Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d9ebf84d-cef6-4f24-b108-bc398cdc1dfa.roa
File:                     d9ebf84d-cef6-4f24-b108-bc398cdc1dfa.roa (raw, json)
Hash identifier:          yLRvl/EL4u441x0OPAqighCK79xi0AR8mxdnKhLVAFo=
Subject key identifier:   7D:85:4B:F8:0C:D7:D9:8F:E7:E2:B5:01:27:24:0C:20:FE:C7:9C:AC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2CECD4407686F69AC4591A1F41B5B027B99EAB10
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d9ebf84d-cef6-4f24-b108-bc398cdc1dfa.roa
Signing time:             Fri 21 Jul 2023 00:00:00 +0000
ROA not before:           Fri 21 Jul 2023 00:00:00 +0000
ROA not after:            Fri 25 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:ec:d4:40:76:86:f6:9a:c4:59:1a:1f:41:b5:b0:27:b9:9e:ab:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 21 00:00:00 2023 GMT
            Not After : Aug 25 23:59:59 2023 GMT
        Subject: serialNumber=ee3ee0b62aa2b770c98cc6cf8ab8459027cdaa26a910a6437a9aef8d83a8fa42, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:44:93:a0:af:1a:be:e6:d0:0a:e3:03:06:64:
                    1b:60:00:7d:f1:2a:8f:09:76:ff:30:fb:c1:5c:14:
                    50:94:27:20:c6:bc:05:c2:d5:aa:c2:f4:74:30:a9:
                    a6:ac:4e:65:37:0c:d7:b9:5f:37:4d:d7:d0:a2:f8:
                    36:01:2b:c1:69:e7:c3:6e:68:da:dc:30:65:3b:46:
                    08:4e:6a:d1:c9:d6:57:8f:05:6e:eb:56:b3:18:f0:
                    bb:08:39:c4:51:18:88:c3:5d:3d:13:a1:03:7f:d6:
                    2d:ae:89:cf:90:08:e1:40:46:e5:a5:ee:d0:3f:b7:
                    f9:ba:b9:79:88:be:f0:34:76:a9:ee:c0:87:7a:ea:
                    dc:36:7a:cc:36:23:32:e0:b3:8e:d1:c2:e0:6f:8d:
                    20:9b:3e:ab:f5:1f:23:1f:01:12:cc:63:8e:ea:39:
                    65:18:2e:99:d2:dc:2d:52:e0:e6:8a:0a:71:4e:42:
                    58:2c:7d:97:63:94:b9:6f:16:38:c4:47:8e:2c:96:
                    4a:e1:99:0d:b5:31:74:d1:d8:39:b8:0a:0d:38:51:
                    48:78:8a:91:fb:41:02:d9:d6:5d:b2:dc:85:65:8f:
                    2a:58:95:0d:26:cc:98:37:73:2b:c6:eb:3d:c5:62:
                    f3:35:3f:be:2b:57:f8:68:90:2f:54:78:a5:47:ff:
                    f7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:85:4B:F8:0C:D7:D9:8F:E7:E2:B5:01:27:24:0C:20:FE:C7:9C:AC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d9ebf84d-cef6-4f24-b108-bc398cdc1dfa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:86:51:44:e9:33:c4:85:05:a3:0c:21:a6:d8:10:25:5e:9b:
         57:ae:57:83:e3:97:68:0f:7e:7f:f9:b9:04:0d:d8:32:c5:88:
         c5:2c:1f:fd:42:ca:84:09:96:32:f1:e1:16:93:1b:46:ae:3d:
         d8:40:4c:f6:96:64:c4:99:51:95:4e:bc:30:1c:e6:35:84:1f:
         e4:96:23:fa:40:23:12:72:e3:63:53:ad:93:b5:4b:36:c2:f8:
         2b:0a:5e:65:5b:f6:fe:f2:74:07:5f:66:33:b5:b0:bb:32:41:
         11:1e:16:93:56:54:6f:31:2a:5c:92:03:c6:52:9c:e1:d0:f2:
         4d:4b:b5:ee:69:2b:9a:92:d1:03:76:a5:b9:85:84:2f:eb:4c:
         bd:90:b4:02:58:37:a2:d5:aa:c9:83:bf:25:df:35:35:7c:10:
         99:97:d8:84:ac:c5:f8:13:25:0b:07:e4:07:b5:6a:13:d5:b0:
         eb:ed:21:21:f4:7c:90:73:05:39:5e:96:a3:8a:f5:b1:35:3d:
         0a:e5:48:53:2c:c3:4b:e4:f5:95:a6:b8:14:60:f7:2d:e3:2d:
         82:aa:3c:63:49:5e:9f:9a:47:24:79:27:d6:55:2e:f9:38:65:
         a5:11:3f:94:c7:aa:9c:43:00:e1:55:99:5e:e6:6b:72:8c:46:
         d7:5e:a4:3e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULOzUQHaG9prEWRofQbWwJ7meqxAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzIxMDAwMDAwWhcNMjMwODI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZTNlZTBiNjJhYTJiNzcwYzk4Y2M2Y2Y4YWI4NDU5MDI3
Y2RhYTI2YTkxMGE2NDM3YTlhZWY4ZDgzYThmYTQyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHRJOgrxq+5tAK4wMGZBtgAH3xKo8Jdv8w+8FcFFCUJyDG
vAXC1arC9HQwqaasTmU3DNe5XzdN19Ci+DYBK8Fp58NuaNrcMGU7RghOatHJ1leP
BW7rVrMY8LsIOcRRGIjDXT0ToQN/1i2uic+QCOFARuWl7tA/t/m6uXmIvvA0dqnu
wId66tw2esw2IzLgs47RwuBvjSCbPqv1HyMfARLMY47qOWUYLpnS3C1S4OaKCnFO
QlgsfZdjlLlvFjjER44slkrhmQ21MXTR2Dm4Cg04UUh4ipH7QQLZ1l2y3IVljypY
lQ0mzJg3cyvG6z3FYvM1P74rV/hokC9UeKVH//cVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfYVL+AzX2Y/n4rUBJyQMIP7HnKwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q5ZWJmODRkLWNlZjYtNGYyNC1iMTA4LWJjMzk4Y2RjMWRmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABuGUUTpM8SFBaMMIabYECVem1eu
V4Pjl2gPfn/5uQQN2DLFiMUsH/1CyoQJljLx4RaTG0auPdhATPaWZMSZUZVOvDAc
5jWEH+SWI/pAIxJy42NTrZO1SzbC+CsKXmVb9v7ydAdfZjO1sLsyQREeFpNWVG8x
KlySA8ZSnOHQ8k1Lte5pK5qS0QN2pbmFhC/rTL2QtAJYN6LVqsmDvyXfNTV8EJmX
2ISsxfgTJQsH5Ae1ahPVsOvtISH0fJBzBTlelqOK9bE1PQrlSFMsw0vk9ZWmuBRg
9y3jLYKqPGNJXp+aRyR5J9ZVLvk4ZaURP5THqpxDAOFVmV7ma3KMRtdepD4=
-----END CERTIFICATE-----