Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fa33d10d-edf6-4f98-8fe5-f93c8552f2f3.roa
File:                     fa33d10d-edf6-4f98-8fe5-f93c8552f2f3.roa (raw, json)
Hash identifier:          zVo5/OBOiX++pmPcOpJrsZEca7dQBhg40IJluOvEopg=
Subject key identifier:   65:11:11:8E:51:21:A2:07:D5:1B:CC:28:29:C7:DA:A9:F0:4C:A4:E1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2BBE19E33F3145168FC7AAE5DFB2E824990BAB85
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fa33d10d-edf6-4f98-8fe5-f93c8552f2f3.roa
Signing time:             Fri 14 Jul 2023 00:00:00 +0000
ROA not before:           Fri 14 Jul 2023 00:00:00 +0000
ROA not after:            Fri 18 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:be:19:e3:3f:31:45:16:8f:c7:aa:e5:df:b2:e8:24:99:0b:ab:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 14 00:00:00 2023 GMT
            Not After : Aug 18 23:59:59 2023 GMT
        Subject: serialNumber=462fe5f3a217dcf0b31114b8d16ebac36792506f574e390b07d9d91e158a45cb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:bd:bc:4d:d2:ba:da:7b:fc:68:0a:f1:c0:fd:
                    ca:a3:e5:c8:13:66:12:78:ba:18:8b:46:17:23:12:
                    d0:e6:68:fb:e6:cd:f4:9c:82:a8:0c:c2:93:c3:fb:
                    11:24:30:31:8b:21:6f:fe:99:53:13:95:e1:8b:c4:
                    8e:e3:3f:86:29:b6:63:c0:2b:5c:84:5d:ff:7d:77:
                    2a:3f:da:53:2f:15:9a:53:a0:d4:6a:b0:ad:1b:b0:
                    71:e6:56:f2:75:bd:1c:a6:dc:8a:c2:f8:ba:7c:70:
                    c7:2b:cb:6f:3d:24:14:01:99:3d:bc:a3:51:95:95:
                    72:6b:88:0a:1c:dd:07:bf:d8:56:1c:aa:74:5d:af:
                    05:73:74:50:b6:b3:ea:cf:8e:e9:68:a3:8f:1f:ac:
                    3a:31:18:e4:49:25:a0:09:f1:79:12:96:0e:9e:eb:
                    32:09:de:8c:5b:f0:c3:14:e2:6f:02:c2:0e:9c:38:
                    31:57:ca:a2:31:d4:81:b1:d0:40:62:12:a1:29:06:
                    57:11:c3:17:d5:21:a9:eb:7c:b2:12:20:81:4f:d7:
                    26:57:c4:25:7d:de:19:ba:39:a7:49:1f:d7:5d:9b:
                    28:4d:94:a7:a5:e8:3c:fb:ab:43:3f:db:8d:2f:b9:
                    54:4d:8e:a2:7f:5c:f6:19:e8:d7:a2:4d:b2:dc:99:
                    3d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:11:11:8E:51:21:A2:07:D5:1B:CC:28:29:C7:DA:A9:F0:4C:A4:E1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fa33d10d-edf6-4f98-8fe5-f93c8552f2f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:ef:31:2c:e8:53:23:2e:36:6d:84:b7:97:1b:e5:3f:1f:3b:
         05:4d:58:42:a1:fa:e3:58:8f:9a:b9:6c:c2:c0:33:c8:4e:2e:
         7b:27:5a:ca:28:9c:8b:24:f9:d9:19:4e:0d:04:4f:ad:43:2c:
         79:40:37:ec:33:e0:21:5b:7b:17:e0:e0:cd:fb:14:be:de:0f:
         66:18:3e:44:d9:96:61:b8:c3:65:e1:c4:1b:4e:d9:68:8a:75:
         71:82:88:90:c2:79:4a:4a:d1:f1:03:f6:3d:d6:43:30:d7:b4:
         bd:08:e6:4d:c2:a6:0b:56:13:d0:55:2d:ae:a1:a0:82:7e:ba:
         69:18:07:82:9b:4c:a6:64:98:52:30:7d:b8:fb:1f:a3:04:f1:
         d0:01:0b:2d:ec:8c:04:e3:ad:59:be:4e:54:83:b9:ab:5d:f3:
         58:bf:c9:e5:42:7e:fa:2d:fc:36:21:6a:6f:58:11:ee:c1:fd:
         93:01:ca:ed:4b:af:b0:fb:69:5f:46:55:fb:a6:81:ec:6c:e0:
         a1:8d:09:34:a2:95:b4:91:9c:76:29:de:c3:37:89:78:23:9f:
         16:d2:c8:9d:70:6b:37:ec:8c:64:28:52:13:55:06:5d:40:25:
         12:18:a5:bd:1a:a7:7a:86:15:61:3d:11:7a:c9:0d:84:a5:60:
         6f:ce:62:70
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK74Z4z8xRRaPx6rl37LoJJkLq4UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE0MDAwMDAwWhcNMjMwODE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NjJmZTVmM2EyMTdkY2YwYjMxMTE0YjhkMTZlYmFjMzY3
OTI1MDZmNTc0ZTM5MGIwN2Q5ZDkxZTE1OGE0NWNiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5vbxN0rrae/xoCvHA/cqj5cgTZhJ4uhiLRhcjEtDmaPvm
zfScgqgMwpPD+xEkMDGLIW/+mVMTleGLxI7jP4YptmPAK1yEXf99dyo/2lMvFZpT
oNRqsK0bsHHmVvJ1vRym3IrC+Lp8cMcry289JBQBmT28o1GVlXJriAoc3Qe/2FYc
qnRdrwVzdFC2s+rPjuloo48frDoxGORJJaAJ8XkSlg6e6zIJ3oxb8MMU4m8Cwg6c
ODFXyqIx1IGx0EBiEqEpBlcRwxfVIanrfLISIIFP1yZXxCV93hm6OadJH9ddmyhN
lKel6Dz7q0M/240vuVRNjqJ/XPYZ6NeiTbLcmT27AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZRERjlEhogfVG8woKcfaqfBMpOEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZhMzNkMTBkLWVkZjYtNGY5OC04ZmU1LWY5M2M4NTUyZjJmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFLvMSzoUyMuNm2Et5cb5T8fOwVN
WEKh+uNYj5q5bMLAM8hOLnsnWsoonIsk+dkZTg0ET61DLHlAN+wz4CFbexfg4M37
FL7eD2YYPkTZlmG4w2XhxBtO2WiKdXGCiJDCeUpK0fED9j3WQzDXtL0I5k3CpgtW
E9BVLa6hoIJ+umkYB4KbTKZkmFIwfbj7H6ME8dABCy3sjATjrVm+TlSDuatd81i/
yeVCfvot/DYham9YEe7B/ZMByu1Lr7D7aV9GVfumgexs4KGNCTSilbSRnHYp3sM3
iXgjnxbSyJ1wazfsjGQoUhNVBl1AJRIYpb0ap3qGFWE9EXrJDYSlYG/OYnA=
-----END CERTIFICATE-----