Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dae66e97-1b33-40b3-ba45-62bff44bd527.roa
File:                     dae66e97-1b33-40b3-ba45-62bff44bd527.roa (raw, json)
Hash identifier:          QliDfjS1tfzXJNk8lUDNihSjrtjadkLfduZFof4TNxc=
Subject key identifier:   51:23:EA:60:35:BC:BF:9C:8D:36:FB:8D:18:52:7D:CD:30:2D:A6:4F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3841E3EB018BD83FE1D733474091FDDD121390B8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dae66e97-1b33-40b3-ba45-62bff44bd527.roa
Signing time:             Fri 14 Jul 2023 00:00:00 +0000
ROA not before:           Fri 14 Jul 2023 00:00:00 +0000
ROA not after:            Fri 18 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:41:e3:eb:01:8b:d8:3f:e1:d7:33:47:40:91:fd:dd:12:13:90:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 14 00:00:00 2023 GMT
            Not After : Aug 18 23:59:59 2023 GMT
        Subject: serialNumber=b14c070d9d045e52270f8e04509ffd7ff2aa2dc76d36db6ac6f3320f1501a047, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:01:29:34:5f:f5:e7:aa:57:43:ad:96:47:11:
                    84:88:da:ba:41:bf:86:f9:b9:db:d9:fb:d4:12:d6:
                    56:ee:35:b2:2c:87:52:eb:6f:4a:96:09:68:80:3b:
                    33:f6:0a:eb:5a:7c:76:71:1d:24:31:fd:76:0f:83:
                    0a:10:58:5e:24:a8:94:a3:f4:46:aa:0b:86:46:7d:
                    1d:e7:e4:64:4f:2d:2c:83:24:17:6c:2c:24:e9:40:
                    eb:68:40:98:83:66:4f:d0:3b:b7:9b:e8:bb:b8:fa:
                    cd:80:34:9c:5d:8e:5a:f0:c6:f8:1d:f6:ae:4d:46:
                    02:c0:0b:6a:9d:3f:87:6d:b1:ff:45:c8:b7:da:59:
                    c8:0b:c5:08:30:ce:06:ef:02:fa:ad:9a:c9:96:a2:
                    bd:47:de:c8:f7:45:09:c7:3c:d9:8a:d6:90:61:2e:
                    2e:76:cd:d4:1a:63:da:e8:c4:08:63:68:27:c4:fd:
                    5e:c7:b4:99:c7:f6:44:d4:67:7d:f5:cd:44:37:f6:
                    88:3a:67:0b:c6:68:02:06:3f:68:27:a3:66:d4:b6:
                    e8:90:ed:0e:d0:2e:09:b6:81:f8:52:72:8c:5a:df:
                    91:04:9b:09:54:5b:16:19:5d:3a:9f:c8:75:10:e4:
                    2a:53:93:0d:dd:9f:49:37:56:1c:3e:dc:15:47:e0:
                    ca:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:23:EA:60:35:BC:BF:9C:8D:36:FB:8D:18:52:7D:CD:30:2D:A6:4F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dae66e97-1b33-40b3-ba45-62bff44bd527.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:72:d7:2e:e7:40:cc:80:26:4b:18:62:fa:61:3b:25:0e:03:
         f1:6f:9e:41:af:58:00:10:11:70:dd:57:42:34:b1:30:17:bd:
         2d:f4:f1:31:c4:17:08:3d:22:96:d1:48:e8:fe:ba:79:95:b8:
         be:5f:d8:d3:30:e3:48:47:ae:30:46:97:a0:15:5e:40:77:f5:
         40:ac:7a:88:16:63:a3:ce:42:52:da:a5:ea:3e:79:f9:af:25:
         eb:02:24:0e:11:5f:50:f0:13:1f:45:91:87:ea:25:dc:7d:89:
         e8:64:8e:82:88:1c:c1:23:82:17:6b:8e:c5:4b:5e:3d:75:38:
         08:d2:24:59:a2:a6:3a:70:bd:80:92:83:fe:99:06:c9:4e:13:
         ac:14:f6:92:64:50:5c:97:ca:5e:78:b2:d8:58:01:18:82:10:
         22:e8:42:89:34:fc:f5:d5:a8:de:4d:fe:54:53:e9:fe:0b:32:
         f6:95:f6:bc:26:36:c0:24:a0:73:36:96:1d:a7:b1:c8:06:1f:
         7d:bf:75:de:90:3d:73:f4:85:c8:c1:90:51:2c:b1:2c:57:4c:
         f0:38:28:d8:2e:a5:ba:3a:1d:ae:b6:71:88:fc:67:eb:04:47:
         1f:59:7b:ce:13:01:63:11:5d:5c:3f:21:e5:c2:65:7f:c8:4a:
         66:53:c4:9f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOEHj6wGL2D/h1zNHQJH93RITkLgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE0MDAwMDAwWhcNMjMwODE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMTRjMDcwZDlkMDQ1ZTUyMjcwZjhlMDQ1MDlmZmQ3ZmYy
YWEyZGM3NmQzNmRiNmFjNmYzMzIwZjE1MDFhMDQ3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDqASk0X/XnqldDrZZHEYSI2rpBv4b5udvZ+9QS1lbuNbIs
h1Lrb0qWCWiAOzP2CutafHZxHSQx/XYPgwoQWF4kqJSj9EaqC4ZGfR3n5GRPLSyD
JBdsLCTpQOtoQJiDZk/QO7eb6Lu4+s2ANJxdjlrwxvgd9q5NRgLAC2qdP4dtsf9F
yLfaWcgLxQgwzgbvAvqtmsmWor1H3sj3RQnHPNmK1pBhLi52zdQaY9roxAhjaCfE
/V7HtJnH9kTUZ331zUQ39og6ZwvGaAIGP2gno2bUtuiQ7Q7QLgm2gfhScoxa35EE
mwlUWxYZXTqfyHUQ5CpTkw3dn0k3Vhw+3BVH4MpjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUSPqYDW8v5yNNvuNGFJ9zTAtpk8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RhZTY2ZTk3LTFiMzMtNDBiMy1iYTQ1LTYyYmZmNDRiZDUyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHZy1y7nQMyAJksYYvphOyUOA/Fv
nkGvWAAQEXDdV0I0sTAXvS308THEFwg9IpbRSOj+unmVuL5f2NMw40hHrjBGl6AV
XkB39UCseogWY6POQlLapeo+efmvJesCJA4RX1DwEx9FkYfqJdx9iehkjoKIHMEj
ghdrjsVLXj11OAjSJFmipjpwvYCSg/6ZBslOE6wU9pJkUFyXyl54sthYARiCECLo
Qok0/PXVqN5N/lRT6f4LMvaV9rwmNsAkoHM2lh2nscgGH32/dd6QPXP0hcjBkFEs
sSxXTPA4KNgupbo6Ha62cYj8Z+sERx9Ze84TAWMRXVw/IeXCZX/ISmZTxJ8=
-----END CERTIFICATE-----