Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d90ae624-8402-4f73-9bc6-6252c04d58b6.roa
File:                     d90ae624-8402-4f73-9bc6-6252c04d58b6.roa (raw, json)
Hash identifier:          n2TMpelXn+S5ZbqfrY9nY450tkfhkkxELWAXKn7Uz6Y=
Subject key identifier:   36:30:C3:2D:C4:D3:21:35:79:D9:D8:33:AD:0F:3F:B6:98:AA:1C:26
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6D02076BBC62E5C381C97338067DC10E689108B0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d90ae624-8402-4f73-9bc6-6252c04d58b6.roa
Signing time:             Fri 18 Aug 2023 00:00:00 +0000
ROA not before:           Fri 18 Aug 2023 00:00:00 +0000
ROA not after:            Fri 22 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:02:07:6b:bc:62:e5:c3:81:c9:73:38:06:7d:c1:0e:68:91:08:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 18 00:00:00 2023 GMT
            Not After : Sep 22 23:59:59 2023 GMT
        Subject: serialNumber=68c83799f0ae00d46cd8d184984b898fff7016f5b978f59766121df6032221ef, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fe:aa:18:3b:51:5d:e5:c3:25:a8:1f:40:81:
                    3a:8a:7a:99:95:30:6c:8d:08:b3:d6:fb:c5:e9:6b:
                    c6:cc:5f:4f:1b:bc:1b:31:0e:bd:cc:13:c9:97:97:
                    14:b6:80:cc:b4:82:7d:14:a5:34:4a:0d:23:54:1c:
                    c3:ee:ed:4b:de:82:09:3c:76:80:79:a2:8e:3a:e5:
                    32:e4:60:72:c4:3a:6d:3a:c9:ce:d8:5d:7d:4e:66:
                    22:1b:4d:b2:db:4d:6a:25:39:10:0e:cf:db:07:b1:
                    e9:0a:89:11:a5:07:ee:73:dd:51:98:c3:7a:4d:1a:
                    61:f7:13:71:86:33:f1:95:8e:a7:2e:5b:e0:e3:46:
                    ee:00:72:a0:9b:02:9d:6f:c2:fd:57:7e:70:06:33:
                    88:57:39:86:a6:5b:e9:e3:31:ce:fa:c2:6d:00:11:
                    5b:d0:92:d0:52:84:2a:c8:a5:03:b2:f0:bd:61:46:
                    94:1b:1f:06:b2:0f:09:66:3b:d1:a0:a4:e0:ef:e0:
                    90:12:d8:9e:4e:61:4d:ad:c4:bd:b9:f8:ba:61:48:
                    b5:38:29:1f:d2:de:17:61:6b:6e:40:a7:aa:31:de:
                    2f:36:b1:55:80:d1:a5:15:fc:a0:10:cb:e5:a8:e5:
                    20:6e:39:be:70:c0:6b:df:09:bb:7c:95:d8:a3:38:
                    d3:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:30:C3:2D:C4:D3:21:35:79:D9:D8:33:AD:0F:3F:B6:98:AA:1C:26
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d90ae624-8402-4f73-9bc6-6252c04d58b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:13:90:d1:ad:11:42:00:b9:1b:15:14:d7:df:1c:87:20:d2:
         6e:70:67:87:4b:26:1a:0e:d7:46:18:06:37:53:00:26:36:9b:
         7a:62:72:74:9f:81:81:ce:e8:6a:e6:f6:bf:6e:78:c8:89:6a:
         04:71:63:b5:00:af:e9:62:6b:0b:8b:d6:d3:d0:1b:72:e7:83:
         fe:28:2f:2d:9d:bc:fe:f6:f2:80:48:e0:c4:eb:a1:9e:10:dd:
         cd:0f:b3:5e:84:f7:ad:66:91:ae:e3:11:e1:e2:7b:08:9d:fc:
         a3:af:fa:50:0c:5d:08:e7:75:40:30:ac:48:70:14:48:c8:90:
         d0:58:53:10:89:80:85:75:12:e8:d7:6e:41:2f:e4:89:de:3b:
         04:40:e8:14:51:17:27:46:70:7a:b1:18:7c:47:c7:18:ae:f4:
         33:ac:46:78:fb:6f:1f:bf:1e:50:4c:fc:4d:cd:03:18:24:5d:
         53:9b:5f:e2:0c:65:c6:04:ea:02:f7:13:44:f5:cd:05:b2:9b:
         ad:2f:3d:30:2c:f6:6a:11:5e:60:e6:31:e7:de:75:59:d2:65:
         88:95:32:59:a1:00:1a:71:18:49:35:98:8b:76:77:5d:32:27:
         1c:3d:1c:a6:59:4d:b3:9a:17:52:25:16:11:27:ea:2f:93:47:
         4e:09:f3:9d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbQIHa7xi5cOByXM4Bn3BDmiRCLAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE4MDAwMDAwWhcNMjMwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2OGM4Mzc5OWYwYWUwMGQ0NmNkOGQxODQ5ODRiODk4ZmZm
NzAxNmY1Yjk3OGY1OTc2NjEyMWRmNjAzMjIyMWVmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDN/qoYO1Fd5cMlqB9AgTqKepmVMGyNCLPW+8Xpa8bMX08b
vBsxDr3ME8mXlxS2gMy0gn0UpTRKDSNUHMPu7Uveggk8doB5oo465TLkYHLEOm06
yc7YXX1OZiIbTbLbTWolORAOz9sHsekKiRGlB+5z3VGYw3pNGmH3E3GGM/GVjqcu
W+DjRu4AcqCbAp1vwv1XfnAGM4hXOYamW+njMc76wm0AEVvQktBShCrIpQOy8L1h
RpQbHwayDwlmO9GgpODv4JAS2J5OYU2txL25+LphSLU4KR/S3hdha25Ap6ox3i82
sVWA0aUV/KAQy+Wo5SBuOb5wwGvfCbt8ldijONOvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNjDDLcTTITV52dgzrQ8/tpiqHCYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q5MGFlNjI0LTg0MDItNGY3My05YmM2LTYyNTJjMDRkNThiNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALETkNGtEUIAuRsVFNffHIcg0m5w
Z4dLJhoO10YYBjdTACY2m3picnSfgYHO6Grm9r9ueMiJagRxY7UAr+liawuL1tPQ
G3Lng/4oLy2dvP728oBI4MTroZ4Q3c0Ps16E961mka7jEeHiewid/KOv+lAMXQjn
dUAwrEhwFEjIkNBYUxCJgIV1EujXbkEv5IneOwRA6BRRFydGcHqxGHxHxxiu9DOs
Rnj7bx+/HlBM/E3NAxgkXVObX+IMZcYE6gL3E0T1zQWym60vPTAs9moRXmDmMefe
dVnSZYiVMlmhABpxGEk1mIt2d10yJxw9HKZZTbOaF1IlFhEn6i+TR04J850=
-----END CERTIFICATE-----