Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1318adad-4455-4868-bd67-e5f6f6afa076.roa
File:                     1318adad-4455-4868-bd67-e5f6f6afa076.roa (raw, json)
Hash identifier:          q5TfHmZqmgWciYabX0hwSkPloHl+86I/fuaRpsVvFT4=
Subject key identifier:   1A:83:BA:42:86:24:A5:1A:04:5B:28:6B:9B:88:1D:18:F9:11:64:18
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       45357196FB8AB748B34B111E9B48CC94D23D1C69
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1318adad-4455-4868-bd67-e5f6f6afa076.roa
Signing time:             Mon 17 Jul 2023 00:00:00 +0000
ROA not before:           Mon 17 Jul 2023 00:00:00 +0000
ROA not after:            Mon 21 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:35:71:96:fb:8a:b7:48:b3:4b:11:1e:9b:48:cc:94:d2:3d:1c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 17 00:00:00 2023 GMT
            Not After : Aug 21 23:59:59 2023 GMT
        Subject: serialNumber=029c7bab0ce724d5b0567191f5539637e1e6be2fabb53c12195ec85d637ce40f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:82:47:68:12:c8:e1:96:95:90:f9:92:ad:96:
                    92:46:78:98:7b:68:77:39:a9:da:43:d5:48:44:44:
                    d7:f0:79:45:42:6e:f8:a3:02:41:73:d4:f7:7d:64:
                    4d:b5:b3:f9:76:5d:13:4a:30:45:fe:5c:d7:c7:fa:
                    2f:82:60:fc:80:76:c8:ed:19:0a:da:2a:97:b4:13:
                    da:7e:10:a8:b7:91:5a:ea:37:ee:9d:f9:16:e0:09:
                    f9:5e:b7:d8:12:c4:1c:21:40:6e:14:04:bb:f0:b2:
                    d2:79:20:9a:6c:93:e9:67:4d:93:69:a0:b8:ed:a0:
                    f9:c6:69:f9:11:f3:35:98:ae:79:07:75:e0:3a:3a:
                    81:2b:e7:69:b5:09:4b:c9:f5:98:76:fc:e8:d8:ea:
                    cf:f0:bf:94:5c:51:1f:5f:10:8a:9a:ef:b1:f5:73:
                    59:37:5d:c5:d1:0e:fb:af:23:54:a0:89:eb:c0:38:
                    51:c6:a6:bd:0b:49:23:94:a1:b3:7e:3f:cb:ae:7f:
                    64:3a:d3:de:ba:ec:c9:d7:96:5c:8b:3a:05:7b:0e:
                    47:cd:ff:44:c8:37:2e:18:ae:f7:6a:be:77:ef:30:
                    34:6f:ba:0c:2c:b2:f6:42:7c:ef:6e:a1:7e:dd:d5:
                    c8:37:48:93:4a:bd:e1:bc:ee:83:19:a3:f4:e8:62:
                    33:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:83:BA:42:86:24:A5:1A:04:5B:28:6B:9B:88:1D:18:F9:11:64:18
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1318adad-4455-4868-bd67-e5f6f6afa076.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:82:11:a9:a9:0c:0d:6e:e2:44:14:89:51:af:cd:af:ac:66:
         0d:62:61:a1:06:a5:6a:42:1f:a4:5b:4d:ec:ca:6a:c2:69:8c:
         ef:f9:d5:0e:1c:9a:c7:91:c8:39:ba:27:70:c2:84:ef:fa:2b:
         fa:21:9b:a9:ba:26:17:5c:82:70:e8:8d:12:2c:db:bb:ff:b5:
         41:76:13:38:00:c8:e0:ce:b4:88:f1:c7:e0:c2:5d:64:2d:b9:
         d6:2d:58:ca:93:ab:2b:26:2a:ad:07:d2:af:ee:9f:e6:5b:79:
         fa:84:90:3d:9f:4c:59:56:bd:93:32:85:87:7a:b1:73:78:eb:
         86:e0:05:d0:1d:7f:08:db:c0:50:f2:aa:e5:a7:eb:fe:5f:a7:
         0a:d7:4c:c3:03:b3:22:5d:f4:7c:9b:1e:32:60:06:33:77:8e:
         d2:d9:19:fc:9a:4f:40:a3:ba:55:60:8d:f4:e1:de:5d:5f:37:
         59:4b:ea:5d:7d:44:66:eb:a3:71:3f:0b:4b:85:31:8d:50:fb:
         49:92:dd:90:f5:78:2d:4f:14:0d:ec:6a:e2:71:29:24:e1:35:
         50:bb:02:5e:37:a8:94:16:c3:f7:7c:ba:e7:6e:17:6f:ee:65:
         8c:23:9b:39:2e:ef:97:b1:5f:f1:b6:38:71:1d:a6:ca:6d:55:
         40:97:13:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURTVxlvuKt0izSxEem0jMlNI9HGkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE3MDAwMDAwWhcNMjMwODIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjljN2JhYjBjZTcyNGQ1YjA1NjcxOTFmNTUzOTYzN2Ux
ZTZiZTJmYWJiNTNjMTIxOTVlYzg1ZDYzN2NlNDBmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEgkdoEsjhlpWQ+ZKtlpJGeJh7aHc5qdpD1UhERNfweUVC
bvijAkFz1Pd9ZE21s/l2XRNKMEX+XNfH+i+CYPyAdsjtGQraKpe0E9p+EKi3kVrq
N+6d+RbgCflet9gSxBwhQG4UBLvwstJ5IJpsk+lnTZNpoLjtoPnGafkR8zWYrnkH
deA6OoEr52m1CUvJ9Zh2/OjY6s/wv5RcUR9fEIqa77H1c1k3XcXRDvuvI1SgievA
OFHGpr0LSSOUobN+P8uuf2Q609667MnXllyLOgV7DkfN/0TINy4YrvdqvnfvMDRv
ugwssvZCfO9uoX7d1cg3SJNKveG87oMZo/ToYjNzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGoO6QoYkpRoEWyhrm4gdGPkRZBgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzEzMThhZGFkLTQ0NTUtNDg2OC1iZDY3LWU1ZjZmNmFmYTA3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB+CEampDA1u4kQUiVGvza+sZg1i
YaEGpWpCH6RbTezKasJpjO/51Q4cmseRyDm6J3DChO/6K/ohm6m6JhdcgnDojRIs
27v/tUF2EzgAyODOtIjxx+DCXWQtudYtWMqTqysmKq0H0q/un+ZbefqEkD2fTFlW
vZMyhYd6sXN464bgBdAdfwjbwFDyquWn6/5fpwrXTMMDsyJd9HybHjJgBjN3jtLZ
GfyaT0CjulVgjfTh3l1fN1lL6l19RGbro3E/C0uFMY1Q+0mS3ZD1eC1PFA3sauJx
KSThNVC7Al43qJQWw/d8uuduF2/uZYwjmzku75exX/G2OHEdpsptVUCXE+A=
-----END CERTIFICATE-----