Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cf8e0559-1f72-45d3-9936-31f9c1a97a0d.roa
File:                     cf8e0559-1f72-45d3-9936-31f9c1a97a0d.roa (raw, json)
Hash identifier:          hrzuLBSdkQOhM0/qSTEmWBl38qhZtfSHoWHhL96ZjKc=
Subject key identifier:   14:54:2C:7A:4E:5E:EF:34:C5:58:92:E1:B0:81:DB:F9:61:26:37:8C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       086E0F5A5A4B56273712B6478D41C6390473D06C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cf8e0559-1f72-45d3-9936-31f9c1a97a0d.roa
Signing time:             Sun 13 Aug 2023 00:00:00 +0000
ROA not before:           Sun 13 Aug 2023 00:00:00 +0000
ROA not after:            Sun 17 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:6e:0f:5a:5a:4b:56:27:37:12:b6:47:8d:41:c6:39:04:73:d0:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 13 00:00:00 2023 GMT
            Not After : Sep 17 23:59:59 2023 GMT
        Subject: serialNumber=2082daa01d69982a097130fdcdde40b6f2b75fa69e567bc95affcb4395bd435a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:79:ec:76:eb:3c:be:1e:69:9b:6d:fa:d8:28:
                    81:4f:a2:09:f0:e7:d3:5c:50:9d:06:8f:da:e8:d5:
                    5e:9a:e3:66:fd:8d:a3:36:cc:55:26:77:f1:a8:91:
                    42:ab:da:63:5f:7b:36:57:90:b0:bb:2e:00:ca:83:
                    56:89:48:0f:f0:27:11:0f:f1:e5:7c:ec:64:dc:0a:
                    29:86:84:62:ce:14:e3:63:0a:c4:c5:ec:4e:a6:2a:
                    89:be:c7:40:e9:51:f2:cc:3c:fb:d9:40:6e:0c:bd:
                    9a:a2:10:91:ce:2b:6f:57:93:94:ea:a0:29:cb:27:
                    7f:61:87:36:4f:d2:c5:ed:8c:2e:a6:93:8f:6d:5f:
                    a6:a1:d5:86:71:7d:14:ef:12:98:8f:42:fa:e2:14:
                    a7:ce:42:c7:10:8b:3c:0a:ff:6f:1f:88:e6:42:aa:
                    a6:3c:76:e4:b7:b2:31:c9:5c:ee:57:0f:dc:3f:54:
                    03:57:8f:4d:31:71:7d:6d:a5:6a:77:e2:b3:da:84:
                    26:6e:cc:43:04:a6:3d:91:43:5c:bd:45:2f:d4:1d:
                    bc:0b:ea:57:ab:e2:aa:3b:c1:45:f4:db:40:79:4c:
                    70:cd:40:36:1a:35:77:7e:92:3c:b1:c0:74:44:34:
                    0d:73:90:87:ff:49:ed:ad:03:d3:ce:9f:82:83:df:
                    45:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:54:2C:7A:4E:5E:EF:34:C5:58:92:E1:B0:81:DB:F9:61:26:37:8C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cf8e0559-1f72-45d3-9936-31f9c1a97a0d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:05:82:a6:ab:07:41:c1:2d:58:ba:29:97:e7:0f:77:13:93:
         2d:e4:2d:c8:3d:3a:71:4c:3e:7e:de:b3:43:1d:da:fc:87:76:
         a6:6c:0b:57:b9:63:0e:d1:67:28:9a:8a:98:c3:17:8b:6c:6d:
         a9:c9:85:6e:69:59:5f:55:41:76:75:8b:c0:37:a6:97:66:7b:
         59:0b:42:85:ef:b1:bd:fa:00:1b:87:c5:4b:cb:94:fd:86:bf:
         61:4d:92:b0:3f:50:15:08:be:61:cd:88:a6:93:99:7c:a9:ad:
         c1:9e:b6:43:83:6a:3f:33:b0:b4:4d:f7:b8:d6:73:79:eb:c8:
         53:27:7d:15:fc:dc:f1:cf:61:54:d6:04:b9:ff:22:f7:44:c1:
         6f:68:ce:9d:81:da:98:e8:8d:1b:25:67:28:e8:27:33:61:59:
         45:f0:42:b6:e9:6a:02:41:01:68:43:76:b3:cc:bb:47:2f:f1:
         33:2f:a7:7b:cc:f0:f1:b8:c3:63:13:92:ca:5a:29:74:d8:dd:
         f1:2a:8b:de:30:90:34:53:f7:d6:f3:41:02:4b:87:63:88:9d:
         23:fc:f8:53:1c:c2:03:5b:d5:51:b8:0d:74:60:2e:c8:8c:d1:
         e1:ee:3e:95:8f:9a:f0:75:ed:f2:8f:7e:6f:c6:f6:f7:46:71:
         ea:7c:be:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCG4PWlpLVic3ErZHjUHGOQRz0GwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODEzMDAwMDAwWhcNMjMwOTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMDgyZGFhMDFkNjk5ODJhMDk3MTMwZmRjZGRlNDBiNmYy
Yjc1ZmE2OWU1NjdiYzk1YWZmY2I0Mzk1YmQ0MzVhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/eex26zy+HmmbbfrYKIFPognw59NcUJ0Gj9ro1V6a42b9
jaM2zFUmd/GokUKr2mNfezZXkLC7LgDKg1aJSA/wJxEP8eV87GTcCimGhGLOFONj
CsTF7E6mKom+x0DpUfLMPPvZQG4MvZqiEJHOK29Xk5TqoCnLJ39hhzZP0sXtjC6m
k49tX6ah1YZxfRTvEpiPQvriFKfOQscQizwK/28fiOZCqqY8duS3sjHJXO5XD9w/
VANXj00xcX1tpWp34rPahCZuzEMEpj2RQ1y9RS/UHbwL6ler4qo7wUX020B5THDN
QDYaNXd+kjyxwHRENA1zkIf/Se2tA9POn4KD30VnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFFQsek5e7zTFWJLhsIHb+WEmN4wwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NmOGUwNTU5LTFmNzItNDVkMy05OTM2LTMxZjljMWE5N2EwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFQFgqarB0HBLVi6KZfnD3cTky3k
Lcg9OnFMPn7es0Md2vyHdqZsC1e5Yw7RZyiaipjDF4tsbanJhW5pWV9VQXZ1i8A3
ppdme1kLQoXvsb36ABuHxUvLlP2Gv2FNkrA/UBUIvmHNiKaTmXyprcGetkODaj8z
sLRN97jWc3nryFMnfRX83PHPYVTWBLn/IvdEwW9ozp2B2pjojRslZyjoJzNhWUXw
QrbpagJBAWhDdrPMu0cv8TMvp3vM8PG4w2MTkspaKXTY3fEqi94wkDRT99bzQQJL
h2OInSP8+FMcwgNb1VG4DXRgLsiM0eHuPpWPmvB17fKPfm/G9vdGcep8vsk=
-----END CERTIFICATE-----