Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd74343c-dcd1-43d0-9829-b283bb856ce0.roa
File:                     cd74343c-dcd1-43d0-9829-b283bb856ce0.roa (raw, json)
Hash identifier:          JV3fVyEwyG/Cw20WoTM0t8qktoohj57Bmk8cworF6f4=
Subject key identifier:   2C:D1:93:68:02:8C:1F:7C:12:1D:EA:27:BB:08:83:0B:6F:CA:A3:70
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       77D964B599FF604D2F6A3835BCC5458CC306713E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd74343c-dcd1-43d0-9829-b283bb856ce0.roa
Signing time:             Tue 11 Jul 2023 00:00:00 +0000
ROA not before:           Tue 11 Jul 2023 00:00:00 +0000
ROA not after:            Tue 15 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:d9:64:b5:99:ff:60:4d:2f:6a:38:35:bc:c5:45:8c:c3:06:71:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 11 00:00:00 2023 GMT
            Not After : Aug 15 23:59:59 2023 GMT
        Subject: serialNumber=b1d56edb29f0d05c841fc0043b04a1482b8a76faf9e1fed371da03cc67b29f4b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2f:e0:7d:ab:9e:00:55:f7:11:f6:d5:98:e7:
                    0a:90:bf:e7:94:cb:c5:f5:81:56:6a:ff:f1:b8:e9:
                    6e:d1:b3:75:90:b6:a5:17:cf:78:73:a2:36:34:35:
                    58:4c:f7:ca:91:6e:5e:7f:29:0b:ef:8c:4d:39:4d:
                    2e:0f:9a:f5:5c:97:a2:0d:0f:f0:a6:d2:3f:bf:42:
                    c8:9f:8e:c7:5e:22:66:3b:7b:92:28:ac:e1:81:0a:
                    9f:3d:3d:20:d8:d0:9c:b7:af:9b:94:86:a2:d3:f7:
                    b8:1a:c5:11:f2:69:58:ee:19:8a:a6:85:76:22:30:
                    91:fe:be:61:57:2a:2e:c6:b8:61:ad:19:90:7b:43:
                    ab:71:7a:7c:80:e7:d3:29:80:bc:00:aa:b4:72:01:
                    9f:04:e0:9f:11:7c:6a:2c:b2:cd:8c:ee:31:8f:11:
                    02:7b:73:ba:0a:b7:cc:37:99:d8:d6:bc:f0:1d:1e:
                    88:56:61:e8:19:d0:3c:15:b7:bd:7a:d2:15:a8:42:
                    98:4e:d6:99:e9:3a:ab:e5:9d:38:7a:86:2d:92:42:
                    1d:16:42:e7:df:03:38:f9:4f:5d:b0:f5:b8:81:f6:
                    9a:f5:92:c8:99:a6:b9:92:fe:c9:59:b9:bb:6a:af:
                    50:66:68:3b:0d:7a:08:11:67:ee:88:3e:1c:d5:9e:
                    6c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:D1:93:68:02:8C:1F:7C:12:1D:EA:27:BB:08:83:0B:6F:CA:A3:70
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd74343c-dcd1-43d0-9829-b283bb856ce0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:3c:e9:4c:3f:bc:03:e3:4c:10:22:1e:9b:bd:44:b6:e7:a4:
         9a:a1:6c:1f:35:ce:95:00:bf:9a:36:02:fb:ab:a6:db:64:ef:
         6e:9f:53:44:18:7f:c0:d4:af:d2:f8:6a:f7:e7:cd:b9:e3:f0:
         fa:63:a0:04:15:e7:6a:e4:32:e5:03:49:6b:ff:1b:05:59:e5:
         5e:59:db:6c:d2:2c:c8:dc:5b:42:5b:cd:9c:fc:f0:5f:0c:2b:
         b4:f1:f6:28:85:40:32:9e:92:fc:71:15:d6:ca:49:eb:1f:ae:
         6e:e6:48:3a:50:d7:a6:8b:27:c6:24:21:94:44:9b:31:7a:f3:
         ef:a9:54:1b:9e:b4:65:c7:c7:33:bb:22:f3:d0:94:32:b8:67:
         1c:63:8d:9f:33:ba:ae:cf:b9:67:6f:4b:e2:b9:77:d8:15:4a:
         95:36:9b:36:fd:7d:3f:b7:b1:64:25:ca:1b:2a:32:a7:4f:c2:
         ef:de:e2:47:02:bb:1d:93:6e:d1:cf:6b:95:13:e8:49:ed:f4:
         54:e9:88:be:1d:2e:98:67:c0:03:31:20:9d:a7:9a:96:40:73:
         e2:0a:7d:f4:5f:cb:94:f3:9b:38:b6:c2:7d:34:82:1e:58:f7:
         00:79:8a:b4:9a:cd:75:2f:3b:0e:b0:6b:b4:5a:a4:4a:3f:cb:
         fc:04:41:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd9lktZn/YE0vajg1vMVFjMMGcT4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzExMDAwMDAwWhcNMjMwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMWQ1NmVkYjI5ZjBkMDVjODQxZmMwMDQzYjA0YTE0ODJi
OGE3NmZhZjllMWZlZDM3MWRhMDNjYzY3YjI5ZjRiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7L+B9q54AVfcR9tWY5wqQv+eUy8X1gVZq//G46W7Rs3WQ
tqUXz3hzojY0NVhM98qRbl5/KQvvjE05TS4PmvVcl6IND/Cm0j+/QsifjsdeImY7
e5IorOGBCp89PSDY0Jy3r5uUhqLT97gaxRHyaVjuGYqmhXYiMJH+vmFXKi7GuGGt
GZB7Q6txenyA59MpgLwAqrRyAZ8E4J8RfGosss2M7jGPEQJ7c7oKt8w3mdjWvPAd
HohWYegZ0DwVt7160hWoQphO1pnpOqvlnTh6hi2SQh0WQuffAzj5T12w9biB9pr1
ksiZprmS/slZubtqr1BmaDsNeggRZ+6IPhzVnmxNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULNGTaAKMH3wSHeonuwiDC2/Ko3AwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NkNzQzNDNjLWRjZDEtNDNkMC05ODI5LWIyODNiYjg1NmNlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHQ86Uw/vAPjTBAiHpu9RLbnpJqh
bB81zpUAv5o2Avurpttk726fU0QYf8DUr9L4avfnzbnj8PpjoAQV52rkMuUDSWv/
GwVZ5V5Z22zSLMjcW0JbzZz88F8MK7Tx9iiFQDKekvxxFdbKSesfrm7mSDpQ16aL
J8YkIZREmzF68++pVBuetGXHxzO7IvPQlDK4ZxxjjZ8zuq7PuWdvS+K5d9gVSpU2
mzb9fT+3sWQlyhsqMqdPwu/e4kcCux2TbtHPa5UT6Ent9FTpiL4dLphnwAMxIJ2n
mpZAc+IKffRfy5Tzmzi2wn00gh5Y9wB5irSazXUvOw6wa7RapEo/y/wEQZI=
-----END CERTIFICATE-----