Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0544edc6-b721-4291-8474-d29ded125a7a.roa
File:                     0544edc6-b721-4291-8474-d29ded125a7a.roa (raw, json)
Hash identifier:          rEFWbE5gvvPl8Kq+l5wA76dSPankQWG3RLbsYh2ycAo=
Subject key identifier:   04:03:D0:48:35:41:7C:B5:B2:F0:9E:C6:0E:3E:F3:C0:A2:14:72:B3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7BA842AEBF7E95C1CBA285309706C95301D4E723
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0544edc6-b721-4291-8474-d29ded125a7a.roa
Signing time:             Sun 20 Aug 2023 00:00:00 +0000
ROA not before:           Sun 20 Aug 2023 00:00:00 +0000
ROA not after:            Sun 24 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:a8:42:ae:bf:7e:95:c1:cb:a2:85:30:97:06:c9:53:01:d4:e7:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 20 00:00:00 2023 GMT
            Not After : Sep 24 23:59:59 2023 GMT
        Subject: serialNumber=38df337d595e146bf156aa619fbc538809ccd205b41b8dcd3a83ba0d808d1f07, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:64:f3:69:70:f7:0c:6a:ce:08:9c:26:a1:c1:
                    12:d8:6c:d2:86:2c:e6:b9:46:3f:22:a0:9c:e5:3c:
                    fa:cb:3c:9e:cc:ad:f7:7c:d9:96:7a:ae:fa:59:8d:
                    bd:e7:4c:32:0b:b5:9e:75:01:4c:32:02:d1:f2:8d:
                    78:34:cb:e9:3b:bc:17:dc:9d:51:45:03:72:10:21:
                    05:9b:35:c7:04:95:39:cd:a4:03:95:81:63:20:c2:
                    26:12:51:a6:51:68:7a:ee:3f:57:cf:ca:27:e5:a1:
                    2c:77:23:57:1a:a6:66:33:e7:af:c7:59:22:be:10:
                    17:53:bb:a0:ea:53:8b:27:77:61:fb:ec:14:34:b4:
                    11:73:f4:2e:4a:4e:1e:59:d2:b0:90:e5:df:0d:3b:
                    34:74:cb:37:5f:09:f7:ab:da:98:96:83:58:e0:55:
                    62:73:57:96:f7:44:11:43:94:3e:d6:c7:9c:66:19:
                    c3:b4:0f:43:72:53:2f:15:28:13:6c:89:85:35:3b:
                    66:8a:74:35:ce:96:ac:f3:aa:bd:a1:67:73:97:27:
                    53:2c:d2:90:d4:9e:61:d5:08:71:92:2e:af:93:46:
                    cf:51:71:8d:b0:f7:b4:db:e3:e4:6e:96:f0:e2:9d:
                    b0:d2:03:c2:2a:dd:34:eb:2c:5f:8b:58:ca:75:79:
                    bc:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:03:D0:48:35:41:7C:B5:B2:F0:9E:C6:0E:3E:F3:C0:A2:14:72:B3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0544edc6-b721-4291-8474-d29ded125a7a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:75:19:0b:52:3b:70:18:ee:2d:fa:6e:06:ad:f2:56:8d:65:
         aa:90:20:06:4f:af:f7:c4:e7:48:03:a1:a0:5f:06:2e:1e:17:
         c6:fe:c7:11:88:4c:6f:4a:79:7e:22:1c:72:4f:e8:7b:a4:78:
         05:3e:25:0d:01:29:c5:72:d5:96:e3:66:86:20:fb:0c:7f:b1:
         d7:cc:b0:79:b0:fd:07:44:36:53:8d:52:a3:20:9b:b0:00:f8:
         eb:0b:66:9c:2d:ea:f1:e6:62:56:07:ea:89:c6:9e:49:dc:30:
         bf:cd:42:48:23:c9:0b:ab:8e:78:f6:72:e5:b6:22:1e:70:24:
         4e:f3:3b:0f:c8:8c:98:e6:98:14:b0:d7:4b:1a:a0:7c:87:0f:
         6d:c8:26:82:90:1a:92:cc:7f:d7:9f:8b:69:f6:ec:0e:24:ce:
         32:9d:91:53:83:9a:c3:ce:8d:6e:b6:75:55:4b:ec:fc:a2:ac:
         f4:4a:20:37:cf:0c:62:db:20:36:29:ad:6a:c5:37:97:07:75:
         38:c6:7d:df:20:c3:45:db:4c:86:41:5f:55:12:c2:20:02:ca:
         14:28:97:ac:71:87:e4:37:f5:f1:5e:b8:82:5b:3a:5a:a4:8c:
         a3:78:03:18:f4:64:bb:70:70:59:d2:83:38:34:4d:69:79:ef:
         53:83:34:dc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe6hCrr9+lcHLooUwlwbJUwHU5yMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODIwMDAwMDAwWhcNMjMwOTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOGRmMzM3ZDU5NWUxNDZiZjE1NmFhNjE5ZmJjNTM4ODA5
Y2NkMjA1YjQxYjhkY2QzYTgzYmEwZDgwOGQxZjA3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlZPNpcPcMas4InCahwRLYbNKGLOa5Rj8ioJzlPPrLPJ7M
rfd82ZZ6rvpZjb3nTDILtZ51AUwyAtHyjXg0y+k7vBfcnVFFA3IQIQWbNccElTnN
pAOVgWMgwiYSUaZRaHruP1fPyifloSx3I1capmYz56/HWSK+EBdTu6DqU4snd2H7
7BQ0tBFz9C5KTh5Z0rCQ5d8NOzR0yzdfCfer2piWg1jgVWJzV5b3RBFDlD7Wx5xm
GcO0D0NyUy8VKBNsiYU1O2aKdDXOlqzzqr2hZ3OXJ1Ms0pDUnmHVCHGSLq+TRs9R
cY2w97Tb4+RulvDinbDSA8Iq3TTrLF+LWMp1ebyJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBAPQSDVBfLWy8J7GDj7zwKIUcrMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA1NDRlZGM2LWI3MjEtNDI5MS04NDc0LWQyOWRlZDEyNWE3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF51GQtSO3AY7i36bgat8laNZaqQ
IAZPr/fE50gDoaBfBi4eF8b+xxGITG9KeX4iHHJP6HukeAU+JQ0BKcVy1ZbjZoYg
+wx/sdfMsHmw/QdENlONUqMgm7AA+OsLZpwt6vHmYlYH6onGnkncML/NQkgjyQur
jnj2cuW2Ih5wJE7zOw/IjJjmmBSw10saoHyHD23IJoKQGpLMf9efi2n27A4kzjKd
kVODmsPOjW62dVVL7PyirPRKIDfPDGLbIDYprWrFN5cHdTjGfd8gw0XbTIZBX1US
wiACyhQol6xxh+Q39fFeuIJbOlqkjKN4Axj0ZLtwcFnSgzg0TWl571ODNNw=
-----END CERTIFICATE-----