Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e329585a-7057-4245-bd55-59c50f4c2b39.roa
File:                     e329585a-7057-4245-bd55-59c50f4c2b39.roa (raw, json)
Hash identifier:          wYEmTDgilBMtSBa1c6RjYxWMJvAvHaCko95dPtD4sqg=
Subject key identifier:   91:7B:07:7F:21:E2:EC:23:21:30:E1:8A:68:31:32:69:0D:92:DA:DB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4F5954453CE42BCF70C64E2636138FE654F92821
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e329585a-7057-4245-bd55-59c50f4c2b39.roa
Signing time:             Wed 19 Jul 2023 00:00:00 +0000
ROA not before:           Wed 19 Jul 2023 00:00:00 +0000
ROA not after:            Wed 23 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:59:54:45:3c:e4:2b:cf:70:c6:4e:26:36:13:8f:e6:54:f9:28:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 19 00:00:00 2023 GMT
            Not After : Aug 23 23:59:59 2023 GMT
        Subject: serialNumber=2bfb924e856b29602b3a69038afbbc4c4a346b10e57175f34f9dbf3490d5d2ba, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0a:bf:2f:00:3e:f5:5f:7b:82:17:b0:97:06:
                    af:0f:98:f2:37:26:86:f3:74:58:fa:cb:67:63:b4:
                    6f:71:a7:1f:a2:1a:85:8c:fd:f4:1f:2c:82:63:c2:
                    19:5a:de:8d:99:2b:04:17:29:54:e9:d0:b4:b9:ef:
                    a2:03:fe:7f:45:17:d3:c0:ce:9f:7f:14:1a:0c:60:
                    96:c3:1e:9e:7e:e1:9a:41:30:e3:05:b9:30:67:00:
                    20:5e:f7:5d:b2:b3:bf:c3:85:d6:57:90:41:ae:8d:
                    4d:3f:1c:17:c8:d1:7d:12:0e:65:ac:ac:6f:f3:22:
                    00:c0:00:70:2f:f5:5a:bb:47:0f:a6:56:c8:26:7b:
                    e4:fd:2d:04:86:13:f7:d0:3f:ff:57:84:32:7b:3e:
                    a9:b1:32:67:41:f9:19:69:14:dd:4e:f5:9f:e0:c7:
                    0b:fe:4e:cd:58:ae:24:47:1d:8d:e1:3e:b1:2b:0b:
                    30:7f:79:ad:4a:41:1a:0a:9e:31:b8:4f:aa:9b:92:
                    e5:cc:71:92:a6:d5:f3:b1:d4:f9:f3:83:6f:cb:be:
                    1a:b0:e8:5b:0a:55:bb:8a:3e:5c:dd:19:ff:e5:93:
                    ab:35:0f:b7:1d:6c:8e:a4:1b:d4:55:0f:84:59:d9:
                    86:93:be:0c:98:e3:60:b7:d4:90:af:a5:ff:82:6b:
                    19:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:7B:07:7F:21:E2:EC:23:21:30:E1:8A:68:31:32:69:0D:92:DA:DB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e329585a-7057-4245-bd55-59c50f4c2b39.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ba:b1:b4:a1:93:2c:dc:d3:6d:7f:22:ab:2a:d7:13:c5:61:
         46:0d:6f:3f:9c:80:74:ee:40:7b:d6:fe:12:8e:94:73:f4:e6:
         b9:23:b4:76:d8:16:8c:5c:9c:77:16:0d:1a:fa:f0:83:8b:15:
         3b:a2:b9:86:d4:3e:a9:1d:3e:e2:6a:fb:1f:73:b2:d9:b0:8c:
         d5:39:c2:9a:cf:0d:14:76:53:68:91:1f:25:88:63:27:55:74:
         ea:0e:51:d8:c1:52:23:16:a3:30:c7:b8:cb:e6:18:94:fe:82:
         03:ed:98:6a:df:52:95:d2:58:9b:82:f8:11:d9:c4:39:a2:d8:
         19:ae:9c:d7:6f:54:ff:4d:8f:6f:ad:43:b7:42:3e:33:c1:9d:
         67:8d:61:4a:53:93:f2:f4:e3:f5:84:da:de:2e:44:c3:4f:ab:
         a0:63:fa:ad:8c:fa:e4:59:db:e7:7a:03:62:57:a9:c9:02:e0:
         05:ad:d0:d2:63:d3:2b:55:5a:10:e2:88:e3:b4:e8:74:53:e0:
         81:29:af:a6:46:d7:d2:f2:25:bb:c4:a7:66:45:36:8c:be:95:
         50:f0:59:99:d2:6d:cc:47:b8:7f:da:b6:65:3a:99:db:ac:2b:
         d2:fc:96:3c:97:d1:17:62:a6:4f:9e:aa:f9:f6:9d:ec:88:bf:
         51:90:0b:06
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT1lURTzkK89wxk4mNhOP5lT5KCEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE5MDAwMDAwWhcNMjMwODIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYmZiOTI0ZTg1NmIyOTYwMmIzYTY5MDM4YWZiYmM0YzRh
MzQ2YjEwZTU3MTc1ZjM0ZjlkYmYzNDkwZDVkMmJhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6Cr8vAD71X3uCF7CXBq8PmPI3JobzdFj6y2djtG9xpx+i
GoWM/fQfLIJjwhla3o2ZKwQXKVTp0LS576ID/n9FF9PAzp9/FBoMYJbDHp5+4ZpB
MOMFuTBnACBe912ys7/DhdZXkEGujU0/HBfI0X0SDmWsrG/zIgDAAHAv9Vq7Rw+m
Vsgme+T9LQSGE/fQP/9XhDJ7PqmxMmdB+RlpFN1O9Z/gxwv+Ts1YriRHHY3hPrEr
CzB/ea1KQRoKnjG4T6qbkuXMcZKm1fOx1Pnzg2/Lvhqw6FsKVbuKPlzdGf/lk6s1
D7cdbI6kG9RVD4RZ2YaTvgyY42C31JCvpf+Caxn1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkXsHfyHi7CMhMOGKaDEyaQ2S2tswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2UzMjk1ODVhLTcwNTctNDI0NS1iZDU1LTU5YzUwZjRjMmIzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEC6sbShkyzc021/Iqsq1xPFYUYN
bz+cgHTuQHvW/hKOlHP05rkjtHbYFoxcnHcWDRr68IOLFTuiuYbUPqkdPuJq+x9z
stmwjNU5wprPDRR2U2iRHyWIYydVdOoOUdjBUiMWozDHuMvmGJT+ggPtmGrfUpXS
WJuC+BHZxDmi2BmunNdvVP9Nj2+tQ7dCPjPBnWeNYUpTk/L04/WE2t4uRMNPq6Bj
+q2M+uRZ2+d6A2JXqckC4AWt0NJj0ytVWhDiiOO06HRT4IEpr6ZG19LyJbvEp2ZF
Noy+lVDwWZnSbcxHuH/atmU6mdusK9L8ljyX0Rdipk+eqvn2neyIv1GQCwY=
-----END CERTIFICATE-----