Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f759bd5e-54c4-4d93-8e2f-54cf01900444.roa
File:                     f759bd5e-54c4-4d93-8e2f-54cf01900444.roa (raw, json)
Hash identifier:          /2OfskCgyctQ9YGSdIm8tysp7MJkep0BFxTYJDxzdWM=
Subject key identifier:   09:AB:D0:A0:1C:87:15:29:EF:8E:9C:A4:91:21:41:6F:0A:21:2D:89
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2E23DD1D301946934F2E3D385C5C656492F8E7A6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f759bd5e-54c4-4d93-8e2f-54cf01900444.roa
Signing time:             Fri 18 Aug 2023 00:00:00 +0000
ROA not before:           Fri 18 Aug 2023 00:00:00 +0000
ROA not after:            Fri 22 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:23:dd:1d:30:19:46:93:4f:2e:3d:38:5c:5c:65:64:92:f8:e7:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 18 00:00:00 2023 GMT
            Not After : Sep 22 23:59:59 2023 GMT
        Subject: serialNumber=85f24486578771c785359a31a40b9aa66ac1804daf5c3433e31b16e42ee6ce12, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:3e:9f:bf:3c:e5:68:22:f8:85:cf:1c:20:aa:
                    33:1a:e0:4e:c2:e0:13:11:ac:b4:63:c8:ae:44:07:
                    87:dd:a3:4b:97:50:fc:87:6d:c4:09:c6:19:ca:e9:
                    32:7d:e8:cc:a6:2a:48:6a:7b:8d:aa:83:1b:12:9a:
                    52:12:33:b9:6b:c1:02:86:c1:8a:f9:1f:54:14:eb:
                    aa:e7:a1:d0:19:ea:49:7f:5a:b0:cd:3f:8f:bc:ef:
                    e4:40:81:83:c9:81:f1:b5:7f:e5:dc:d8:ce:63:d4:
                    e0:9f:42:36:5f:eb:21:3e:df:2d:e9:45:9e:38:d7:
                    9c:2b:8b:32:cc:0c:de:65:db:7b:f3:11:40:f4:01:
                    56:a5:f4:9c:59:c7:b3:54:31:f6:8b:ea:49:a4:bd:
                    80:e9:6c:b1:af:98:90:a7:c9:b9:51:46:23:a7:03:
                    23:e8:4f:f3:a0:6e:1d:97:85:db:4b:a5:ac:2c:57:
                    86:ae:8b:89:40:1b:cc:9f:ba:e9:25:1f:78:1e:dd:
                    66:94:b5:02:79:3f:8d:d1:8b:88:08:19:e1:b0:88:
                    b2:b4:66:09:c8:15:07:39:af:b2:07:30:cf:9e:bd:
                    a9:50:05:ad:f3:b8:61:8c:39:3b:a2:f7:09:10:fd:
                    23:77:81:44:99:6c:08:e5:49:be:a5:7f:4c:22:f8:
                    e7:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:AB:D0:A0:1C:87:15:29:EF:8E:9C:A4:91:21:41:6F:0A:21:2D:89
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f759bd5e-54c4-4d93-8e2f-54cf01900444.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:02:99:9b:2a:b5:16:ad:a6:ab:14:db:d7:8e:58:51:51:87:
         f4:6a:35:64:53:b1:bf:96:59:49:b4:91:7a:28:38:a4:70:e5:
         b2:8d:df:91:77:82:b1:40:3b:fc:bd:66:43:c9:01:97:42:e8:
         a2:62:30:58:18:f5:6e:bf:65:37:1f:ff:61:c4:91:26:b3:35:
         2c:d8:19:ce:29:63:14:67:d8:f0:5d:3e:47:60:09:1b:1c:88:
         1f:e4:3d:2a:e7:25:82:2b:1c:d5:01:20:e3:05:84:26:28:66:
         cd:40:18:df:a2:0f:97:e5:41:b4:83:50:c4:30:35:c4:4f:b8:
         c4:0a:7f:3e:35:a9:ef:9a:40:81:39:c7:87:ea:0f:e7:f1:7d:
         97:f5:f2:93:42:d7:77:8a:1c:c7:05:f7:cb:f3:a4:b7:56:4b:
         f3:79:8a:9c:94:01:9c:08:bc:9d:f0:69:88:ff:53:22:d9:8d:
         d5:ae:17:d1:40:38:78:c4:ce:8e:6c:d2:87:fb:04:0f:19:7b:
         dc:35:80:f7:ab:4c:b5:ae:e4:f2:be:63:fc:1c:99:d8:e7:87:
         9c:1b:85:16:79:61:3f:ed:e6:45:90:68:86:74:d9:48:48:a2:
         e8:02:11:14:cf:51:f5:b8:9f:e5:7a:ca:9b:bb:f1:e6:59:da:
         3c:27:c2:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULiPdHTAZRpNPLj04XFxlZJL456YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE4MDAwMDAwWhcNMjMwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NWYyNDQ4NjU3ODc3MWM3ODUzNTlhMzFhNDBiOWFhNjZh
YzE4MDRkYWY1YzM0MzNlMzFiMTZlNDJlZTZjZTEyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcPp+/POVoIviFzxwgqjMa4E7C4BMRrLRjyK5EB4fdo0uX
UPyHbcQJxhnK6TJ96MymKkhqe42qgxsSmlISM7lrwQKGwYr5H1QU66rnodAZ6kl/
WrDNP4+87+RAgYPJgfG1f+Xc2M5j1OCfQjZf6yE+3y3pRZ4415wrizLMDN5l23vz
EUD0AVal9JxZx7NUMfaL6kmkvYDpbLGvmJCnyblRRiOnAyPoT/Ogbh2XhdtLpaws
V4aui4lAG8yfuuklH3ge3WaUtQJ5P43Ri4gIGeGwiLK0ZgnIFQc5r7IHMM+evalQ
Ba3zuGGMOTui9wkQ/SN3gUSZbAjlSb6lf0wi+OdhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCavQoByHFSnvjpykkSFBbwohLYkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y3NTliZDVlLTU0YzQtNGQ5My04ZTJmLTU0Y2YwMTkwMDQ0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABcCmZsqtRatpqsU29eOWFFRh/Rq
NWRTsb+WWUm0kXooOKRw5bKN35F3grFAO/y9ZkPJAZdC6KJiMFgY9W6/ZTcf/2HE
kSazNSzYGc4pYxRn2PBdPkdgCRsciB/kPSrnJYIrHNUBIOMFhCYoZs1AGN+iD5fl
QbSDUMQwNcRPuMQKfz41qe+aQIE5x4fqD+fxfZf18pNC13eKHMcF98vzpLdWS/N5
ipyUAZwIvJ3waYj/UyLZjdWuF9FAOHjEzo5s0of7BA8Ze9w1gPerTLWu5PK+Y/wc
mdjnh5wbhRZ5YT/t5kWQaIZ02UhIougCERTPUfW4n+V6ypu78eZZ2jwnwvg=
-----END CERTIFICATE-----