Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fabf02fb-48e7-4db3-ac86-3f7af32a5d0b.roa
File:                     fabf02fb-48e7-4db3-ac86-3f7af32a5d0b.roa (raw, json)
Hash identifier:          Q2cAQZhtS1F900bLmJ53TXGHyI3BgGUZ+0RSWtyQQPE=
Subject key identifier:   DA:E4:E3:82:85:D1:32:FF:CC:0D:D1:B9:9A:5E:77:97:29:01:CF:BA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       770F53BE78213CC465DA5F754198B900E825DB6D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fabf02fb-48e7-4db3-ac86-3f7af32a5d0b.roa
Signing time:             Thu 27 Jul 2023 00:00:00 +0000
ROA not before:           Thu 27 Jul 2023 00:00:00 +0000
ROA not after:            Thu 31 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:0f:53:be:78:21:3c:c4:65:da:5f:75:41:98:b9:00:e8:25:db:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 27 00:00:00 2023 GMT
            Not After : Aug 31 23:59:59 2023 GMT
        Subject: serialNumber=8cdc180252fbec9ce867517f987ac9093f375874de98316bcc318daa4ae8ebb8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2e:cf:48:1a:88:a3:1b:75:4f:8f:67:9b:f9:
                    f3:b0:ef:5f:a7:07:e5:5c:e6:02:e9:3f:a5:8a:df:
                    d4:f6:ce:0a:59:e7:99:54:7e:e4:04:bf:cc:fa:33:
                    0f:6c:a5:3c:f8:10:b0:6e:ef:b9:a6:bf:17:cd:be:
                    e1:7e:99:5c:ff:22:b8:6f:27:96:26:6c:c8:90:3f:
                    7a:45:32:d5:2a:27:25:6c:28:34:48:b5:4b:37:6b:
                    d5:0a:24:b1:4f:0a:95:ca:56:e1:e9:a5:3e:4f:c7:
                    97:e1:f6:97:fc:03:74:76:07:6a:1e:0e:7f:fc:b2:
                    04:b5:bf:1f:dc:0f:d7:81:30:88:7a:94:05:15:5a:
                    fd:24:28:d2:3f:b2:b3:24:fe:ee:21:ab:cb:77:ce:
                    e4:76:c8:2f:e2:43:00:de:71:2e:83:27:d7:84:95:
                    34:25:09:c9:1d:73:ab:94:ef:58:b8:84:82:29:88:
                    88:52:b2:c2:ab:a7:f2:7c:c0:c8:99:ab:5d:43:de:
                    28:22:60:c6:b6:34:c9:ef:8f:0e:0d:29:73:b5:19:
                    0a:41:6e:cb:2e:11:31:5e:82:c8:21:dc:19:78:dc:
                    da:a7:e3:78:0a:3a:de:75:a6:4c:3f:4c:27:16:a3:
                    24:29:f9:27:f6:cb:c4:f5:63:07:af:f6:ca:40:54:
                    e4:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:E4:E3:82:85:D1:32:FF:CC:0D:D1:B9:9A:5E:77:97:29:01:CF:BA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fabf02fb-48e7-4db3-ac86-3f7af32a5d0b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:6e:98:c7:54:a7:67:74:6e:11:1a:ee:f5:04:00:d8:50:5b:
         f3:1b:42:92:b4:cc:d4:d0:56:73:c7:50:ce:05:65:13:d6:26:
         a4:f8:0d:ac:68:93:36:52:aa:79:0e:c0:8f:37:52:c2:e7:83:
         fa:33:00:57:b4:71:c4:a5:e6:cc:a8:99:61:00:01:ec:a1:cc:
         e8:45:ca:f9:5b:e9:22:e3:e8:19:03:5f:98:17:07:33:b6:ba:
         12:97:11:7f:e9:b0:23:9e:a0:5d:01:06:03:a8:84:c3:8c:9c:
         e3:51:9a:7f:85:ea:d8:b9:c8:5b:74:02:7f:d1:e8:3d:e8:a3:
         72:9e:5d:f4:9d:7f:a6:22:4f:e4:21:b8:8c:44:b0:21:2b:5f:
         d3:b5:15:87:dc:67:02:f6:a8:d6:5e:67:cc:b3:57:fe:38:b9:
         94:51:78:9f:0e:7c:ac:74:e0:6b:15:85:b3:c5:91:4e:84:b2:
         f9:4a:5c:d4:02:98:56:b2:f5:d5:a5:22:da:b0:c3:e1:3e:df:
         5f:74:ee:8e:49:06:e5:8b:5f:95:ab:4f:f6:c1:02:b6:54:1c:
         31:61:b0:c5:52:cd:dd:10:34:05:29:29:69:4c:28:5c:5a:7e:
         4a:b3:0a:07:5c:4f:ac:15:49:dd:c5:07:02:ca:4a:8c:d6:f9:
         31:3c:6e:31
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdw9TvnghPMRl2l91QZi5AOgl220wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzI3MDAwMDAwWhcNMjMwODMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4Y2RjMTgwMjUyZmJlYzljZTg2NzUxN2Y5ODdhYzkwOTNm
Mzc1ODc0ZGU5ODMxNmJjYzMxOGRhYTRhZThlYmI4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmLs9IGoijG3VPj2eb+fOw71+nB+Vc5gLpP6WK39T2zgpZ
55lUfuQEv8z6Mw9spTz4ELBu77mmvxfNvuF+mVz/IrhvJ5YmbMiQP3pFMtUqJyVs
KDRItUs3a9UKJLFPCpXKVuHppT5Px5fh9pf8A3R2B2oeDn/8sgS1vx/cD9eBMIh6
lAUVWv0kKNI/srMk/u4hq8t3zuR2yC/iQwDecS6DJ9eElTQlCckdc6uU71i4hIIp
iIhSssKrp/J8wMiZq11D3igiYMa2NMnvjw4NKXO1GQpBbssuETFegsgh3Bl43Nqn
43gKOt51pkw/TCcWoyQp+Sf2y8T1Ywev9spAVOQTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2uTjgoXRMv/MDdG5ml53lykBz7owHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZhYmYwMmZiLTQ4ZTctNGRiMy1hYzg2LTNmN2FmMzJhNWQwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKhumMdUp2d0bhEa7vUEANhQW/Mb
QpK0zNTQVnPHUM4FZRPWJqT4DaxokzZSqnkOwI83UsLng/ozAFe0ccSl5syomWEA
AeyhzOhFyvlb6SLj6BkDX5gXBzO2uhKXEX/psCOeoF0BBgOohMOMnONRmn+F6ti5
yFt0An/R6D3oo3KeXfSdf6YiT+QhuIxEsCErX9O1FYfcZwL2qNZeZ8yzV/44uZRR
eJ8OfKx04GsVhbPFkU6EsvlKXNQCmFay9dWlItqww+E+31907o5JBuWLX5WrT/bB
ArZUHDFhsMVSzd0QNAUpKWlMKFxafkqzCgdcT6wVSd3FBwLKSozW+TE8bjE=
-----END CERTIFICATE-----