Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bdb8fea4-c7cb-4bfe-915a-eeb520f36450.roa
File:                     bdb8fea4-c7cb-4bfe-915a-eeb520f36450.roa (raw, json)
Hash identifier:          C/pEMa1KEOub3bUPVJaybI1noni2G9tN2Dp8DNE7WM4=
Subject key identifier:   63:96:60:03:8E:C3:AC:1B:DA:D4:55:7E:55:89:C4:7C:8E:CB:D2:A3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       220481FE02D5372D2A593BFA51E4E9E19AE38A62
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bdb8fea4-c7cb-4bfe-915a-eeb520f36450.roa
Signing time:             Thu 31 Aug 2023 00:00:00 +0000
ROA not before:           Thu 31 Aug 2023 00:00:00 +0000
ROA not after:            Thu 05 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:04:81:fe:02:d5:37:2d:2a:59:3b:fa:51:e4:e9:e1:9a:e3:8a:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 31 00:00:00 2023 GMT
            Not After : Oct  5 23:59:59 2023 GMT
        Subject: serialNumber=0e5ec2b89782771c276909100a14ca2da6660e1ecc6f3dd26fac6633b6b7e44a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:ff:5d:d6:b6:16:7c:5b:6e:df:66:e6:29:41:
                    60:b4:8e:bb:7e:94:c3:85:9e:aa:ce:0a:78:26:fd:
                    05:9d:c7:4c:7b:dc:9d:6e:be:8c:c1:a2:45:40:52:
                    ad:a6:d2:38:72:cf:f4:9b:98:ed:6a:1c:95:9e:61:
                    7f:36:39:8e:d9:bc:38:89:f5:06:e5:c3:05:61:8f:
                    73:a3:39:e7:1b:20:a9:91:c6:b7:9a:89:5f:9c:bc:
                    33:60:c4:34:04:fe:b2:d8:4b:a9:51:4a:31:98:76:
                    c6:03:7b:2f:62:e9:ce:bb:64:fa:b7:6e:c2:27:6a:
                    4f:66:26:fc:a1:be:a1:80:d8:31:d8:0d:67:a5:37:
                    c9:dd:f6:a6:55:21:b4:59:3d:6f:db:f9:87:de:7f:
                    95:dd:c3:45:03:14:ab:23:ff:63:dc:9c:40:a2:6c:
                    b9:dd:59:04:16:b7:68:a1:b7:51:61:41:c4:0a:be:
                    e2:02:c7:1e:ae:98:86:92:fb:d0:83:85:a3:88:84:
                    86:fa:a8:5e:78:6d:25:f7:87:59:5e:d3:2a:b2:ee:
                    f3:5e:51:2e:1e:aa:b9:ee:7a:d5:70:83:8a:fd:05:
                    73:93:e4:70:38:38:96:bd:d7:cb:ce:33:91:d1:c1:
                    af:9d:f8:f5:9b:be:9e:90:39:98:44:f5:3c:69:28:
                    ea:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:96:60:03:8E:C3:AC:1B:DA:D4:55:7E:55:89:C4:7C:8E:CB:D2:A3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bdb8fea4-c7cb-4bfe-915a-eeb520f36450.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:b2:aa:14:eb:18:56:53:6f:f3:f7:d2:fc:12:16:da:46:35:
         a0:65:23:5f:09:2b:e6:00:c2:ad:0f:fc:57:ec:8f:53:80:96:
         b6:08:e9:5b:fc:48:95:50:3c:45:3f:d8:ec:8f:aa:4f:03:ad:
         f0:e7:ef:03:86:cb:91:00:fa:bc:bb:74:78:8f:be:55:00:66:
         c3:d7:0d:42:bb:81:f9:73:e5:55:d2:c1:8c:a4:24:41:28:e0:
         75:f8:49:5e:66:d1:e6:b7:7f:9a:12:e8:e1:b5:fc:e9:af:a4:
         69:34:6b:1b:d0:d6:d3:03:4c:91:c8:71:e3:e4:8f:af:4d:2e:
         5c:1f:c2:f3:93:c4:d3:ee:11:f3:f9:7d:87:a8:ab:8a:7a:e0:
         80:ca:fa:c8:76:f8:12:7d:23:3a:00:a0:c2:af:0f:a2:28:7a:
         8f:7b:65:00:b6:f2:2f:70:79:27:46:5b:21:e4:95:9d:cf:f1:
         63:09:38:1f:50:3c:34:8e:18:91:3b:98:1e:f5:cd:90:cb:9c:
         1f:8b:3a:5a:be:7a:7c:c6:b8:60:e7:17:84:d3:9a:d8:35:41:
         8f:c5:ab:f8:a9:af:1e:d9:1c:de:6b:16:5d:59:63:4a:1c:06:
         d7:21:12:b2:79:0f:61:68:b6:14:72:cb:e5:e8:0f:b2:13:8b:
         50:20:03:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIgSB/gLVNy0qWTv6UeTp4ZrjimIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODMxMDAwMDAwWhcNMjMxMDA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZTVlYzJiODk3ODI3NzFjMjc2OTA5MTAwYTE0Y2EyZGE2
NjYwZTFlY2M2ZjNkZDI2ZmFjNjYzM2I2YjdlNDRhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD1/13WthZ8W27fZuYpQWC0jrt+lMOFnqrOCngm/QWdx0x7
3J1uvozBokVAUq2m0jhyz/SbmO1qHJWeYX82OY7ZvDiJ9QblwwVhj3OjOecbIKmR
xreaiV+cvDNgxDQE/rLYS6lRSjGYdsYDey9i6c67ZPq3bsInak9mJvyhvqGA2DHY
DWelN8nd9qZVIbRZPW/b+Yfef5Xdw0UDFKsj/2PcnECibLndWQQWt2iht1FhQcQK
vuICxx6umIaS+9CDhaOIhIb6qF54bSX3h1le0yqy7vNeUS4eqrnuetVwg4r9BXOT
5HA4OJa918vOM5HRwa+d+PWbvp6QOZhE9TxpKOofAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY5ZgA47DrBva1FV+VYnEfI7L0qMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JkYjhmZWE0LWM3Y2ItNGJmZS05MTVhLWVlYjUyMGYzNjQ1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJmyqhTrGFZTb/P30vwSFtpGNaBl
I18JK+YAwq0P/Ffsj1OAlrYI6Vv8SJVQPEU/2OyPqk8DrfDn7wOGy5EA+ry7dHiP
vlUAZsPXDUK7gflz5VXSwYykJEEo4HX4SV5m0ea3f5oS6OG1/OmvpGk0axvQ1tMD
TJHIcePkj69NLlwfwvOTxNPuEfP5fYeoq4p64IDK+sh2+BJ9IzoAoMKvD6Ioeo97
ZQC28i9weSdGWyHklZ3P8WMJOB9QPDSOGJE7mB71zZDLnB+LOlq+enzGuGDnF4TT
mtg1QY/Fq/iprx7ZHN5rFl1ZY0ocBtchErJ5D2FothRyy+XoD7ITi1AgA00=
-----END CERTIFICATE-----