Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c02c4801-ae7d-4e62-a9db-fe11335ded2c.roa
File:                     c02c4801-ae7d-4e62-a9db-fe11335ded2c.roa (raw, json)
Hash identifier:          uTE0FSRppsN9gHhGplaG6MeEgUdfd39qDAz3qeUv+6s=
Subject key identifier:   32:1E:3C:A2:18:34:1C:D8:10:26:75:24:63:57:73:85:FA:65:B7:9D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       757E69A59C7D6C69213E2E392C823067AFBAA32B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c02c4801-ae7d-4e62-a9db-fe11335ded2c.roa
Signing time:             Thu 24 Aug 2023 00:00:00 +0000
ROA not before:           Thu 24 Aug 2023 00:00:00 +0000
ROA not after:            Thu 28 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:7e:69:a5:9c:7d:6c:69:21:3e:2e:39:2c:82:30:67:af:ba:a3:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 24 00:00:00 2023 GMT
            Not After : Sep 28 23:59:59 2023 GMT
        Subject: serialNumber=a5c681d9cf1234ac2fc9604dc9c96dcc18f496eff156f90a69c2161cdee00ca2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cf:fb:79:f1:28:1b:cc:11:1b:53:24:ae:68:
                    02:0f:c8:e6:4b:49:8b:84:6e:c0:07:ff:51:35:06:
                    54:3d:31:cc:eb:36:f0:4e:9f:b9:c6:38:31:e6:99:
                    d0:8a:41:06:78:b8:bc:24:58:db:d7:3b:55:8b:2b:
                    b3:49:2e:57:9e:5a:a7:6a:20:1b:ad:45:14:e7:d7:
                    d1:64:59:b6:94:b9:da:ac:7f:db:4d:0c:3e:f7:32:
                    e9:99:1e:e0:e6:0a:2a:9b:93:e5:9b:22:38:3d:8c:
                    87:55:88:56:f9:06:3f:df:66:35:13:fa:7f:b1:d0:
                    13:14:72:66:83:df:1e:5f:0a:f1:cd:b9:38:0d:a3:
                    46:a4:4a:78:d5:a4:24:1b:5c:1b:31:ca:3e:0d:4a:
                    da:3f:16:7e:85:e9:ee:36:91:9f:11:86:9c:38:22:
                    91:16:d0:08:c8:8d:5a:59:5a:84:97:a3:d8:25:36:
                    4d:9f:ac:72:9e:80:4d:78:04:51:bf:62:d4:10:77:
                    16:50:a9:fc:fd:3c:2a:0d:3f:e5:7d:b3:76:da:2b:
                    08:1d:d0:d0:c9:81:4b:60:c4:82:b9:0f:4a:14:84:
                    be:ca:56:23:1a:a4:e3:66:62:9d:b7:ce:43:f8:c9:
                    46:35:97:bd:d0:2d:95:33:d8:e4:fc:33:cd:7f:70:
                    e8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:1E:3C:A2:18:34:1C:D8:10:26:75:24:63:57:73:85:FA:65:B7:9D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c02c4801-ae7d-4e62-a9db-fe11335ded2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:80:b5:6e:9c:b5:5c:d2:71:29:0f:66:3e:05:bd:a9:3b:27:
         f4:2e:ad:17:52:60:a3:9a:1c:1d:16:cd:93:f1:31:26:57:f1:
         ee:4d:47:3b:15:e8:8a:d5:e8:90:27:d6:d2:6c:e5:78:f5:5b:
         53:f6:e4:20:1f:62:bd:4b:1d:45:df:ca:a7:a5:8e:d3:7d:a2:
         7d:2f:cc:fb:dc:d4:bc:42:3e:b6:3e:75:d7:c3:19:b8:17:ef:
         b0:69:e9:0c:3f:18:47:c1:48:81:b0:cb:24:9e:a7:eb:85:60:
         f5:19:19:75:e6:e3:04:83:20:01:fa:c0:3c:06:40:ee:80:6d:
         f9:f9:51:10:32:dd:dc:44:e0:a7:1e:f5:58:b9:a5:7e:5e:60:
         66:ba:8f:fe:82:cc:d4:5a:5a:66:55:3a:4e:4e:2c:5c:5d:3e:
         c2:5e:fc:db:ef:06:ce:69:28:9f:d0:27:1f:43:84:0d:6f:37:
         45:73:dc:16:da:1e:03:a9:e1:79:76:62:db:42:da:89:9d:02:
         dd:87:55:b0:44:50:b7:ae:9c:c6:aa:a9:42:61:a4:15:1b:82:
         de:76:92:90:93:13:6f:86:fb:56:53:56:8a:c9:61:d4:34:20:
         5b:75:c1:28:f5:fd:ae:08:7e:8d:03:b4:1c:a9:79:d6:38:b6:
         45:5c:b8:b3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdX5ppZx9bGkhPi45LIIwZ6+6oyswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI0MDAwMDAwWhcNMjMwOTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNWM2ODFkOWNmMTIzNGFjMmZjOTYwNGRjOWM5NmRjYzE4
ZjQ5NmVmZjE1NmY5MGE2OWMyMTYxY2RlZTAwY2EyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrz/t58SgbzBEbUySuaAIPyOZLSYuEbsAH/1E1BlQ9Mczr
NvBOn7nGODHmmdCKQQZ4uLwkWNvXO1WLK7NJLleeWqdqIButRRTn19FkWbaUudqs
f9tNDD73MumZHuDmCiqbk+WbIjg9jIdViFb5Bj/fZjUT+n+x0BMUcmaD3x5fCvHN
uTgNo0akSnjVpCQbXBsxyj4NSto/Fn6F6e42kZ8Rhpw4IpEW0AjIjVpZWoSXo9gl
Nk2frHKegE14BFG/YtQQdxZQqfz9PCoNP+V9s3baKwgd0NDJgUtgxIK5D0oUhL7K
ViMapONmYp23zkP4yUY1l73QLZUz2OT8M81/cOgtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMh48ohg0HNgQJnUkY1dzhfplt50wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2MwMmM0ODAxLWFlN2QtNGU2Mi1hOWRiLWZlMTEzMzVkZWQyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADOAtW6ctVzScSkPZj4Fvak7J/Qu
rRdSYKOaHB0WzZPxMSZX8e5NRzsV6IrV6JAn1tJs5Xj1W1P25CAfYr1LHUXfyqel
jtN9on0vzPvc1LxCPrY+ddfDGbgX77Bp6Qw/GEfBSIGwyySep+uFYPUZGXXm4wSD
IAH6wDwGQO6Abfn5URAy3dxE4Kce9Vi5pX5eYGa6j/6CzNRaWmZVOk5OLFxdPsJe
/NvvBs5pKJ/QJx9DhA1vN0Vz3BbaHgOp4Xl2YttC2omdAt2HVbBEULeunMaqqUJh
pBUbgt52kpCTE2+G+1ZTVorJYdQ0IFt1wSj1/a4Ifo0DtBypedY4tkVcuLM=
-----END CERTIFICATE-----