Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/afe1cd32-d05b-4485-a603-357deaf7da53.roa
File:                     afe1cd32-d05b-4485-a603-357deaf7da53.roa (raw, json)
Hash identifier:          Cn7gYRF+aRoCVpkUr3ILE5rQuRSYwcA7DEvQOi3oZOg=
Subject key identifier:   24:E5:B7:F0:DE:CB:7E:98:99:70:C0:0E:0D:59:05:40:4A:BF:99:49
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       566BBDFC74D679DD9060E8BEC0D3FFB57BE5A900
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/afe1cd32-d05b-4485-a603-357deaf7da53.roa
Signing time:             Sun 23 Jul 2023 00:00:00 +0000
ROA not before:           Sun 23 Jul 2023 00:00:00 +0000
ROA not after:            Sun 27 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:6b:bd:fc:74:d6:79:dd:90:60:e8:be:c0:d3:ff:b5:7b:e5:a9:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 23 00:00:00 2023 GMT
            Not After : Aug 27 23:59:59 2023 GMT
        Subject: serialNumber=7001e2021a37a906bd89b126b7d871fc8e0eeb7bc977c7804bb47b2aec115eb9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f0:16:5d:8b:a3:52:cc:a0:91:c2:d7:e4:eb:
                    91:34:a6:9f:99:6f:46:ce:d4:55:d5:08:3f:69:a8:
                    25:d8:20:51:2a:ad:87:b9:9c:c7:d4:de:7d:ea:1e:
                    e1:23:88:2f:78:64:11:13:61:77:ef:02:df:ae:69:
                    84:0d:d8:fa:f2:dc:db:73:c0:1c:aa:8e:11:a0:b1:
                    ab:92:9d:d4:a2:00:e2:c6:2f:f4:03:73:03:0b:db:
                    b3:24:d8:52:a0:1f:09:77:62:18:ff:9d:58:70:7a:
                    92:bc:d7:06:e3:75:74:08:29:6f:84:5d:f9:b6:fb:
                    fe:74:4a:e5:4b:c2:96:59:f0:ed:c4:df:bb:25:3b:
                    cb:72:ec:c3:d5:84:66:fa:3c:be:42:5c:31:39:35:
                    ed:ab:18:fb:cb:b1:5e:61:e1:a3:94:a9:ec:16:11:
                    13:fd:c4:c7:7b:15:a3:b0:c7:b9:fd:a9:ff:61:08:
                    e3:b9:95:c9:72:f5:81:a1:06:cb:31:0e:bf:50:73:
                    3d:01:a4:d1:f9:b0:83:1e:54:24:43:e5:3a:52:c7:
                    e1:d1:5b:ff:c0:5a:bf:89:3e:7b:d5:98:28:13:58:
                    87:82:1d:3f:e5:82:80:b8:b3:5d:46:fb:6c:15:6b:
                    ab:1f:b8:0b:6d:85:ae:80:6d:bf:2b:ab:7d:5e:23:
                    60:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:E5:B7:F0:DE:CB:7E:98:99:70:C0:0E:0D:59:05:40:4A:BF:99:49
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/afe1cd32-d05b-4485-a603-357deaf7da53.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:31:0a:59:0b:f7:db:3a:fc:2d:c3:d3:82:90:05:7f:3d:36:
         e9:b1:ac:d9:00:1c:66:02:f3:68:02:3c:c6:eb:97:f9:06:f9:
         39:42:c2:fd:60:83:0e:fe:2b:48:80:13:56:b4:be:c2:b3:e1:
         08:2e:d5:7b:3f:72:f1:c5:fa:5c:42:5b:63:3c:ec:6b:09:93:
         bd:8b:42:0f:5d:e8:7d:b3:92:13:24:41:1c:7c:d0:3d:6a:99:
         91:e3:02:93:7a:5a:8d:ef:3d:06:9b:ab:cf:ed:e1:a4:f3:0c:
         93:be:e7:6e:8c:69:1d:bb:14:bb:e1:2f:08:76:f0:0c:b6:9d:
         d5:4a:30:ea:c1:43:83:d7:2d:fb:bf:43:0f:5d:1e:db:29:58:
         0b:55:24:39:43:ee:bf:1e:cc:69:7e:e0:bc:be:f4:c6:d3:9a:
         44:3e:ab:56:e7:c8:37:c6:a1:1f:b5:93:6a:55:ee:21:d4:1c:
         35:64:53:97:c2:94:93:4f:2a:c3:7a:ce:00:be:79:08:ef:a4:
         63:46:e0:03:30:45:aa:95:f7:54:1c:55:47:cf:ab:01:e0:6d:
         e7:92:82:40:c4:d4:cb:22:61:08:87:c1:06:d0:51:d5:b4:fc:
         50:97:21:52:5a:f1:c9:e9:bc:3a:40:33:cb:ca:c3:d2:cb:00:
         16:f7:f5:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVmu9/HTWed2QYOi+wNP/tXvlqQAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzIzMDAwMDAwWhcNMjMwODI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MDAxZTIwMjFhMzdhOTA2YmQ4OWIxMjZiN2Q4NzFmYzhl
MGVlYjdiYzk3N2M3ODA0YmI0N2IyYWVjMTE1ZWI5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCL8BZdi6NSzKCRwtfk65E0pp+Zb0bO1FXVCD9pqCXYIFEq
rYe5nMfU3n3qHuEjiC94ZBETYXfvAt+uaYQN2Pry3NtzwByqjhGgsauSndSiAOLG
L/QDcwML27Mk2FKgHwl3Yhj/nVhwepK81wbjdXQIKW+EXfm2+/50SuVLwpZZ8O3E
37slO8ty7MPVhGb6PL5CXDE5Ne2rGPvLsV5h4aOUqewWERP9xMd7FaOwx7n9qf9h
COO5lcly9YGhBssxDr9Qcz0BpNH5sIMeVCRD5TpSx+HRW//AWr+JPnvVmCgTWIeC
HT/lgoC4s11G+2wVa6sfuAttha6Abb8rq31eI2DVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJOW38N7LfpiZcMAODVkFQEq/mUkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FmZTFjZDMyLWQwNWItNDQ4NS1hNjAzLTM1N2RlYWY3ZGE1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKUxClkL99s6/C3D04KQBX89Numx
rNkAHGYC82gCPMbrl/kG+TlCwv1ggw7+K0iAE1a0vsKz4Qgu1Xs/cvHF+lxCW2M8
7GsJk72LQg9d6H2zkhMkQRx80D1qmZHjApN6Wo3vPQabq8/t4aTzDJO+526MaR27
FLvhLwh28Ay2ndVKMOrBQ4PXLfu/Qw9dHtspWAtVJDlD7r8ezGl+4Ly+9MbTmkQ+
q1bnyDfGoR+1k2pV7iHUHDVkU5fClJNPKsN6zgC+eQjvpGNG4AMwRaqV91QcVUfP
qwHgbeeSgkDE1MsiYQiHwQbQUdW0/FCXIVJa8cnpvDpAM8vKw9LLABb39Tc=
-----END CERTIFICATE-----