Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ed6830b4-c7d8-4117-a89e-3bcffecd1d1e.roa
File:                     ed6830b4-c7d8-4117-a89e-3bcffecd1d1e.roa (raw, json)
Hash identifier:          iNoY8jHqod0b8eJ5OMuLXEB855QpiKNs5EWoVqDyVz0=
Subject key identifier:   68:1E:CC:D2:C8:02:18:37:3C:2C:48:CC:B8:62:72:18:06:9C:25:ED
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       369C5888E0286A59F3EC6D97591772AADC4D4CFC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ed6830b4-c7d8-4117-a89e-3bcffecd1d1e.roa
Signing time:             Thu 22 Jun 2023 00:00:00 +0000
ROA not before:           Thu 22 Jun 2023 00:00:00 +0000
ROA not after:            Thu 27 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:9c:58:88:e0:28:6a:59:f3:ec:6d:97:59:17:72:aa:dc:4d:4c:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 22 00:00:00 2023 GMT
            Not After : Jul 27 23:59:59 2023 GMT
        Subject: serialNumber=a25f2f40eb86faf306787f2ad05da85533e1a7b648eafdfdca6eb0480c81d9b0, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b4:72:97:9a:f9:42:f3:45:f9:b9:4b:78:17:
                    ab:7a:58:52:08:e5:29:25:0c:19:6d:68:7b:ad:22:
                    2b:57:4d:9c:24:09:a2:0c:28:42:fa:5f:b5:c3:9f:
                    ab:5f:f4:e0:cb:ae:d0:eb:70:66:f3:fc:a1:0b:ba:
                    dd:c9:83:f9:3a:bd:f8:f6:a4:3d:ad:e3:55:44:46:
                    2e:bf:0b:e4:3f:06:fc:ca:0c:87:d8:02:27:cb:2c:
                    22:4a:d4:b8:21:6e:5d:b8:c5:aa:fb:ea:d7:6d:34:
                    06:70:99:fb:c6:8d:8d:e5:3f:4e:23:5b:ff:54:24:
                    8f:84:74:5e:b9:61:0f:67:33:d5:3a:20:69:2e:9d:
                    30:e8:f4:99:de:35:b5:c0:bb:5d:e0:80:83:88:e7:
                    03:09:5a:be:51:a8:44:ab:54:cf:fa:45:b1:ed:85:
                    d7:21:58:c5:6a:c4:fb:ff:a1:1d:49:54:69:c1:c9:
                    76:14:ba:26:be:47:ef:e9:cf:7d:cb:92:2d:d7:6f:
                    b3:df:3e:1a:8a:64:6a:29:54:20:ec:54:1d:46:3c:
                    77:3c:92:3b:fc:9a:7f:65:8f:60:bf:70:54:41:27:
                    69:5e:c5:0f:9d:34:1a:85:7d:59:d7:a6:f3:fc:74:
                    c4:76:61:c6:47:0b:48:30:39:68:1b:35:69:cf:5c:
                    98:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:1E:CC:D2:C8:02:18:37:3C:2C:48:CC:B8:62:72:18:06:9C:25:ED
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ed6830b4-c7d8-4117-a89e-3bcffecd1d1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:c0:0e:2e:55:17:d7:a0:52:f7:d4:5d:fe:c0:00:30:59:f0:
         29:86:b5:e6:f4:a9:7f:90:61:f9:89:e9:b4:bd:1c:62:97:db:
         11:d2:d9:ed:79:b0:f1:92:47:f6:8e:13:bb:5d:e4:88:2e:6c:
         ca:c5:c8:6b:93:4f:90:8c:2c:33:81:05:c3:14:3e:d6:f6:30:
         53:96:55:61:f0:66:9c:89:c2:67:a3:64:70:ba:a8:03:e3:73:
         8d:d7:d3:c0:ce:4a:ed:57:fe:e1:a6:12:26:87:14:5f:c7:93:
         2f:98:1b:35:a0:e8:3a:a9:d6:3e:a6:b7:2e:0a:f5:df:37:b1:
         f9:b5:62:21:9a:74:1e:5e:6e:d9:fa:48:e5:4a:d3:f9:f4:f0:
         46:c3:f3:84:c5:bd:50:e3:20:ed:b7:ac:c3:7a:e1:b9:16:b4:
         83:4a:cd:9a:88:e6:ca:bf:40:7f:f8:52:37:53:ff:71:91:07:
         b8:b4:a8:94:12:5a:3a:ed:14:ed:ee:7c:54:c2:42:70:b1:56:
         9e:69:55:87:ba:a1:f6:3d:85:fd:56:59:37:60:58:2f:21:db:
         e5:8a:0e:1f:39:e1:73:85:96:34:30:25:7f:78:25:be:4e:77:
         dc:60:ad:91:fc:38:ff:8d:ff:d5:ae:5c:2d:b5:23:12:6f:91:
         ae:e6:fb:1d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNpxYiOAoalnz7G2XWRdyqtxNTPwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjIyMDAwMDAwWhcNMjMwNzI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjVmMmY0MGViODZmYWYzMDY3ODdmMmFkMDVkYTg1NTMz
ZTFhN2I2NDhlYWZkZmRjYTZlYjA0ODBjODFkOWIwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCtHKXmvlC80X5uUt4F6t6WFII5SklDBltaHutIitXTZwk
CaIMKEL6X7XDn6tf9ODLrtDrcGbz/KELut3Jg/k6vfj2pD2t41VERi6/C+Q/BvzK
DIfYAifLLCJK1Lghbl24xar76tdtNAZwmfvGjY3lP04jW/9UJI+EdF65YQ9nM9U6
IGkunTDo9JneNbXAu13ggIOI5wMJWr5RqESrVM/6RbHthdchWMVqxPv/oR1JVGnB
yXYUuia+R+/pz33Lki3Xb7PfPhqKZGopVCDsVB1GPHc8kjv8mn9lj2C/cFRBJ2le
xQ+dNBqFfVnXpvP8dMR2YcZHC0gwOWgbNWnPXJhTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaB7M0sgCGDc8LEjMuGJyGAacJe0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VkNjgzMGI0LWM3ZDgtNDExNy1hODllLTNiY2ZmZWNkMWQxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJfADi5VF9egUvfUXf7AADBZ8CmG
teb0qX+QYfmJ6bS9HGKX2xHS2e15sPGSR/aOE7td5IgubMrFyGuTT5CMLDOBBcMU
Ptb2MFOWVWHwZpyJwmejZHC6qAPjc43X08DOSu1X/uGmEiaHFF/Hky+YGzWg6Dqp
1j6mty4K9d83sfm1YiGadB5ebtn6SOVK0/n08EbD84TFvVDjIO23rMN64bkWtINK
zZqI5sq/QH/4UjdT/3GRB7i0qJQSWjrtFO3ufFTCQnCxVp5pVYe6ofY9hf1WWTdg
WC8h2+WKDh854XOFljQwJX94Jb5Od9xgrZH8OP+N/9WuXC21IxJvka7m+x0=
-----END CERTIFICATE-----