Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f805c1a8-31dc-4d4c-8825-4439ec688109.roa
File:                     f805c1a8-31dc-4d4c-8825-4439ec688109.roa (raw, json)
Hash identifier:          x2mIFVuLKO2SR1eGFuiUoGXWqyIYA62NM99kAR0Qhp0=
Subject key identifier:   2A:0A:16:63:E3:A4:0E:F3:7E:92:9E:47:42:B5:90:C2:30:28:43:52
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0A43D1E7FF4FA44B7345533043CC6F70B2361B0F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f805c1a8-31dc-4d4c-8825-4439ec688109.roa
Signing time:             Thu 22 Jun 2023 00:00:00 +0000
ROA not before:           Thu 22 Jun 2023 00:00:00 +0000
ROA not after:            Thu 27 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:43:d1:e7:ff:4f:a4:4b:73:45:53:30:43:cc:6f:70:b2:36:1b:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 22 00:00:00 2023 GMT
            Not After : Jul 27 23:59:59 2023 GMT
        Subject: serialNumber=29945409730f55f7119e231a8f123d872a4efc4c6e1975c4cfd871cfe36356c0, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:3a:51:47:ed:b9:88:3b:6c:18:ed:24:7e:05:
                    a6:ce:84:a9:0d:67:ce:4b:89:d9:fd:9c:30:0b:c1:
                    e0:52:9b:9a:e8:c8:a1:9f:4f:9e:d2:33:df:01:4c:
                    f7:fc:a2:52:54:11:6a:9e:d7:b5:22:b1:6e:88:fe:
                    53:0b:78:4b:fa:ac:3d:49:05:2b:98:60:26:67:af:
                    75:02:ac:ef:67:8b:cc:b6:8a:ac:49:6c:da:68:d6:
                    6b:8e:0a:fe:87:a5:b2:fb:ea:e2:14:07:e3:ee:3d:
                    a6:9b:4e:e3:a5:a1:92:e8:82:8e:31:6f:bd:82:4c:
                    de:08:b0:34:e6:33:01:5f:1e:73:d6:5c:f2:c9:a2:
                    5f:dc:61:41:d5:83:63:95:1d:a8:2a:a3:44:b6:2c:
                    1e:c4:cf:69:ef:93:50:f9:f3:9c:4d:42:64:ee:2e:
                    cc:8b:1f:34:99:9b:9d:5a:d5:a8:4a:10:15:35:51:
                    87:1f:d1:19:65:78:6a:71:55:8f:96:85:99:53:1d:
                    be:7f:9c:ec:a6:04:4d:a2:45:86:4d:46:d4:c4:11:
                    f0:1b:8b:54:b5:67:04:16:61:cb:4a:90:0b:9e:91:
                    7f:cd:6d:81:46:70:a4:af:fd:1c:0a:67:de:0d:b3:
                    54:ab:ba:3a:77:00:5f:d9:74:de:24:74:2e:87:ac:
                    e5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:0A:16:63:E3:A4:0E:F3:7E:92:9E:47:42:B5:90:C2:30:28:43:52
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f805c1a8-31dc-4d4c-8825-4439ec688109.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:25:eb:d6:86:92:65:ec:61:dd:c9:b9:a9:3a:2a:f1:c0:fd:
         a8:b3:39:b8:98:dd:4b:50:42:8c:47:3a:0b:d2:20:3e:f8:16:
         1c:15:ff:d1:ab:66:27:4a:5e:25:09:f6:f5:78:06:9d:9b:fb:
         9d:10:52:1a:24:ca:8d:59:25:fe:16:b2:c2:d0:b8:35:1c:96:
         f5:ea:fb:12:ae:4d:10:d3:2a:54:f1:e4:12:2a:d6:bd:6e:dd:
         ea:e7:11:2a:46:59:de:14:0a:ac:55:bd:b9:f7:d8:13:1c:72:
         be:e2:4b:e4:ed:e1:c4:91:7c:f0:3e:9f:1f:ec:0e:a7:be:e6:
         ac:cd:6b:25:a3:72:46:e8:4d:ad:fd:87:8f:62:97:c2:31:0a:
         d9:7d:4c:da:ec:94:42:30:9d:26:bf:27:f5:e9:b4:0d:31:23:
         1c:e2:aa:e6:79:fd:79:79:42:95:29:12:5f:7f:07:a2:ce:bb:
         9f:5b:c9:ec:d7:b4:5b:fd:fc:f3:51:5a:8c:72:6e:be:d6:97:
         68:c7:35:46:5e:90:30:40:8f:19:a1:dd:9d:6e:31:a2:17:9d:
         9c:b3:7b:c5:b0:7c:df:1b:d3:b6:1e:87:ee:97:05:62:4a:55:
         96:86:19:e8:60:46:c1:12:7d:7e:8e:51:b4:03:bc:55:03:6e:
         b2:90:98:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCkPR5/9PpEtzRVMwQ8xvcLI2Gw8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjIyMDAwMDAwWhcNMjMwNzI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTk0NTQwOTczMGY1NWY3MTE5ZTIzMWE4ZjEyM2Q4NzJh
NGVmYzRjNmUxOTc1YzRjZmQ4NzFjZmUzNjM1NmMwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSOlFH7bmIO2wY7SR+BabOhKkNZ85Lidn9nDALweBSm5ro
yKGfT57SM98BTPf8olJUEWqe17UisW6I/lMLeEv6rD1JBSuYYCZnr3UCrO9ni8y2
iqxJbNpo1muOCv6HpbL76uIUB+PuPaabTuOloZLogo4xb72CTN4IsDTmMwFfHnPW
XPLJol/cYUHVg2OVHagqo0S2LB7Ez2nvk1D585xNQmTuLsyLHzSZm51a1ahKEBU1
UYcf0RlleGpxVY+WhZlTHb5/nOymBE2iRYZNRtTEEfAbi1S1ZwQWYctKkAuekX/N
bYFGcKSv/RwKZ94Ns1Srujp3AF/ZdN4kdC6HrOUXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKgoWY+OkDvN+kp5HQrWQwjAoQ1IwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y4MDVjMWE4LTMxZGMtNGQ0Yy04ODI1LTQ0MzllYzY4ODEwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK8l69aGkmXsYd3Juak6KvHA/aiz
ObiY3UtQQoxHOgvSID74FhwV/9GrZidKXiUJ9vV4Bp2b+50QUhokyo1ZJf4WssLQ
uDUclvXq+xKuTRDTKlTx5BIq1r1u3ernESpGWd4UCqxVvbn32BMccr7iS+Tt4cSR
fPA+nx/sDqe+5qzNayWjckboTa39h49il8IxCtl9TNrslEIwnSa/J/XptA0xIxzi
quZ5/Xl5QpUpEl9/B6LOu59byezXtFv9/PNRWoxybr7Wl2jHNUZekDBAjxmh3Z1u
MaIXnZyze8WwfN8b07Yeh+6XBWJKVZaGGehgRsESfX6OUbQDvFUDbrKQmE0=
-----END CERTIFICATE-----