Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d1bc60a0-1de6-49a0-9e6c-1c699e0a6ddf.roa
File:                     d1bc60a0-1de6-49a0-9e6c-1c699e0a6ddf.roa (raw, json)
Hash identifier:          q4WDoJ91g90WbeUMMAQvVmtOGu8JpIqionqZ7zNzzrA=
Subject key identifier:   F6:B4:B0:A5:FF:8E:86:CE:A5:BF:0C:D3:93:EA:28:EC:FA:EC:A0:95
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7B26F56C272CED13588D46F38483EABC7EC7874B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d1bc60a0-1de6-49a0-9e6c-1c699e0a6ddf.roa
Signing time:             Thu 22 Jun 2023 00:00:00 +0000
ROA not before:           Thu 22 Jun 2023 00:00:00 +0000
ROA not after:            Thu 27 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:26:f5:6c:27:2c:ed:13:58:8d:46:f3:84:83:ea:bc:7e:c7:87:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 22 00:00:00 2023 GMT
            Not After : Jul 27 23:59:59 2023 GMT
        Subject: serialNumber=3f5613df40886f9268c676d3efe68883874ef3e01e42d481d3f5854cfcb11951, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:db:98:49:e7:30:df:2b:01:a1:a8:4e:f6:c8:
                    d9:a7:2c:28:a8:dd:80:57:1e:0b:b3:21:48:9e:ce:
                    1f:3c:cb:e3:27:db:0c:5a:50:3b:dc:14:a2:ae:31:
                    0a:3f:e7:c7:74:07:83:67:3b:da:ab:ee:29:9d:23:
                    ca:80:91:e7:a1:df:34:b6:ca:da:d9:98:b3:ca:ed:
                    49:6b:a8:aa:94:5a:bf:65:c8:d2:aa:c2:27:59:5d:
                    22:a2:ec:d0:d8:52:97:de:f4:13:3b:99:82:e7:9b:
                    3c:59:35:c8:db:fe:cb:21:5c:b8:d9:8e:69:1c:c2:
                    05:c7:28:03:d0:ef:4a:a1:88:d9:1c:71:d0:1d:9e:
                    69:a6:ec:21:4d:d5:ab:36:83:46:fe:b1:12:3f:f7:
                    5d:ed:65:6e:c8:04:7d:4a:09:a1:1c:de:71:33:1f:
                    e7:83:19:d1:b0:14:27:12:69:22:d2:ed:61:0f:13:
                    8b:b5:a5:d8:f5:1a:d9:05:6a:24:d5:bb:a8:72:3d:
                    56:96:25:49:d9:e7:27:5b:83:11:da:e6:7e:ad:4f:
                    da:43:ed:38:0e:47:e4:da:1b:1b:b6:8f:61:f3:40:
                    1d:19:75:7e:a9:e2:c7:96:01:40:8f:2b:fa:ea:bf:
                    e2:b0:0a:39:2b:ec:d8:40:cf:c8:61:51:3e:ef:98:
                    8c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:B4:B0:A5:FF:8E:86:CE:A5:BF:0C:D3:93:EA:28:EC:FA:EC:A0:95
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d1bc60a0-1de6-49a0-9e6c-1c699e0a6ddf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:6b:71:df:68:73:67:23:33:d9:97:32:66:04:08:c8:cc:99:
         e2:fc:b4:d8:b5:23:39:3e:ae:0b:85:0d:53:5b:ca:6c:c6:74:
         45:f8:1b:84:27:03:dc:30:fb:05:c6:1b:52:90:9d:e4:4a:0d:
         55:84:cf:02:3b:51:cb:f0:ad:09:0e:66:6c:bb:e1:84:51:45:
         b0:26:8e:64:96:d6:c9:38:c1:45:56:5d:51:b6:68:6d:a2:e1:
         15:98:a4:f3:be:9d:34:5b:6b:25:3c:99:4e:8c:7f:ba:75:88:
         7b:14:53:21:3f:a0:f8:32:45:f7:1e:56:7a:c1:4c:2b:c4:40:
         cd:ec:4a:1b:e9:fa:e1:35:93:ab:e5:3e:56:1d:d5:39:98:a9:
         b9:7a:68:36:0b:6e:02:dd:0d:64:2e:f8:a1:36:c0:6a:94:5b:
         00:35:13:0d:7e:3d:b0:df:27:32:8a:b4:1b:ec:60:81:4c:c9:
         5d:5e:eb:7e:85:39:05:d0:71:c5:3f:0a:d1:ed:69:4f:7e:a1:
         9a:da:b6:57:74:17:8b:45:e3:dc:8b:c8:72:7e:90:96:93:82:
         24:ef:4a:f2:9d:f4:b1:5c:9e:49:85:8a:31:d7:1c:d5:91:6d:
         e7:e8:34:5c:69:c9:d7:ef:c2:7e:e0:d7:ba:f0:22:2b:d2:3c:
         08:d6:94:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeyb1bCcs7RNYjUbzhIPqvH7Hh0swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjIyMDAwMDAwWhcNMjMwNzI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZjU2MTNkZjQwODg2ZjkyNjhjNjc2ZDNlZmU2ODg4Mzg3
NGVmM2UwMWU0MmQ0ODFkM2Y1ODU0Y2ZjYjExOTUxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCT25hJ5zDfKwGhqE72yNmnLCio3YBXHguzIUiezh88y+Mn
2wxaUDvcFKKuMQo/58d0B4NnO9qr7imdI8qAkeeh3zS2ytrZmLPK7UlrqKqUWr9l
yNKqwidZXSKi7NDYUpfe9BM7mYLnmzxZNcjb/sshXLjZjmkcwgXHKAPQ70qhiNkc
cdAdnmmm7CFN1as2g0b+sRI/913tZW7IBH1KCaEc3nEzH+eDGdGwFCcSaSLS7WEP
E4u1pdj1GtkFaiTVu6hyPVaWJUnZ5ydbgxHa5n6tT9pD7TgOR+TaGxu2j2HzQB0Z
dX6p4seWAUCPK/rqv+KwCjkr7NhAz8hhUT7vmIzHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9rSwpf+Ohs6lvwzTk+oo7PrsoJUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QxYmM2MGEwLTFkZTYtNDlhMC05ZTZjLTFjNjk5ZTBhNmRkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEVrcd9oc2cjM9mXMmYECMjMmeL8
tNi1Izk+rguFDVNbymzGdEX4G4QnA9ww+wXGG1KQneRKDVWEzwI7UcvwrQkOZmy7
4YRRRbAmjmSW1sk4wUVWXVG2aG2i4RWYpPO+nTRbayU8mU6Mf7p1iHsUUyE/oPgy
RfceVnrBTCvEQM3sShvp+uE1k6vlPlYd1TmYqbl6aDYLbgLdDWQu+KE2wGqUWwA1
Ew1+PbDfJzKKtBvsYIFMyV1e636FOQXQccU/CtHtaU9+oZratld0F4tF49yLyHJ+
kJaTgiTvSvKd9LFcnkmFijHXHNWRbefoNFxpydfvwn7g17rwIivSPAjWlK0=
-----END CERTIFICATE-----