef90a4c5ed052d3287c0ca1a2c4b3d5c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c2:27:db:36:a3:b9:b6:08:45:b6:d7:ea:26:
                    7a:10:b2:4b:27:b4:c7:56:d1:f7:7c:37:55:9a:1b:
                    df:30:ab:68:c4:a0:25:70:f4:26:3a:94:ac:90:4b:
                    17:cd:21:ea:dc:df:6d:38:be:d6:60:a1:c2:44:5a:
                    97:77:87:6b:c0:0d:c6:7d:0f:c6:7c:6c:da:92:71:
                    64:ea:f6:61:7d:69:70:29:3e:50:6c:39:6a:d2:cc:
                    8c:c5:b7:ab:73:e9:a7:66:8f:3e:a8:9b:b5:ec:54:
                    c4:13:b0:8e:b1:62:10:3f:1a:ab:35:ca:22:fc:94:
                    3e:35:b4:ad:ca:8d:b5:df:99:e8:6c:f4:e3:7e:49:
                    0a:85:51:a6:2a:ea:39:66:ea:e1:2c:69:77:10:1a:
                    46:98:0e:d3:af:e9:68:b6:c1:6e:cf:dc:c2:4f:25:
                    48:6d:c1:f7:32:3a:0f:af:07:aa:f9:06:de:11:83:
                    71:e4:41:fe:ec:2d:6c:83:b4:d8:1c:a9:66:46:ab:
                    58:48:98:75:b8:26:95:9c:a8:07:b3:26:0b:27:fe:
                    78:fe:e0:74:9c:cd:77:c2:22:9b:06:49:65:2f:69:
                    59:9c:77:73:a9:22:85:91:6e:5f:54:01:d1:b4:6a:
                    44:25:dd:30:d2:57:60:7f:15:95:6b:76:69:1f:9a:
                    08:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:9E:7A:95:7C:BF:CE:F6:0B:C7:A8:39:FD:4E:7C:C0:E3:00:B3:FF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aa2cf65a-339e-4e00-aa1d-094ea632abfe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:54:ac:29:a2:41:2b:75:40:9d:96:80:ef:68:a0:48:3b:e3:
         8e:b5:e8:87:2b:62:e9:fb:8d:36:a6:aa:d3:d2:7b:fc:25:15:
         8e:05:c2:f7:48:d3:72:ab:6b:f6:42:90:97:42:db:9e:41:1c:
         3b:76:f7:d6:f0:4f:64:f3:50:12:44:54:5e:ca:7b:ad:7e:a2:
         33:c5:9a:86:cd:9c:a7:8e:e6:ca:30:dd:0f:e1:e1:f7:d6:08:
         4c:fb:4b:ba:fe:7a:98:b7:38:2f:7d:f4:95:89:df:f3:f9:eb:
         7a:40:71:df:46:f8:90:5c:6b:b3:69:ce:c2:c1:58:2b:e8:20:
         31:ba:47:9e:00:ab:39:25:15:1c:83:8a:a6:e3:09:95:5f:54:
         27:ca:af:16:45:94:3e:bf:e9:74:97:bc:2b:29:a3:6f:8e:41:
         ad:5f:b6:44:b4:f1:15:d6:49:b3:47:b8:44:ed:18:05:65:c9:
         3b:75:dd:b2:30:bd:5b:a2:59:e0:c7:21:e4:34:08:e5:91:bf:
         cf:ed:01:62:02:80:08:74:e3:fd:fc:5c:d9:76:dd:e8:cb:38:
         b3:36:14:ef:3a:7b:e2:4b:b6:c3:75:91:82:f4:43:8e:63:cd:
         a3:d1:f5:75:39:e7:86:24:e9:3a:b2:26:88:b7:60:4d:03:f5:
         dd:cb:23:17
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIARAL+OhY+UKuIEF/KaoONPp05IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODIzMDAwMDAwWhcNMjMwOTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OTg0NzVmODdjYzFkNWM2YzJiYWFhMGVjYTM5ZWNjZGVm
OTBhNGM1ZWQwNTJkMzI4N2MwY2ExYTJjNGIzZDVjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3wifbNqO5tghFttfqJnoQsksntMdW0fd8N1WaG98wq2jE
oCVw9CY6lKyQSxfNIerc3204vtZgocJEWpd3h2vADcZ9D8Z8bNqScWTq9mF9aXAp
PlBsOWrSzIzFt6tz6admjz6om7XsVMQTsI6xYhA/Gqs1yiL8lD41tK3KjbXfmehs
9ON+SQqFUaYq6jlm6uEsaXcQGkaYDtOv6Wi2wW7P3MJPJUhtwfcyOg+vB6r5Bt4R
g3HkQf7sLWyDtNgcqWZGq1hImHW4JpWcqAezJgsn/nj+4HSczXfCIpsGSWUvaVmc
d3OpIoWRbl9UAdG0akQl3TDSV2B/FZVrdmkfmghTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUo556lXy/zvYLx6g5/U58wOMAs/8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FhMmNmNjVhLTMzOWUtNGUwMC1hYTFkLTA5NGVhNjMyYWJmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFBUrCmiQSt1QJ2WgO9ooEg74461
6IcrYun7jTamqtPSe/wlFY4FwvdI03Kra/ZCkJdC255BHDt299bwT2TzUBJEVF7K
e61+ojPFmobNnKeO5sow3Q/h4ffWCEz7S7r+epi3OC999JWJ3/P563pAcd9G+JBc
a7NpzsLBWCvoIDG6R54AqzklFRyDiqbjCZVfVCfKrxZFlD6/6XSXvCspo2+OQa1f
tkS08RXWSbNHuETtGAVlyTt13bIwvVuiWeDHIeQ0COWRv8/tAWICgAh04/38XNl2
3ejLOLM2FO86e+JLtsN1kYL0Q45jzaPR9XU554Yk6TqyJoi3YE0D9d3LIxc=
-----END CERTIFICATE-----