Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea2693dd-0736-4ab5-904e-d0f1904ff466.roa
File:                     ea2693dd-0736-4ab5-904e-d0f1904ff466.roa (raw, json)
Hash identifier:          GpXt2bbkXN+uETTAOVq0HaMCdP74Wj1TYWgG0tfuWZw=
Subject key identifier:   2B:38:B6:D1:FE:D1:DD:70:C6:BC:1E:20:45:4D:3B:7C:C9:02:32:F4
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2B604ADE9157A3FC41B358465500A722C99A7B34
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea2693dd-0736-4ab5-904e-d0f1904ff466.roa
Signing time:             Sun 09 Jul 2023 00:00:00 +0000
ROA not before:           Sun 09 Jul 2023 00:00:00 +0000
ROA not after:            Sun 13 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:60:4a:de:91:57:a3:fc:41:b3:58:46:55:00:a7:22:c9:9a:7b:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  9 00:00:00 2023 GMT
            Not After : Aug 13 23:59:59 2023 GMT
        Subject: serialNumber=119157d52fc3d2fff2504df07e351ca8df830765e6725ebf79c70b51c25e6c25, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:40:e8:0a:a4:e5:3f:a5:5b:4c:49:c6:bc:e6:
                    5b:38:e2:8c:ef:6e:fb:f7:bb:81:62:db:10:97:36:
                    cb:17:b0:87:56:3c:35:b7:e6:0f:ee:55:08:df:af:
                    97:ea:cf:14:61:c6:fe:ef:db:b7:8a:41:d7:c5:af:
                    35:33:f2:40:2e:d5:c7:14:57:a0:c9:28:29:4d:be:
                    56:a6:a8:02:ca:a4:ca:a9:fb:91:06:d4:48:34:4a:
                    a5:98:6e:b5:3d:42:a1:da:e0:05:1d:a6:88:d2:65:
                    0e:97:a5:cb:9c:48:f1:b9:1c:8f:f8:dd:a1:8d:fd:
                    4d:a3:4d:60:c7:6e:87:ea:be:8a:00:19:11:a9:3a:
                    94:58:6d:2c:0f:93:c7:83:f4:1f:c7:0a:c3:7f:04:
                    f1:63:94:b9:5e:cb:a3:c4:10:a2:18:d9:aa:78:19:
                    35:39:dc:0d:95:b1:d7:c6:bb:7e:37:46:92:cb:3c:
                    76:1a:e0:32:ac:b6:31:1c:09:1e:71:00:b1:d0:67:
                    35:37:87:ee:c5:cd:1f:ed:65:5b:e1:3b:a1:88:2d:
                    b7:a9:c1:94:6a:b5:41:1e:97:dd:b8:b7:5f:2e:49:
                    6a:ec:a0:56:e0:09:b6:b8:c5:2d:bb:e2:eb:d2:ba:
                    82:b3:3c:b4:87:bb:54:b8:f8:d3:69:40:3d:9d:8e:
                    75:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:38:B6:D1:FE:D1:DD:70:C6:BC:1E:20:45:4D:3B:7C:C9:02:32:F4
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea2693dd-0736-4ab5-904e-d0f1904ff466.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:76:1b:c4:a5:03:22:43:1d:49:91:89:d2:84:83:a6:e1:41:
         10:82:54:5a:8f:89:d0:2d:7f:02:7f:27:b5:9e:ff:b4:a1:4e:
         87:01:0b:84:5e:f5:69:67:56:1d:c7:39:f9:0c:bb:c0:fd:68:
         2b:1d:24:74:1a:82:31:4d:7f:d7:8a:68:7f:f3:38:03:62:b2:
         19:2c:2f:0e:c9:32:77:01:97:e6:03:59:47:3c:24:bb:16:ed:
         95:3f:68:62:b3:4f:a2:16:27:7c:1f:a0:c6:2d:7a:14:37:7a:
         d4:b8:8f:1e:25:1b:44:5b:c6:49:7f:6e:db:7c:02:59:11:28:
         99:26:cd:fa:25:5c:82:0a:8b:9a:d3:4c:f6:38:8d:17:b5:96:
         69:15:ec:9c:3a:aa:a6:6e:88:7e:59:b1:0b:fb:b8:1d:9a:d3:
         a5:be:48:c2:c5:e2:e1:30:32:25:b0:2f:bc:2c:e1:36:46:0b:
         3b:8b:03:f4:77:2c:cf:8d:75:56:04:e4:8e:51:4c:26:5e:fd:
         bd:e4:ab:24:7c:4c:fc:06:f9:3e:28:3f:80:34:ce:b1:a0:c7:
         87:8b:de:a1:bc:5d:6b:e4:04:23:df:5f:d3:4a:51:2f:b3:f9:
         1f:6f:e2:08:d9:3e:9c:32:c5:f4:26:4a:46:db:9b:df:33:f3:
         8e:a8:76:d0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK2BK3pFXo/xBs1hGVQCnIsmaezQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzA5MDAwMDAwWhcNMjMwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMTkxNTdkNTJmYzNkMmZmZjI1MDRkZjA3ZTM1MWNhOGRm
ODMwNzY1ZTY3MjVlYmY3OWM3MGI1MWMyNWU2YzI1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHQOgKpOU/pVtMSca85ls44ozvbvv3u4Fi2xCXNssXsIdW
PDW35g/uVQjfr5fqzxRhxv7v27eKQdfFrzUz8kAu1ccUV6DJKClNvlamqALKpMqp
+5EG1Eg0SqWYbrU9QqHa4AUdpojSZQ6XpcucSPG5HI/43aGN/U2jTWDHbofqvooA
GRGpOpRYbSwPk8eD9B/HCsN/BPFjlLley6PEEKIY2ap4GTU53A2VsdfGu343RpLL
PHYa4DKstjEcCR5xALHQZzU3h+7FzR/tZVvhO6GILbepwZRqtUEel924t18uSWrs
oFbgCba4xS274uvSuoKzPLSHu1S4+NNpQD2djnXRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKzi20f7R3XDGvB4gRU07fMkCMvQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VhMjY5M2RkLTA3MzYtNGFiNS05MDRlLWQwZjE5MDRmZjQ2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHp2G8SlAyJDHUmRidKEg6bhQRCC
VFqPidAtfwJ/J7We/7ShTocBC4Re9WlnVh3HOfkMu8D9aCsdJHQagjFNf9eKaH/z
OANishksLw7JMncBl+YDWUc8JLsW7ZU/aGKzT6IWJ3wfoMYtehQ3etS4jx4lG0Rb
xkl/btt8AlkRKJkmzfolXIIKi5rTTPY4jRe1lmkV7Jw6qqZuiH5ZsQv7uB2a06W+
SMLF4uEwMiWwL7ws4TZGCzuLA/R3LM+NdVYE5I5RTCZe/b3kqyR8TPwG+T4oP4A0
zrGgx4eL3qG8XWvkBCPfX9NKUS+z+R9v4gjZPpwyxfQmSkbbm98z846odtA=
-----END CERTIFICATE-----