Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ef602ea5-27dd-4194-a685-8fc96ddce72e.roa
File:                     ef602ea5-27dd-4194-a685-8fc96ddce72e.roa (raw, json)
Hash identifier:          +/KwYY2zmMpoy/IOwTb/3Q9W+/xv14+Vg7rj4wG7qpg=
Subject key identifier:   F5:85:3D:D2:94:83:7D:96:53:96:F7:7E:06:4E:A5:52:5C:9A:86:1E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       78D42675B845E7CD69D35A1D34B2208DCFF16834
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ef602ea5-27dd-4194-a685-8fc96ddce72e.roa
Signing time:             Sat 19 Aug 2023 00:00:00 +0000
ROA not before:           Sat 19 Aug 2023 00:00:00 +0000
ROA not after:            Sat 23 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:d4:26:75:b8:45:e7:cd:69:d3:5a:1d:34:b2:20:8d:cf:f1:68:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 19 00:00:00 2023 GMT
            Not After : Sep 23 23:59:59 2023 GMT
        Subject: serialNumber=e746cae50b09c9846287095cc106f4c387cbbb21e35b49dadd5ab0af3c2b6aa6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4f:8b:a3:fd:77:ec:83:ba:04:9d:6d:d7:ba:
                    da:39:70:71:03:f7:b0:b2:06:10:5f:ce:9d:02:bf:
                    01:04:1b:23:2a:ff:63:6f:3a:f6:59:2f:15:a5:c3:
                    14:03:37:69:58:e2:87:53:70:06:40:3d:42:c4:0f:
                    e7:a8:8a:ee:88:2a:59:b6:38:4b:79:31:51:32:37:
                    f9:a0:f7:19:90:d2:43:04:8b:8d:e4:e5:49:51:a3:
                    38:5c:ab:b5:bf:c6:a2:12:8b:6f:eb:f3:86:56:69:
                    00:8a:c6:45:44:29:e9:28:00:17:59:ea:ef:63:03:
                    6e:04:10:36:9f:5e:2e:5a:3d:67:ca:be:18:b6:40:
                    9f:0b:2e:8c:a2:ab:c2:96:1d:46:9d:08:98:ec:92:
                    5c:3d:98:d3:4d:61:92:27:ea:35:c4:64:81:b8:a8:
                    23:b1:37:49:ee:b1:35:6c:a8:ec:6b:4b:71:1b:ab:
                    ed:5b:26:4f:b3:d0:a1:29:d1:7c:b8:ec:3c:3a:93:
                    0f:da:a0:da:77:ca:f9:16:1b:e4:8b:da:f6:35:70:
                    6a:c5:dd:f3:ec:fe:19:48:3a:fb:33:df:a7:5a:38:
                    d7:88:a0:71:5d:b8:91:81:9e:33:d4:3b:bc:02:c9:
                    14:71:64:64:82:98:51:ca:c5:ce:a3:39:3e:2e:28:
                    10:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:85:3D:D2:94:83:7D:96:53:96:F7:7E:06:4E:A5:52:5C:9A:86:1E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ef602ea5-27dd-4194-a685-8fc96ddce72e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:be:06:39:34:40:2b:de:ec:42:52:a2:cd:94:c3:44:cd:34:
         4a:78:c0:70:87:36:1e:34:89:44:57:e1:28:ed:cd:9b:cb:b4:
         c9:ac:99:fc:7c:04:d3:b9:05:f4:4b:b7:6e:1d:ca:43:1b:c3:
         c7:b5:82:99:bc:f8:28:fc:e4:d4:c2:80:57:31:05:90:85:f3:
         d3:34:f3:c2:66:26:b3:f2:7c:14:53:fc:e5:9c:f7:c8:6b:25:
         ab:c3:44:dd:e7:21:ad:3f:96:90:c2:90:aa:7d:62:63:3d:de:
         4a:84:ba:19:be:a8:7b:09:07:3f:d1:4f:dc:c2:03:46:fc:0b:
         8d:a1:e0:33:7f:1f:40:20:1f:f5:6c:5a:7a:47:2f:d7:d8:5b:
         93:95:0b:ee:d4:c3:e0:6f:28:ff:ea:df:94:3a:12:a6:7f:7f:
         93:5b:2c:01:c6:6c:39:a4:5e:a9:29:cd:21:fd:45:a2:b4:0d:
         d5:a8:70:ac:96:98:ba:03:0d:14:55:bd:42:c5:69:f8:7c:4a:
         8c:a0:bc:f8:e6:51:99:ef:f3:66:97:b6:15:c0:46:f9:eb:d8:
         88:5d:d8:69:f3:f0:29:bd:ed:6f:de:bd:ec:45:48:ae:71:53:
         8c:29:ae:5f:71:b0:a5:12:b7:7e:df:88:2e:71:a6:e9:67:b9:
         4f:5a:22:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeNQmdbhF581p01odNLIgjc/xaDQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE5MDAwMDAwWhcNMjMwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNzQ2Y2FlNTBiMDljOTg0NjI4NzA5NWNjMTA2ZjRjMzg3
Y2JiYjIxZTM1YjQ5ZGFkZDVhYjBhZjNjMmI2YWE2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIT4uj/Xfsg7oEnW3Xuto5cHED97CyBhBfzp0CvwEEGyMq
/2NvOvZZLxWlwxQDN2lY4odTcAZAPULED+eoiu6IKlm2OEt5MVEyN/mg9xmQ0kME
i43k5UlRozhcq7W/xqISi2/r84ZWaQCKxkVEKekoABdZ6u9jA24EEDafXi5aPWfK
vhi2QJ8LLoyiq8KWHUadCJjsklw9mNNNYZIn6jXEZIG4qCOxN0nusTVsqOxrS3Eb
q+1bJk+z0KEp0Xy47Dw6kw/aoNp3yvkWG+SL2vY1cGrF3fPs/hlIOvsz36daONeI
oHFduJGBnjPUO7wCyRRxZGSCmFHKxc6jOT4uKBBfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9YU90pSDfZZTlvd+Bk6lUlyahh4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VmNjAyZWE1LTI3ZGQtNDE5NC1hNjg1LThmYzk2ZGRjZTcyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGm+Bjk0QCve7EJSos2Uw0TNNEp4
wHCHNh40iURX4SjtzZvLtMmsmfx8BNO5BfRLt24dykMbw8e1gpm8+Cj85NTCgFcx
BZCF89M088JmJrPyfBRT/OWc98hrJavDRN3nIa0/lpDCkKp9YmM93kqEuhm+qHsJ
Bz/RT9zCA0b8C42h4DN/H0AgH/VsWnpHL9fYW5OVC+7Uw+BvKP/q35Q6EqZ/f5Nb
LAHGbDmkXqkpzSH9RaK0DdWocKyWmLoDDRRVvULFafh8SoygvPjmUZnv82aXthXA
Rvnr2Ihd2Gnz8Cm97W/evexFSK5xU4wprl9xsKUSt37fiC5xpulnuU9aIps=
-----END CERTIFICATE-----