Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ecd58090-1ae7-4572-b49b-39a07ce7a0e1.roa
File:                     ecd58090-1ae7-4572-b49b-39a07ce7a0e1.roa (raw, json)
Hash identifier:          0CS5zp6apbAckUJJVE40za7Lo46hkTxJQr+3DWaB+b8=
Subject key identifier:   9F:55:23:52:DC:E7:18:9B:7D:89:4A:99:1E:E0:D3:31:19:B5:52:23
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       64CF94E12F5C830C655190305B664E525C77FC70
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ecd58090-1ae7-4572-b49b-39a07ce7a0e1.roa
Signing time:             Mon 17 Jul 2023 00:00:00 +0000
ROA not before:           Mon 17 Jul 2023 00:00:00 +0000
ROA not after:            Mon 21 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:cf:94:e1:2f:5c:83:0c:65:51:90:30:5b:66:4e:52:5c:77:fc:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 17 00:00:00 2023 GMT
            Not After : Aug 21 23:59:59 2023 GMT
        Subject: serialNumber=71d164b83e7c68e0fd1254c7378c845b4e64e374a36300ad01caad97d79b4bc4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e4:a3:bc:d0:e2:20:a0:53:a0:cd:04:a8:ca:
                    33:d8:99:2c:ce:0b:f7:72:08:bc:6d:18:63:ae:05:
                    16:8d:89:2e:8c:74:84:ff:e4:d9:9d:67:5f:12:8a:
                    a5:96:db:e5:08:73:02:90:ab:6a:dd:10:53:de:e6:
                    eb:9d:4b:b6:15:af:06:59:86:36:b5:d8:dc:c7:b5:
                    a0:7a:ad:82:f0:63:18:a0:6f:22:76:8c:e7:cf:92:
                    59:73:b0:c0:b0:69:53:c7:75:20:d8:6b:92:01:75:
                    17:00:44:8a:b7:4c:2c:a8:5e:7c:50:e0:f2:40:00:
                    b7:86:99:0b:c0:5b:35:c9:63:a6:4d:9e:dd:7b:e6:
                    8a:b0:3d:39:63:6b:4b:35:a1:60:7f:d9:f5:f1:30:
                    b1:a8:92:4b:a3:25:71:ea:26:40:00:c8:08:76:f3:
                    84:29:2d:d2:5b:bd:71:8f:66:99:64:1f:ed:e1:e0:
                    af:07:b3:db:95:ab:33:a2:68:2f:2d:04:2e:26:1e:
                    c3:0e:16:4d:bc:be:4d:5a:a3:96:7a:b0:75:a3:69:
                    0a:a5:42:3c:7d:e8:f5:e4:62:48:77:5c:b5:37:95:
                    d1:b8:ac:a4:a2:34:9c:1a:9e:53:7a:bb:39:f0:15:
                    08:e1:e7:4f:86:08:56:58:bf:99:05:19:31:57:d0:
                    e7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:55:23:52:DC:E7:18:9B:7D:89:4A:99:1E:E0:D3:31:19:B5:52:23
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ecd58090-1ae7-4572-b49b-39a07ce7a0e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:45:bf:a4:79:ef:ee:1d:6f:95:8f:a3:f3:55:e1:20:90:3e:
         43:69:59:41:be:29:af:85:2c:01:9d:b7:f2:89:26:32:2b:d3:
         c0:ec:4c:8c:75:60:79:61:0c:94:94:c5:7d:3d:8d:04:41:ec:
         8f:63:4c:1d:7c:86:fb:28:e7:f9:5e:7f:3d:fc:8d:83:21:41:
         e4:dc:33:81:88:85:f2:89:f1:4d:2f:84:98:98:6b:74:0f:ab:
         c4:5a:df:ef:4f:04:97:17:03:e3:e1:f2:d4:21:da:46:03:4a:
         e4:3d:5e:3a:02:f4:a8:80:f9:46:72:78:40:5f:67:15:6b:62:
         48:b8:93:b4:d0:41:fa:ab:fa:14:8a:db:97:30:26:81:52:9a:
         b6:d5:4c:84:d1:7f:fa:fb:e6:c8:d2:42:f4:9b:3d:f1:ce:1b:
         71:e1:0f:5a:af:59:b2:1b:fc:d9:3a:f3:dd:3b:98:b3:1d:58:
         3b:9c:0b:e9:da:ce:79:b3:a1:88:81:ff:99:2d:46:d3:de:2b:
         84:de:5d:fb:0c:c4:6d:6f:14:15:e5:e7:76:54:50:25:b0:ca:
         79:87:ca:c7:07:ce:54:e2:93:54:68:21:4c:29:a1:19:6b:30:
         67:4a:61:13:1a:aa:ea:9d:14:65:40:43:54:f3:77:7b:65:d2:
         ad:4e:70:39
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZM+U4S9cgwxlUZAwW2ZOUlx3/HAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE3MDAwMDAwWhcNMjMwODIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MWQxNjRiODNlN2M2OGUwZmQxMjU0YzczNzhjODQ1YjRl
NjRlMzc0YTM2MzAwYWQwMWNhYWQ5N2Q3OWI0YmM0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDP5KO80OIgoFOgzQSoyjPYmSzOC/dyCLxtGGOuBRaNiS6M
dIT/5NmdZ18SiqWW2+UIcwKQq2rdEFPe5uudS7YVrwZZhja12NzHtaB6rYLwYxig
byJ2jOfPkllzsMCwaVPHdSDYa5IBdRcARIq3TCyoXnxQ4PJAALeGmQvAWzXJY6ZN
nt175oqwPTlja0s1oWB/2fXxMLGokkujJXHqJkAAyAh284QpLdJbvXGPZplkH+3h
4K8Hs9uVqzOiaC8tBC4mHsMOFk28vk1ao5Z6sHWjaQqlQjx96PXkYkh3XLU3ldG4
rKSiNJwanlN6uznwFQjh50+GCFZYv5kFGTFX0OfVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUn1UjUtznGJt9iUqZHuDTMRm1UiMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VjZDU4MDkwLTFhZTctNDU3Mi1iNDliLTM5YTA3Y2U3YTBlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACVFv6R57+4db5WPo/NV4SCQPkNp
WUG+Ka+FLAGdt/KJJjIr08DsTIx1YHlhDJSUxX09jQRB7I9jTB18hvso5/lefz38
jYMhQeTcM4GIhfKJ8U0vhJiYa3QPq8Ra3+9PBJcXA+Ph8tQh2kYDSuQ9XjoC9KiA
+UZyeEBfZxVrYki4k7TQQfqr+hSK25cwJoFSmrbVTITRf/r75sjSQvSbPfHOG3Hh
D1qvWbIb/Nk68907mLMdWDucC+naznmzoYiB/5ktRtPeK4TeXfsMxG1vFBXl53ZU
UCWwynmHyscHzlTik1RoIUwpoRlrMGdKYRMaquqdFGVAQ1Tzd3tl0q1OcDk=
-----END CERTIFICATE-----