Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/066d6947-376f-48d8-89b1-e1f2ff05ddb2.roa
File:                     066d6947-376f-48d8-89b1-e1f2ff05ddb2.roa (raw, json)
Hash identifier:          muNLmRJwGomfpTY5yhN5PifkjDZIJd+gm9aNuXq3Qhw=
Subject key identifier:   89:C8:11:1C:50:91:D4:19:8F:56:D8:20:F2:C2:35:4D:A2:38:FD:E1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1AF6F6775FEDD617A18EC60720D565634BF080D2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/066d6947-376f-48d8-89b1-e1f2ff05ddb2.roa
Signing time:             Sat 15 Jul 2023 00:00:00 +0000
ROA not before:           Sat 15 Jul 2023 00:00:00 +0000
ROA not after:            Sat 19 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:f6:f6:77:5f:ed:d6:17:a1:8e:c6:07:20:d5:65:63:4b:f0:80:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 15 00:00:00 2023 GMT
            Not After : Aug 19 23:59:59 2023 GMT
        Subject: serialNumber=70a316e00fbc1e2b54641e9928f95383a3fe357d28f6b1490962dda8aaa982ed, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5e:00:e0:9e:d7:5f:81:5b:47:b9:fc:c0:4e:
                    37:46:95:a6:b3:c7:1f:b2:c3:58:e3:36:cb:bc:ee:
                    58:7d:f1:cc:46:6b:dc:40:56:c4:0f:65:e9:fa:84:
                    e3:c5:7c:ac:9d:56:6f:c8:d2:ac:22:dc:0b:ee:e0:
                    ac:b9:c9:00:43:d7:17:3e:31:9a:bd:1a:68:bf:c1:
                    26:08:63:d9:a9:b7:d1:4e:cd:6e:31:43:7e:45:84:
                    25:85:f1:92:e2:8d:06:05:62:16:80:04:69:d0:9d:
                    3a:d8:b3:0e:45:fe:56:12:75:6a:93:3b:56:7f:84:
                    82:9e:63:76:b0:d0:3e:cc:c9:db:02:95:4c:b8:13:
                    db:05:31:9e:cb:f7:c4:1f:77:e3:2a:90:82:f7:a5:
                    8d:82:5b:5c:6d:67:a3:08:e8:79:d3:2a:61:91:83:
                    00:86:e8:bd:f4:43:7e:69:dd:c5:1b:dc:df:06:65:
                    82:85:b7:6d:2b:60:30:a0:e5:46:df:04:e5:e3:48:
                    b0:30:58:8b:1b:59:31:dc:48:35:a7:35:f0:07:18:
                    25:9f:fe:eb:89:31:df:c8:6a:8c:f3:b4:20:39:c0:
                    76:22:e8:e4:2a:a5:ad:dc:71:9a:bf:78:93:81:68:
                    86:58:e8:44:4e:cf:1c:a3:59:f9:07:74:d8:22:20:
                    72:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:C8:11:1C:50:91:D4:19:8F:56:D8:20:F2:C2:35:4D:A2:38:FD:E1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/066d6947-376f-48d8-89b1-e1f2ff05ddb2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:3a:9f:b2:cc:79:df:8c:4c:fb:40:34:17:e4:53:2f:e4:d3:
         39:99:47:03:50:6a:e1:e8:38:b8:18:4f:e0:54:b3:ed:fa:a6:
         80:24:e0:78:96:5e:91:2b:20:16:ae:80:88:4f:a4:29:02:15:
         e1:3b:6b:6c:79:f1:69:41:70:cb:f5:66:24:6f:a3:fe:62:97:
         8c:a9:e9:b5:0a:f5:58:6e:81:3e:18:78:77:61:dd:d8:a6:0f:
         82:71:7b:63:95:d6:72:b9:ab:fc:2f:66:a2:fc:2f:66:5a:a4:
         26:fb:31:d1:35:dc:12:8d:de:66:2b:81:16:c6:cd:21:17:29:
         6b:96:6b:ef:7f:a9:a3:6e:c0:30:b0:3e:09:a6:df:a2:75:0e:
         08:c5:6c:88:b0:ac:72:4e:94:ef:db:34:90:b3:53:ee:2e:3e:
         00:17:1a:76:fa:2a:64:c2:ed:0c:75:7a:34:d2:2e:9e:5f:2a:
         02:0e:bc:e3:c8:cd:89:c2:13:8a:71:35:cb:3e:27:6e:62:52:
         73:eb:4f:9c:b1:11:71:41:02:a8:21:c6:dd:cd:7d:6a:52:95:
         53:26:6f:eb:7a:6e:eb:1f:b3:e1:9b:e8:ac:2a:4a:44:d4:9b:
         96:db:7c:7b:01:b5:c3:aa:12:96:80:f5:1b:6f:a6:53:a7:1e:
         d0:48:bf:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGvb2d1/t1hehjsYHINVlY0vwgNIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE1MDAwMDAwWhcNMjMwODE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MGEzMTZlMDBmYmMxZTJiNTQ2NDFlOTkyOGY5NTM4M2Ez
ZmUzNTdkMjhmNmIxNDkwOTYyZGRhOGFhYTk4MmVkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8XgDgntdfgVtHufzATjdGlaazxx+yw1jjNsu87lh98cxG
a9xAVsQPZen6hOPFfKydVm/I0qwi3Avu4Ky5yQBD1xc+MZq9Gmi/wSYIY9mpt9FO
zW4xQ35FhCWF8ZLijQYFYhaABGnQnTrYsw5F/lYSdWqTO1Z/hIKeY3aw0D7MydsC
lUy4E9sFMZ7L98Qfd+MqkIL3pY2CW1xtZ6MI6HnTKmGRgwCG6L30Q35p3cUb3N8G
ZYKFt20rYDCg5UbfBOXjSLAwWIsbWTHcSDWnNfAHGCWf/uuJMd/IaozztCA5wHYi
6OQqpa3ccZq/eJOBaIZY6EROzxyjWfkHdNgiIHJFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUicgRHFCR1BmPVtgg8sI1TaI4/eEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA2NmQ2OTQ3LTM3NmYtNDhkOC04OWIxLWUxZjJmZjA1ZGRiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC06n7LMed+MTPtANBfkUy/k0zmZ
RwNQauHoOLgYT+BUs+36poAk4HiWXpErIBaugIhPpCkCFeE7a2x58WlBcMv1ZiRv
o/5il4yp6bUK9VhugT4YeHdh3dimD4Jxe2OV1nK5q/wvZqL8L2ZapCb7MdE13BKN
3mYrgRbGzSEXKWuWa+9/qaNuwDCwPgmm36J1DgjFbIiwrHJOlO/bNJCzU+4uPgAX
Gnb6KmTC7Qx1ejTSLp5fKgIOvOPIzYnCE4pxNcs+J25iUnPrT5yxEXFBAqghxt3N
fWpSlVMmb+t6busfs+Gb6KwqSkTUm5bbfHsBtcOqEpaA9RtvplOnHtBIvwM=
-----END CERTIFICATE-----