Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f8780bce-9e1d-4634-9ef3-e4206833d523.roa
File:                     f8780bce-9e1d-4634-9ef3-e4206833d523.roa (raw, json)
Hash identifier:          GZjMsiDhdEXUiJI48ZwpcnkXDYiQ/PlftbONJpm4Fkk=
Subject key identifier:   31:01:84:3A:78:3E:8D:A3:2C:A9:DC:32:D0:C9:E3:4A:5B:45:E1:21
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4E76B6CBF284ECDFC840383864FF7974962CA0C5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f8780bce-9e1d-4634-9ef3-e4206833d523.roa
Signing time:             Sat 26 Aug 2023 00:00:00 +0000
ROA not before:           Sat 26 Aug 2023 00:00:00 +0000
ROA not after:            Sat 30 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:76:b6:cb:f2:84:ec:df:c8:40:38:38:64:ff:79:74:96:2c:a0:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 26 00:00:00 2023 GMT
            Not After : Sep 30 23:59:59 2023 GMT
        Subject: serialNumber=32ffacf51f421528c9eecccc7184e4dda10de6acba96d4f9bfa303a81f32dc2a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:4b:1b:22:e8:0d:7e:c0:6c:4b:bf:56:9f:92:
                    68:01:0b:5c:c8:91:8b:ee:b4:db:c8:02:f1:68:b7:
                    25:23:b2:78:3e:c6:60:a5:be:8b:f6:e0:96:32:64:
                    5d:cd:71:4e:de:1a:c7:77:38:b1:29:69:09:4e:dd:
                    f5:86:7f:61:2b:e0:cc:3b:a8:4d:16:e1:03:02:1d:
                    79:74:c1:48:4f:39:e8:44:f6:4c:8c:a1:02:49:43:
                    e4:29:55:e5:2f:b3:2d:96:fd:35:ba:38:e2:8e:9d:
                    11:67:3b:0b:9b:c9:55:53:05:86:43:90:d2:45:63:
                    07:d1:a4:93:2a:3d:9d:49:99:6f:a2:f6:c3:6b:0b:
                    7a:80:2e:46:a9:7d:d8:07:5b:47:0a:57:0d:e2:43:
                    f7:32:7a:a6:6c:96:99:d8:c9:d4:1c:36:5d:cd:c3:
                    9c:ff:23:57:1c:dd:b7:1b:59:dd:51:4f:85:c8:7d:
                    dc:60:db:eb:e1:58:71:78:e7:e8:07:81:3e:bd:24:
                    26:74:fc:15:e2:35:f9:fb:ba:0e:5b:9e:93:de:84:
                    e8:be:c8:37:85:d0:06:56:b7:d8:b4:cb:91:6b:97:
                    fd:20:18:a6:d3:b0:64:7a:13:5a:47:c5:e9:13:7f:
                    3c:12:3a:c6:27:50:f7:d2:d3:ea:6a:59:15:06:e3:
                    fa:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:01:84:3A:78:3E:8D:A3:2C:A9:DC:32:D0:C9:E3:4A:5B:45:E1:21
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f8780bce-9e1d-4634-9ef3-e4206833d523.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:df:d0:2a:2b:5b:b8:81:55:ba:4a:48:71:6b:63:49:41:86:
         2d:35:07:de:05:75:59:04:83:93:10:57:58:7e:43:7f:26:e3:
         55:af:db:8f:69:58:be:4f:78:8b:ca:5c:df:5e:6f:79:99:5f:
         8f:04:fd:89:51:59:40:f6:7f:3e:cf:32:5e:33:d9:4a:8b:f0:
         d1:da:36:32:6a:fd:de:91:27:57:94:29:6f:b3:7f:08:2e:4b:
         fb:1d:87:90:d3:5b:31:57:f2:f9:eb:24:82:6d:f2:07:f6:f4:
         ea:6e:86:02:6d:28:77:ad:d2:4e:72:19:b9:d1:1a:b5:5f:d8:
         db:87:03:a9:1b:08:9e:35:08:a8:5c:ea:30:49:6a:c4:09:a0:
         57:86:d4:b4:48:cc:05:d0:80:3c:29:c4:12:7e:b7:8a:73:32:
         e5:89:44:76:0c:47:f6:c9:a5:6f:69:c4:52:ed:28:33:2b:52:
         6b:55:dc:26:99:1f:62:d5:0c:4b:a6:37:8b:d9:fe:6d:10:be:
         1f:a4:dd:47:52:3b:9f:08:e3:13:0c:25:a0:7a:e1:12:15:9c:
         a9:db:a5:c5:d2:d9:2f:10:d7:02:2f:e6:25:8e:3b:40:13:38:
         0f:43:b0:9e:17:74:e1:c8:bf:4e:b7:b1:f0:94:42:02:aa:75:
         80:5d:fb:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTna2y/KE7N/IQDg4ZP95dJYsoMUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI2MDAwMDAwWhcNMjMwOTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMmZmYWNmNTFmNDIxNTI4YzllZWNjY2M3MTg0ZTRkZGEx
MGRlNmFjYmE5NmQ0ZjliZmEzMDNhODFmMzJkYzJhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJSxsi6A1+wGxLv1afkmgBC1zIkYvutNvIAvFotyUjsng+
xmClvov24JYyZF3NcU7eGsd3OLEpaQlO3fWGf2Er4Mw7qE0W4QMCHXl0wUhPOehE
9kyMoQJJQ+QpVeUvsy2W/TW6OOKOnRFnOwubyVVTBYZDkNJFYwfRpJMqPZ1JmW+i
9sNrC3qALkapfdgHW0cKVw3iQ/cyeqZslpnYydQcNl3Nw5z/I1cc3bcbWd1RT4XI
fdxg2+vhWHF45+gHgT69JCZ0/BXiNfn7ug5bnpPehOi+yDeF0AZWt9i0y5Frl/0g
GKbTsGR6E1pHxekTfzwSOsYnUPfS0+pqWRUG4/rDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMQGEOng+jaMsqdwy0MnjSltF4SEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y4NzgwYmNlLTllMWQtNDYzNC05ZWYzLWU0MjA2ODMzZDUyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIjf0CorW7iBVbpKSHFrY0lBhi01
B94FdVkEg5MQV1h+Q38m41Wv249pWL5PeIvKXN9eb3mZX48E/YlRWUD2fz7PMl4z
2UqL8NHaNjJq/d6RJ1eUKW+zfwguS/sdh5DTWzFX8vnrJIJt8gf29OpuhgJtKHet
0k5yGbnRGrVf2NuHA6kbCJ41CKhc6jBJasQJoFeG1LRIzAXQgDwpxBJ+t4pzMuWJ
RHYMR/bJpW9pxFLtKDMrUmtV3CaZH2LVDEumN4vZ/m0Qvh+k3UdSO58I4xMMJaB6
4RIVnKnbpcXS2S8Q1wIv5iWOO0ATOA9DsJ4XdOHIv063sfCUQgKqdYBd+2s=
-----END CERTIFICATE-----