Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b8dc4542-7061-464f-a50f-415d87077cfd.roa
File:                     b8dc4542-7061-464f-a50f-415d87077cfd.roa (raw, json)
Hash identifier:          J+bHsQdihQGy0nB0u2mSMaaC9Yh9pnTicxZXTwLEPPM=
Subject key identifier:   1C:E6:2A:79:BF:EC:77:89:FA:A6:D5:F2:DF:3A:F8:64:9B:88:37:BC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3D47DA46CF7D9C4BD7C44C0CB10F5904A71A0706
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b8dc4542-7061-464f-a50f-415d87077cfd.roa
Signing time:             Mon 26 Jun 2023 00:00:00 +0000
ROA not before:           Mon 26 Jun 2023 00:00:00 +0000
ROA not after:            Mon 31 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:47:da:46:cf:7d:9c:4b:d7:c4:4c:0c:b1:0f:59:04:a7:1a:07:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 26 00:00:00 2023 GMT
            Not After : Jul 31 23:59:59 2023 GMT
        Subject: serialNumber=7a2c6641cdb49e621d5c7d460c874acd1e1be04da640d0b15becb24002a89be5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:48:15:0b:5c:44:29:65:f8:6d:5c:5b:95:33:
                    3b:2a:58:87:57:23:9a:4b:c7:63:79:bb:69:69:b5:
                    49:80:7d:b9:06:07:76:fa:d2:45:43:32:8f:66:49:
                    28:50:c3:0a:fd:8d:01:cc:bf:68:1e:72:f7:20:cc:
                    a3:ab:cf:f3:d3:b7:c2:4a:5e:f1:cc:60:26:e6:79:
                    30:96:d2:13:a7:3e:ba:b4:99:9f:12:59:bb:6e:30:
                    4c:37:17:73:49:54:47:9f:51:be:12:a5:7b:5e:2c:
                    97:0b:ae:2f:a7:66:1a:9b:c8:76:52:66:e3:b7:4b:
                    80:0e:48:28:64:f0:6f:df:c3:75:bc:f7:b5:e0:a2:
                    ad:df:cc:0b:55:77:94:40:84:8c:7e:6b:18:00:1d:
                    93:b2:79:72:64:7a:78:04:e4:3a:3d:07:c4:f7:e6:
                    eb:00:21:13:75:31:5f:21:2c:03:c1:96:23:39:74:
                    fd:d6:c5:83:45:59:de:10:be:81:ef:8a:4a:8c:57:
                    dc:b4:f2:d7:1d:a8:fd:9f:4c:8a:e2:90:39:d9:f0:
                    df:bb:72:25:f4:b6:5e:04:d4:79:e5:9e:9f:70:96:
                    13:bc:df:4c:ce:3d:4a:78:46:89:ca:10:bf:4d:76:
                    db:6d:92:25:9c:59:81:57:5d:70:87:f1:73:94:1d:
                    c5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:E6:2A:79:BF:EC:77:89:FA:A6:D5:F2:DF:3A:F8:64:9B:88:37:BC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b8dc4542-7061-464f-a50f-415d87077cfd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:38:12:fc:b1:d5:e2:18:c4:5f:a4:b6:d2:4c:6b:90:c2:22:
         70:e5:b1:9e:c5:1f:8b:d6:cb:09:0c:92:87:fc:80:c7:ee:cb:
         b0:52:82:30:7a:4d:35:3c:18:f4:27:36:f2:26:23:84:b7:83:
         f8:c3:e1:33:d7:e9:60:91:f6:17:ef:3b:d7:24:19:19:54:6b:
         03:9c:4f:56:db:26:17:cd:51:86:77:7d:69:11:bb:0a:3b:98:
         66:3d:84:2d:64:88:d3:e3:56:01:b6:5b:77:5e:9f:17:61:e5:
         4a:39:da:e2:e9:7c:b4:73:7b:1c:02:38:1b:0c:7e:f7:63:bd:
         d3:90:c0:9f:8b:ab:70:e0:42:60:e5:fa:ac:ca:b7:37:9d:8b:
         6c:d3:fd:fd:c5:3d:f4:a0:8a:59:fa:1b:2e:65:0b:0e:11:2f:
         77:c7:ac:3d:40:f9:0f:56:57:f3:d5:89:41:12:fa:20:cb:90:
         ed:9d:78:d4:0d:23:b1:4f:ea:e1:ed:94:63:46:9e:55:57:a9:
         a3:8b:68:72:9c:19:3e:7a:cc:55:b5:58:8c:45:1f:3c:87:75:
         0e:00:6c:b8:2f:8a:68:95:4d:51:36:68:3f:ad:be:35:9a:b7:
         c6:ef:40:4d:ad:f5:e5:7d:c4:4c:3d:a9:e3:51:ae:4e:7f:28:
         e6:4d:48:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPUfaRs99nEvXxEwMsQ9ZBKcaBwYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI2MDAwMDAwWhcNMjMwNzMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YTJjNjY0MWNkYjQ5ZTYyMWQ1YzdkNDYwYzg3NGFjZDFl
MWJlMDRkYTY0MGQwYjE1YmVjYjI0MDAyYTg5YmU1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCISBULXEQpZfhtXFuVMzsqWIdXI5pLx2N5u2lptUmAfbkG
B3b60kVDMo9mSShQwwr9jQHMv2gecvcgzKOrz/PTt8JKXvHMYCbmeTCW0hOnPrq0
mZ8SWbtuMEw3F3NJVEefUb4SpXteLJcLri+nZhqbyHZSZuO3S4AOSChk8G/fw3W8
97Xgoq3fzAtVd5RAhIx+axgAHZOyeXJkengE5Do9B8T35usAIRN1MV8hLAPBliM5
dP3WxYNFWd4QvoHvikqMV9y08tcdqP2fTIrikDnZ8N+7ciX0tl4E1Hnlnp9wlhO8
30zOPUp4RonKEL9NdtttkiWcWYFXXXCH8XOUHcVlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHOYqeb/sd4n6ptXy3zr4ZJuIN7wwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I4ZGM0NTQyLTcwNjEtNDY0Zi1hNTBmLTQxNWQ4NzA3N2NmZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABI4Evyx1eIYxF+kttJMa5DCInDl
sZ7FH4vWywkMkof8gMfuy7BSgjB6TTU8GPQnNvImI4S3g/jD4TPX6WCR9hfvO9ck
GRlUawOcT1bbJhfNUYZ3fWkRuwo7mGY9hC1kiNPjVgG2W3denxdh5Uo52uLpfLRz
exwCOBsMfvdjvdOQwJ+Lq3DgQmDl+qzKtzedi2zT/f3FPfSgiln6Gy5lCw4RL3fH
rD1A+Q9WV/PViUES+iDLkO2deNQNI7FP6uHtlGNGnlVXqaOLaHKcGT56zFW1WIxF
HzyHdQ4AbLgvimiVTVE2aD+tvjWat8bvQE2t9eV9xEw9qeNRrk5/KOZNSDI=
-----END CERTIFICATE-----