Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c64f3780-636b-4fe7-ba65-e1cf9287ca83.roa
File:                     c64f3780-636b-4fe7-ba65-e1cf9287ca83.roa (raw, json)
Hash identifier:          yMtKrdeGu9TFthyEjHfl7LQoKKZB6GuMMoBPZ6TErZ4=
Subject key identifier:   D8:CB:12:65:A2:EF:01:B2:DF:78:B3:2F:0E:F5:9D:18:DD:F1:25:74
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       536C1659958891B5ED9BE35BCCA0554B9C2DA8AD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c64f3780-636b-4fe7-ba65-e1cf9287ca83.roa
Signing time:             Thu 20 Jul 2023 00:00:00 +0000
ROA not before:           Thu 20 Jul 2023 00:00:00 +0000
ROA not after:            Thu 24 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:6c:16:59:95:88:91:b5:ed:9b:e3:5b:cc:a0:55:4b:9c:2d:a8:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 20 00:00:00 2023 GMT
            Not After : Aug 24 23:59:59 2023 GMT
        Subject: serialNumber=13cf4a1648007c96eeab71e499dd4b093ea497d2bc3a914e9909833dc7aca0e4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a5:98:aa:77:53:a9:0b:4f:70:49:9e:49:de:
                    40:e6:a5:9b:16:98:10:f2:1b:11:78:ca:84:3c:c3:
                    f8:2c:fc:61:8e:67:2a:3c:b9:a5:17:db:f8:f6:7c:
                    6f:0e:d6:5c:dc:bb:89:b0:fe:2a:d4:6d:50:80:a0:
                    fe:cb:73:ae:35:3c:63:3e:d4:65:30:9f:f3:d8:ca:
                    9e:03:97:83:da:56:4f:5b:b1:0b:2d:be:bd:55:07:
                    d5:c7:29:1b:fa:3e:38:d2:0b:50:7d:88:d1:26:89:
                    a6:47:23:e0:38:eb:7d:6c:50:00:f3:a4:6b:13:47:
                    6b:4b:5e:f4:f7:fd:75:e2:81:3c:6c:f5:23:4d:20:
                    d8:f9:ae:6c:5d:3c:fe:f7:81:0d:f6:a0:02:85:d1:
                    29:b6:c8:39:a4:51:70:5c:83:f8:60:d3:b6:61:f4:
                    de:fd:9d:7c:b0:28:45:80:d2:34:c5:d9:08:a3:69:
                    85:ea:ce:df:58:4c:07:1c:86:fb:8e:45:73:86:dd:
                    0c:98:59:70:be:a1:8f:b6:09:aa:b1:d2:12:ed:e6:
                    32:ec:41:1d:6f:2e:9a:db:cf:43:5f:dd:96:c8:84:
                    3f:11:62:dd:d4:8a:46:f7:bc:f6:83:5c:43:58:3e:
                    97:49:3e:ea:f2:04:25:b6:24:ce:bb:6d:c4:95:f0:
                    f5:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:CB:12:65:A2:EF:01:B2:DF:78:B3:2F:0E:F5:9D:18:DD:F1:25:74
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c64f3780-636b-4fe7-ba65-e1cf9287ca83.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:63:16:d2:bb:03:ca:d5:c2:03:de:34:27:b5:b3:b1:1b:9a:
         1d:1a:ab:b0:71:54:f1:0e:2c:58:4e:88:5a:21:a4:e0:ca:78:
         27:a8:78:e1:6b:06:5b:0f:d0:f9:72:4a:75:65:ca:62:ea:c7:
         82:0b:94:0d:db:67:fd:ae:0b:aa:e3:45:8a:e1:3a:29:b7:3b:
         b0:e6:10:4b:21:c0:96:72:2f:3b:0a:15:fe:b0:c4:62:58:81:
         e1:a1:57:c3:5c:fa:f8:b6:0c:5a:d9:a1:93:b1:b1:33:4a:e7:
         b9:bd:59:21:2d:c3:bf:55:fe:07:a4:96:fe:42:64:a5:fc:7e:
         55:4d:b2:81:93:f4:93:58:13:6b:d5:3f:d8:55:3f:89:1b:b2:
         23:cb:ba:50:3c:cd:27:4e:84:60:c1:09:95:3d:a0:86:52:07:
         fd:99:1c:29:b0:c1:c8:4a:c1:f3:6c:e8:d5:db:53:c8:c6:a9:
         93:d0:b2:e2:e7:11:03:e9:3f:0d:b1:96:c9:12:a4:f2:f2:8f:
         7f:a3:93:71:60:68:09:f7:80:7d:e0:25:9d:43:ce:18:26:05:
         d8:52:c9:2d:46:c7:7a:7f:0f:de:a3:25:bc:57:c2:71:91:51:
         ad:65:9d:65:c5:d2:6b:33:ac:30:36:2a:4b:06:87:4a:cd:1b:
         f0:da:4e:4b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU2wWWZWIkbXtm+NbzKBVS5wtqK0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzIwMDAwMDAwWhcNMjMwODI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxM2NmNGExNjQ4MDA3Yzk2ZWVhYjcxZTQ5OWRkNGIwOTNl
YTQ5N2QyYmMzYTkxNGU5OTA5ODMzZGM3YWNhMGU0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7pZiqd1OpC09wSZ5J3kDmpZsWmBDyGxF4yoQ8w/gs/GGO
Zyo8uaUX2/j2fG8O1lzcu4mw/irUbVCAoP7Lc641PGM+1GUwn/PYyp4Dl4PaVk9b
sQstvr1VB9XHKRv6PjjSC1B9iNEmiaZHI+A4631sUADzpGsTR2tLXvT3/XXigTxs
9SNNINj5rmxdPP73gQ32oAKF0Sm2yDmkUXBcg/hg07Zh9N79nXywKEWA0jTF2Qij
aYXqzt9YTAcchvuORXOG3QyYWXC+oY+2Caqx0hLt5jLsQR1vLprbz0Nf3ZbIhD8R
Yt3Uikb3vPaDXENYPpdJPuryBCW2JM67bcSV8PXJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2MsSZaLvAbLfeLMvDvWdGN3xJXQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2M2NGYzNzgwLTYzNmItNGZlNy1iYTY1LWUxY2Y5Mjg3Y2E4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIVjFtK7A8rVwgPeNCe1s7Ebmh0a
q7BxVPEOLFhOiFohpODKeCeoeOFrBlsP0PlySnVlymLqx4ILlA3bZ/2uC6rjRYrh
Oim3O7DmEEshwJZyLzsKFf6wxGJYgeGhV8Nc+vi2DFrZoZOxsTNK57m9WSEtw79V
/geklv5CZKX8flVNsoGT9JNYE2vVP9hVP4kbsiPLulA8zSdOhGDBCZU9oIZSB/2Z
HCmwwchKwfNs6NXbU8jGqZPQsuLnEQPpPw2xlskSpPLyj3+jk3FgaAn3gH3gJZ1D
zhgmBdhSyS1Gx3p/D96jJbxXwnGRUa1lnWXF0mszrDA2KksGh0rNG/DaTks=
-----END CERTIFICATE-----