Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cbf3293f-223d-4c70-94d5-c0a01a4addea.roa
File:                     cbf3293f-223d-4c70-94d5-c0a01a4addea.roa (raw, json)
Hash identifier:          aoviiPL2JIKpSODXBE0cY/ZUr9cfS7+vMivRKcGFh2A=
Subject key identifier:   E8:FA:50:4A:C8:CF:A7:9B:5B:EA:B8:27:6E:AD:85:17:04:42:70:85
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       50EF32237AEFE8DF26922DC52249AF9B07DF01D6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cbf3293f-223d-4c70-94d5-c0a01a4addea.roa
Signing time:             Thu 13 Jul 2023 00:00:00 +0000
ROA not before:           Thu 13 Jul 2023 00:00:00 +0000
ROA not after:            Thu 17 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:ef:32:23:7a:ef:e8:df:26:92:2d:c5:22:49:af:9b:07:df:01:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 13 00:00:00 2023 GMT
            Not After : Aug 17 23:59:59 2023 GMT
        Subject: serialNumber=8f6324d518c59867f9da5f64195c4dca811091c3210903d696d4cd2406bc22ee, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2b:cc:cb:db:8e:4c:52:f1:b1:59:bc:c4:49:
                    58:60:c8:8f:e0:d9:9c:d9:c5:aa:e6:b4:fc:68:09:
                    a0:18:af:ff:8d:a9:6c:b7:f0:f9:8a:4c:e5:e7:0c:
                    a9:b3:59:45:b9:00:cf:59:fe:2b:53:68:2a:3e:2f:
                    06:9e:71:86:48:e5:9f:26:1b:5e:9e:c9:ce:f2:e9:
                    89:96:04:01:0a:5f:83:0b:9f:7f:59:e6:a1:56:fe:
                    28:17:94:ef:3c:ce:24:fa:d8:bf:7c:11:13:ac:27:
                    3b:22:ba:70:b7:b0:6f:08:4a:bb:41:2d:75:fe:46:
                    52:64:c6:a5:87:4c:3d:20:23:31:aa:0f:8a:6d:24:
                    aa:b2:ec:1e:16:1a:ff:e7:14:c6:41:ac:df:18:99:
                    20:9c:af:cd:b7:c9:7b:50:b9:38:ae:b2:1d:29:ed:
                    e0:e0:4f:95:94:3f:ea:b4:31:ef:f8:04:66:2a:00:
                    46:84:b6:d3:39:d2:e5:07:53:fb:d4:dd:ce:bb:f7:
                    be:7a:95:41:b6:89:02:90:ff:ab:76:ac:7d:b0:de:
                    86:d2:99:ac:dc:83:8f:a0:13:12:60:95:fd:26:d8:
                    50:76:39:06:b3:dc:cb:a6:5c:78:06:70:33:6f:6c:
                    07:7a:f1:d7:4e:27:0f:a2:f0:fa:3c:4c:61:4f:41:
                    76:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:FA:50:4A:C8:CF:A7:9B:5B:EA:B8:27:6E:AD:85:17:04:42:70:85
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cbf3293f-223d-4c70-94d5-c0a01a4addea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:38:eb:b5:c3:7e:cc:0e:63:77:98:48:8c:47:f0:14:62:ff:
         87:41:79:26:2d:b6:07:d5:06:af:ac:90:fb:3a:5b:85:86:3b:
         39:bf:68:c2:ca:ed:39:6c:8b:e7:f5:ec:81:a7:48:96:c3:15:
         b3:df:e4:d3:42:8a:35:96:a6:37:2a:4f:c9:f3:f5:5d:53:5f:
         ba:8d:c8:14:e6:f0:dc:da:f7:23:ff:12:24:60:d8:71:84:fb:
         a7:e0:74:a7:87:ee:23:11:34:f1:12:cd:45:a6:08:e4:37:31:
         22:61:d1:e4:52:1c:2c:87:ec:85:e3:d0:fe:87:31:0a:00:8c:
         8e:3d:ab:cc:3e:19:bc:1c:48:3f:f5:25:81:f2:c8:e6:57:6a:
         85:27:83:eb:6a:eb:bc:4f:b8:bb:2c:85:1e:48:75:7a:42:24:
         f1:cb:77:ae:e0:8b:4d:0f:08:8b:be:62:cd:51:e8:c3:a4:b5:
         99:02:ec:50:d3:c9:1c:aa:d7:a6:78:34:4e:9c:07:b2:d3:c1:
         cd:bf:7a:60:09:d0:72:97:45:ff:72:1e:6f:16:fb:43:df:e8:
         af:44:fd:35:f4:00:61:69:c2:b5:56:38:a1:a9:5d:de:ab:d6:
         d0:c3:52:e9:ef:7d:c3:b7:f8:8c:24:29:c0:6e:15:3b:69:0e:
         e7:59:37:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUO8yI3rv6N8mki3FIkmvmwffAdYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzEzMDAwMDAwWhcNMjMwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZjYzMjRkNTE4YzU5ODY3ZjlkYTVmNjQxOTVjNGRjYTgx
MTA5MWMzMjEwOTAzZDY5NmQ0Y2QyNDA2YmMyMmVlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeK8zL245MUvGxWbzESVhgyI/g2ZzZxarmtPxoCaAYr/+N
qWy38PmKTOXnDKmzWUW5AM9Z/itTaCo+LwaecYZI5Z8mG16eyc7y6YmWBAEKX4ML
n39Z5qFW/igXlO88ziT62L98EROsJzsiunC3sG8ISrtBLXX+RlJkxqWHTD0gIzGq
D4ptJKqy7B4WGv/nFMZBrN8YmSCcr823yXtQuTiush0p7eDgT5WUP+q0Me/4BGYq
AEaEttM50uUHU/vU3c679756lUG2iQKQ/6t2rH2w3obSmazcg4+gExJglf0m2FB2
OQaz3MumXHgGcDNvbAd68ddOJw+i8Po8TGFPQXbrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6PpQSsjPp5tb6rgnbq2FFwRCcIUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NiZjMyOTNmLTIyM2QtNGM3MC05NGQ1LWMwYTAxYTRhZGRlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACY467XDfswOY3eYSIxH8BRi/4dB
eSYttgfVBq+skPs6W4WGOzm/aMLK7Tlsi+f17IGnSJbDFbPf5NNCijWWpjcqT8nz
9V1TX7qNyBTm8Nza9yP/EiRg2HGE+6fgdKeH7iMRNPESzUWmCOQ3MSJh0eRSHCyH
7IXj0P6HMQoAjI49q8w+GbwcSD/1JYHyyOZXaoUng+tq67xPuLsshR5IdXpCJPHL
d67gi00PCIu+Ys1R6MOktZkC7FDTyRyq16Z4NE6cB7LTwc2/emAJ0HKXRf9yHm8W
+0Pf6K9E/TX0AGFpwrVWOKGpXd6r1tDDUunvfcO3+IwkKcBuFTtpDudZNz0=
-----END CERTIFICATE-----