Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e414b681-4488-4250-a974-3af02990f62e.roa
File:                     e414b681-4488-4250-a974-3af02990f62e.roa (raw, json)
Hash identifier:          m/R8fJ54RuYNLVA6Zw5GklZ5LD4DAqGyYWLPxYoBfHU=
Subject key identifier:   10:55:17:F8:06:11:4B:78:E8:74:E6:B4:07:F3:BC:5C:A8:AC:4F:36
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7EF05CE6346540686BC12EAE37CD6B29E7F25A67
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e414b681-4488-4250-a974-3af02990f62e.roa
Signing time:             Fri 25 Aug 2023 00:00:00 +0000
ROA not before:           Fri 25 Aug 2023 00:00:00 +0000
ROA not after:            Fri 29 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:f0:5c:e6:34:65:40:68:6b:c1:2e:ae:37:cd:6b:29:e7:f2:5a:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 25 00:00:00 2023 GMT
            Not After : Sep 29 23:59:59 2023 GMT
        Subject: serialNumber=67f7bfc945424068b518c764e50265b978d1a71355f4a465ccccd2307e1b2762, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b4:33:8f:0c:a0:0d:5b:53:0c:0a:a9:76:e6:
                    f6:82:27:1e:ee:81:db:6b:9a:de:b2:c1:cd:6e:b7:
                    aa:1a:2c:44:35:97:87:3b:04:bf:ce:de:10:d3:47:
                    48:d7:79:ee:3e:d4:92:90:0b:60:ab:92:2b:3b:d9:
                    53:6d:15:d2:1e:77:2d:71:65:ac:ca:09:e4:49:d8:
                    7d:2f:05:23:8c:6b:85:15:04:12:50:65:22:1e:61:
                    5c:7a:97:e1:0a:79:bc:39:53:5e:8b:c6:7a:82:a2:
                    06:08:ad:6a:c6:11:76:ac:bf:52:a6:92:1a:de:83:
                    6e:32:ba:08:0e:b5:bd:d4:00:b2:8b:5f:73:24:3d:
                    51:94:2d:65:e1:f1:e9:c4:aa:e7:67:61:d0:dc:f8:
                    d7:31:9c:74:3f:24:64:64:be:e5:11:60:5d:40:87:
                    93:08:0a:62:19:5f:e2:8d:98:fa:27:56:ce:55:86:
                    b6:92:17:64:94:aa:7a:4f:6a:83:df:d5:39:2d:c2:
                    42:7f:85:7c:8a:b8:22:29:e0:b7:ab:90:c6:57:06:
                    33:31:6f:63:4b:87:89:17:3e:6e:d8:c3:55:de:85:
                    71:af:b5:e5:cd:d7:d9:31:cc:67:e8:00:c8:1c:42:
                    cb:5d:9b:5d:3d:a4:a6:1f:12:25:da:81:65:b3:91:
                    af:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:55:17:F8:06:11:4B:78:E8:74:E6:B4:07:F3:BC:5C:A8:AC:4F:36
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e414b681-4488-4250-a974-3af02990f62e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:cf:a0:9f:65:d4:32:2f:49:79:fb:bd:d1:c1:f9:c1:bd:e7:
         3d:48:82:cf:fc:bd:73:1c:4e:ed:23:38:85:2e:a1:ca:56:e8:
         c0:67:d7:b7:47:3a:0b:c1:d3:14:66:ad:a5:4f:1e:93:eb:a2:
         7c:d7:9e:dc:96:cd:20:32:75:22:88:31:7d:b6:4c:13:0a:21:
         b3:1a:c4:1b:f0:78:92:d5:3e:f3:8f:16:58:3f:2d:7e:23:2d:
         cd:14:e3:76:89:da:ab:64:54:9f:0c:a8:b3:63:ef:f7:6d:4b:
         90:5a:c5:05:86:a7:29:89:62:0c:14:b4:f2:2c:8d:42:f2:18:
         ea:79:71:1a:ca:fc:0b:a3:08:18:de:cc:e1:ce:d0:cf:20:99:
         fc:a1:7a:e7:26:d0:9c:7d:ac:0b:49:3b:a5:52:5e:61:ae:84:
         23:d3:fd:63:bb:cb:0f:f1:90:12:bd:ac:32:92:82:a8:44:3a:
         b9:b5:2c:6f:cf:31:c1:dd:6e:10:ed:9b:80:f4:9d:41:0a:d9:
         ec:5c:2c:a6:9d:f3:08:82:37:68:ae:4a:75:37:d8:37:da:e8:
         08:f5:a5:f1:57:2d:20:e5:a1:08:92:5c:00:8b:b6:b6:d2:52:
         1b:46:bb:c4:8c:d1:4d:25:6d:93:c5:98:48:d6:7b:f2:06:eb:
         db:e8:56:4a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfvBc5jRlQGhrwS6uN81rKefyWmcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI1MDAwMDAwWhcNMjMwOTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2N2Y3YmZjOTQ1NDI0MDY4YjUxOGM3NjRlNTAyNjViOTc4
ZDFhNzEzNTVmNGE0NjVjY2NjZDIzMDdlMWIyNzYyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUtDOPDKANW1MMCql25vaCJx7ugdtrmt6ywc1ut6oaLEQ1
l4c7BL/O3hDTR0jXee4+1JKQC2Crkis72VNtFdIedy1xZazKCeRJ2H0vBSOMa4UV
BBJQZSIeYVx6l+EKebw5U16LxnqCogYIrWrGEXasv1Kmkhreg24yuggOtb3UALKL
X3MkPVGULWXh8enEqudnYdDc+NcxnHQ/JGRkvuURYF1Ah5MICmIZX+KNmPonVs5V
hraSF2SUqnpPaoPf1TktwkJ/hXyKuCIp4LerkMZXBjMxb2NLh4kXPm7Yw1XehXGv
teXN19kxzGfoAMgcQstdm109pKYfEiXagWWzka+rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEFUX+AYRS3jodOa0B/O8XKisTzYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U0MTRiNjgxLTQ0ODgtNDI1MC1hOTc0LTNhZjAyOTkwZjYyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIjPoJ9l1DIvSXn7vdHB+cG95z1I
gs/8vXMcTu0jOIUuocpW6MBn17dHOgvB0xRmraVPHpPronzXntyWzSAydSKIMX22
TBMKIbMaxBvweJLVPvOPFlg/LX4jLc0U43aJ2qtkVJ8MqLNj7/dtS5BaxQWGpymJ
YgwUtPIsjULyGOp5cRrK/AujCBjezOHO0M8gmfyheucm0Jx9rAtJO6VSXmGuhCPT
/WO7yw/xkBK9rDKSgqhEOrm1LG/PMcHdbhDtm4D0nUEK2excLKad8wiCN2iuSnU3
2Dfa6Aj1pfFXLSDloQiSXACLtrbSUhtGu8SM0U0lbZPFmEjWe/IG69voVko=
-----END CERTIFICATE-----