Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f4094567-309b-4580-a0af-c8f8a54a4631.roa
File:                     f4094567-309b-4580-a0af-c8f8a54a4631.roa (raw, json)
Hash identifier:          teFm4Awaq8+DJxhdWVgnD1ZPzrxo209rgyFOKVYqe+s=
Subject key identifier:   81:AB:B8:EB:87:5D:44:25:AB:C1:B0:55:3D:AE:00:D8:F9:0B:0B:95
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1F68D8F8BF7FF8336635A0BCEBF1B80042C9E339
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f4094567-309b-4580-a0af-c8f8a54a4631.roa
Signing time:             Wed 02 Aug 2023 00:00:00 +0000
ROA not before:           Wed 02 Aug 2023 00:00:00 +0000
ROA not after:            Wed 06 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:68:d8:f8:bf:7f:f8:33:66:35:a0:bc:eb:f1:b8:00:42:c9:e3:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  2 00:00:00 2023 GMT
            Not After : Sep  6 23:59:59 2023 GMT
        Subject: serialNumber=05cc29ea29f99c1aa2b817a24290ae5dd1e565cf715a6de7c29fc28753b8eadb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:42:a4:bb:b4:57:c0:b1:8d:f0:0d:f5:0a:62:
                    49:d3:08:8a:7e:72:b0:65:6b:4e:96:07:87:30:00:
                    2a:0b:3c:f3:6c:a8:cb:e8:cc:7a:70:d2:31:b0:c4:
                    af:b4:63:f8:e4:02:24:e7:3c:c0:f6:27:8c:a6:2d:
                    19:e4:09:1c:dc:f3:0c:d1:dd:01:ff:b4:19:13:62:
                    b4:0c:25:75:ba:62:c3:4a:17:90:ff:aa:72:1d:12:
                    27:b9:4e:dd:58:cd:af:2d:49:03:c4:f3:1c:c6:cf:
                    f3:3a:60:18:13:7a:03:32:50:dc:b9:41:61:02:bd:
                    ee:8c:2f:1f:fc:1f:ac:68:97:ec:81:a2:e2:17:4a:
                    8a:e8:40:5e:d6:c9:2e:1e:25:29:ef:75:e3:3c:9a:
                    3b:90:a6:85:a3:43:68:47:50:81:b8:fb:9a:d4:81:
                    a8:ac:5d:c1:d2:a1:2b:85:2d:3f:79:47:2d:bc:a6:
                    49:84:97:a0:d2:1a:a9:37:37:f3:ee:38:e6:9e:d9:
                    cd:c2:44:34:bb:1c:6e:a9:b6:ec:fd:0f:45:36:47:
                    ea:e3:81:c7:b4:ac:9e:4d:dd:6d:99:d9:8b:6b:f5:
                    b9:1c:60:f6:52:90:01:95:24:10:a8:fa:2c:c1:90:
                    ee:48:15:85:50:7c:a7:00:25:0a:e3:39:92:4f:43:
                    c9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:AB:B8:EB:87:5D:44:25:AB:C1:B0:55:3D:AE:00:D8:F9:0B:0B:95
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f4094567-309b-4580-a0af-c8f8a54a4631.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:74:e0:77:01:01:17:95:0c:e9:a7:3d:86:56:e7:07:84:66:
         60:c8:e2:2c:13:be:7d:13:3a:4b:cd:33:41:cb:7f:9d:3b:4e:
         47:1f:2b:24:a9:5b:c7:ef:d2:db:17:70:97:3a:e5:83:66:0c:
         1b:fd:7d:9c:e9:45:5d:20:68:58:31:12:49:91:6b:8f:46:30:
         cd:d6:95:3a:ed:4a:82:c1:8e:d9:bc:54:df:fd:4b:f7:08:47:
         98:67:86:0e:d1:dc:e0:85:03:15:61:71:02:b1:aa:a8:2c:e9:
         68:e4:6c:b7:10:ee:3e:b2:b8:03:82:2a:84:fd:1d:f9:46:45:
         90:07:6e:9f:d1:03:ad:d2:ae:55:70:70:f7:a6:ef:6f:40:01:
         31:68:ec:12:a8:7d:27:ab:d9:42:20:d2:aa:fa:24:5f:b8:e6:
         cd:ba:4c:49:a9:b6:3f:bd:e2:32:5d:78:ae:40:b0:23:49:97:
         a5:ba:cb:49:1d:25:2c:47:bd:4d:d2:f0:f5:61:13:bb:25:ce:
         50:23:1b:bc:05:7b:e9:46:4f:2e:84:67:85:a9:31:f4:1a:d6:
         4a:0b:38:39:96:84:82:72:1d:bf:9e:29:0a:c6:54:6a:b9:ca:
         5b:0b:7a:de:89:97:3d:db:4a:35:ca:22:1a:95:a9:e1:b6:4d:
         7b:8e:42:94
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH2jY+L9/+DNmNaC86/G4AELJ4zkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODAyMDAwMDAwWhcNMjMwOTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNWNjMjllYTI5Zjk5YzFhYTJiODE3YTI0MjkwYWU1ZGQx
ZTU2NWNmNzE1YTZkZTdjMjlmYzI4NzUzYjhlYWRiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTQqS7tFfAsY3wDfUKYknTCIp+crBla06WB4cwACoLPPNs
qMvozHpw0jGwxK+0Y/jkAiTnPMD2J4ymLRnkCRzc8wzR3QH/tBkTYrQMJXW6YsNK
F5D/qnIdEie5Tt1Yza8tSQPE8xzGz/M6YBgTegMyUNy5QWECve6MLx/8H6xol+yB
ouIXSoroQF7WyS4eJSnvdeM8mjuQpoWjQ2hHUIG4+5rUgaisXcHSoSuFLT95Ry28
pkmEl6DSGqk3N/PuOOae2c3CRDS7HG6ptuz9D0U2R+rjgce0rJ5N3W2Z2Ytr9bkc
YPZSkAGVJBCo+izBkO5IFYVQfKcAJQrjOZJPQ8l1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgau464ddRCWrwbBVPa4A2PkLC5UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y0MDk0NTY3LTMwOWItNDU4MC1hMGFmLWM4ZjhhNTRhNDYzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD904HcBAReVDOmnPYZW5weEZmDI
4iwTvn0TOkvNM0HLf507TkcfKySpW8fv0tsXcJc65YNmDBv9fZzpRV0gaFgxEkmR
a49GMM3WlTrtSoLBjtm8VN/9S/cIR5hnhg7R3OCFAxVhcQKxqqgs6WjkbLcQ7j6y
uAOCKoT9HflGRZAHbp/RA63SrlVwcPem729AATFo7BKofSer2UIg0qr6JF+45s26
TEmptj+94jJdeK5AsCNJl6W6y0kdJSxHvU3S8PVhE7slzlAjG7wFe+lGTy6EZ4Wp
MfQa1koLODmWhIJyHb+eKQrGVGq5ylsLet6Jlz3bSjXKIhqVqeG2TXuOQpQ=
-----END CERTIFICATE-----