Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c8381a56-8a5d-4e51-9b8f-380103accf44.roa
File:                     c8381a56-8a5d-4e51-9b8f-380103accf44.roa (raw, json)
Hash identifier:          LOBOZYPmvhYNk7QlGaPnmX7nzVT5pNewIQPUgtn/x9U=
Subject key identifier:   C5:53:5B:CD:F6:28:82:E9:E2:C6:95:5D:4E:F7:B0:69:52:94:D5:33
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       35C8CBCDC7BB2DAC887E14B3DFC2A056B7EFDBB4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c8381a56-8a5d-4e51-9b8f-380103accf44.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:c8:cb:cd:c7:bb:2d:ac:88:7e:14:b3:df:c2:a0:56:b7:ef:db:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=38fe4978fc33d5ca0d4eac765f1037461094077c2ba0d56aeb14150eb6f83939, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:92:54:1f:7a:27:57:a6:1e:39:af:14:fa:c4:
                    0f:ad:c2:a5:9b:b9:92:cb:e7:14:f4:50:e8:96:33:
                    02:1d:8c:8c:91:25:1d:bd:2c:a9:1c:db:2d:15:5e:
                    27:0f:0a:52:e0:d3:dd:42:ac:0f:76:c2:bd:18:d5:
                    09:c8:6e:e9:bf:9e:09:6c:da:b7:db:f4:26:11:13:
                    19:88:b7:53:1f:1a:59:e8:5e:c9:2b:7e:a2:50:56:
                    42:c5:31:1e:45:10:cc:05:1b:3b:ee:a3:72:7a:66:
                    cd:51:40:98:2f:18:4a:2e:a3:48:e6:c1:62:a8:4c:
                    d1:5e:f1:f6:a8:3c:98:b6:06:10:32:59:7b:5e:99:
                    85:74:ee:8c:30:62:97:0c:d6:ac:46:36:7c:88:2e:
                    d6:06:43:2a:9b:8d:12:61:e8:a1:0d:65:61:d2:ca:
                    7f:f2:95:f6:20:04:7e:67:66:03:29:47:d8:1d:8a:
                    83:03:80:66:78:b1:51:95:f7:a1:2f:41:70:ed:7f:
                    b5:69:f6:6f:e9:c8:c9:e5:09:b0:3e:40:fa:e8:9b:
                    0d:13:d1:a8:c9:52:bd:ae:f6:c3:9e:ec:a4:79:bb:
                    13:80:4b:e4:d5:a1:89:a0:ad:4d:53:d3:b2:88:d0:
                    0a:9f:a2:d3:a0:0e:3d:88:08:6a:f5:f0:ce:62:67:
                    50:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:53:5B:CD:F6:28:82:E9:E2:C6:95:5D:4E:F7:B0:69:52:94:D5:33
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c8381a56-8a5d-4e51-9b8f-380103accf44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:7b:92:ed:e9:0b:d4:58:bf:b7:7d:25:42:3f:61:dd:04:10:
         00:e8:3d:3f:aa:ab:00:5d:1a:fb:84:bf:a0:b2:e1:f4:79:2d:
         ae:35:fb:9f:79:a1:15:53:24:27:41:38:4b:9f:0b:f0:86:85:
         9f:6a:7d:e8:ec:b7:00:88:28:ac:66:7f:a5:fe:ef:39:d2:e7:
         83:7f:24:a1:af:e3:70:d6:48:b1:35:3f:55:ef:b0:a0:fd:35:
         62:78:b0:04:0e:da:23:74:fd:8a:b0:14:91:82:7c:6c:ab:a1:
         ef:81:4c:72:6a:ce:90:d8:a7:0f:0c:28:01:0a:8d:9a:ed:bf:
         83:99:ee:68:ba:9b:23:2a:f3:7b:b4:06:76:05:d3:20:b9:62:
         28:b5:bc:00:db:70:1c:b7:52:9d:52:16:56:db:e7:02:3a:ef:
         7c:f4:db:ab:6f:6a:be:17:7d:9e:b2:a7:94:8e:6a:30:24:39:
         1e:01:82:db:04:46:7e:7f:5c:bf:af:65:d7:d3:2a:f2:b6:43:
         20:92:29:75:01:fb:c4:ff:f9:ca:14:38:0f:f6:16:39:c6:de:
         bf:ed:cd:72:c1:9c:aa:97:d9:59:b1:0b:48:3b:76:42:66:e8:
         22:7a:35:aa:79:b4:a4:68:16:a2:4d:86:96:ea:f0:fa:89:53:
         3a:34:28:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNcjLzce7LayIfhSz38KgVrfv27QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA4MDAwMDAwWhcNMjMxMDEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOGZlNDk3OGZjMzNkNWNhMGQ0ZWFjNzY1ZjEwMzc0NjEw
OTQwNzdjMmJhMGQ1NmFlYjE0MTUwZWI2ZjgzOTM5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtklQfeidXph45rxT6xA+twqWbuZLL5xT0UOiWMwIdjIyR
JR29LKkc2y0VXicPClLg091CrA92wr0Y1QnIbum/ngls2rfb9CYRExmIt1MfGlno
XskrfqJQVkLFMR5FEMwFGzvuo3J6Zs1RQJgvGEouo0jmwWKoTNFe8faoPJi2BhAy
WXtemYV07owwYpcM1qxGNnyILtYGQyqbjRJh6KENZWHSyn/ylfYgBH5nZgMpR9gd
ioMDgGZ4sVGV96EvQXDtf7Vp9m/pyMnlCbA+QPromw0T0ajJUr2u9sOe7KR5uxOA
S+TVoYmgrU1T07KI0AqfotOgDj2ICGr18M5iZ1BTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxVNbzfYogunixpVdTvewaVKU1TMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2M4MzgxYTU2LThhNWQtNGU1MS05YjhmLTM4MDEwM2FjY2Y0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIV7ku3pC9RYv7d9JUI/Yd0EEADo
PT+qqwBdGvuEv6Cy4fR5La41+595oRVTJCdBOEufC/CGhZ9qfejstwCIKKxmf6X+
7znS54N/JKGv43DWSLE1P1XvsKD9NWJ4sAQO2iN0/YqwFJGCfGyroe+BTHJqzpDY
pw8MKAEKjZrtv4OZ7mi6myMq83u0BnYF0yC5Yii1vADbcBy3Up1SFlbb5wI673z0
26tvar4XfZ6yp5SOajAkOR4BgtsERn5/XL+vZdfTKvK2QyCSKXUB+8T/+coUOA/2
FjnG3r/tzXLBnKqX2VmxC0g7dkJm6CJ6Nap5tKRoFqJNhpbq8PqJUzo0KI8=
-----END CERTIFICATE-----