Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1c4649da-ecb7-4abd-85e9-e867635ab600.roa
File:                     1c4649da-ecb7-4abd-85e9-e867635ab600.roa (raw, json)
Hash identifier:          ttxxEcJkU9EDtjJf/tFnsB3QTfY5Mt168HT5GyhKP50=
Subject key identifier:   39:BA:6E:98:4D:D8:BC:01:39:F0:BF:84:92:AB:B7:47:33:14:C9:9C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       570A08DBB2CF54AC9BED3AC170EBA03E04261FD5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1c4649da-ecb7-4abd-85e9-e867635ab600.roa
Signing time:             Tue 18 Jul 2023 00:00:00 +0000
ROA not before:           Tue 18 Jul 2023 00:00:00 +0000
ROA not after:            Tue 22 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:0a:08:db:b2:cf:54:ac:9b:ed:3a:c1:70:eb:a0:3e:04:26:1f:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 18 00:00:00 2023 GMT
            Not After : Aug 22 23:59:59 2023 GMT
        Subject: serialNumber=09fe1da59c26b6598a0ec45f03917e80363943ec80bb0bd5202e4a83d2912206, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:38:1e:f4:d8:dd:be:f8:85:a1:d4:d3:d5:8d:
                    8b:89:b3:ae:9c:e7:f5:14:0b:b9:77:98:8b:c2:f6:
                    b0:3b:5a:5d:f6:e9:b2:68:c0:86:5d:7b:21:70:62:
                    99:5b:12:cf:a6:1c:58:ec:4f:83:18:85:41:e2:33:
                    c1:97:6e:07:24:8c:49:7f:33:5b:40:7e:81:81:1d:
                    2b:a9:7c:9a:7d:f9:44:95:d4:f1:ec:34:83:96:04:
                    51:88:ee:1e:2b:7a:bf:40:79:35:ea:71:81:e7:40:
                    1f:c3:05:03:80:6a:74:9e:77:e7:1b:a9:48:b6:62:
                    4f:8b:2b:aa:ef:e1:db:b0:26:cc:2f:dd:cb:62:2b:
                    44:66:ed:13:bb:77:ce:b1:60:26:bd:ab:76:5a:2b:
                    41:a3:ee:5a:4d:8c:8f:95:b2:3f:ec:7b:c0:76:26:
                    a2:b7:58:c8:83:5e:19:0b:6d:5c:63:99:a7:81:f1:
                    13:01:f5:c4:9f:b4:9e:74:a6:83:fc:63:35:f8:91:
                    1a:ab:97:4d:8a:95:d2:af:82:cd:8a:0b:1b:4b:21:
                    03:6b:ff:2e:c6:e0:ba:28:48:c9:9e:d2:b3:c3:c2:
                    79:8f:87:58:3a:b2:28:36:80:e0:51:e5:6b:79:b9:
                    3d:b5:20:08:a8:80:3a:1f:d8:ff:ec:42:24:89:27:
                    74:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:BA:6E:98:4D:D8:BC:01:39:F0:BF:84:92:AB:B7:47:33:14:C9:9C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1c4649da-ecb7-4abd-85e9-e867635ab600.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:6d:8c:d6:ff:84:04:9e:57:76:5d:a8:cb:53:c4:fd:7d:15:
         02:fd:82:87:1b:a8:fc:02:f4:3b:50:c5:74:d0:5e:dd:01:53:
         62:52:f6:b0:26:9a:c8:e2:45:fc:a4:d4:04:01:b9:5f:e1:ca:
         dd:17:90:cf:71:fa:18:55:b0:3f:a8:ef:8b:5e:48:bf:63:74:
         c8:54:9c:fc:72:d6:45:4f:b4:33:8f:b3:4d:da:6d:9d:e9:57:
         0c:46:5c:ca:60:af:af:dc:30:b9:8c:60:66:4b:e7:b4:00:b2:
         88:d6:8f:d5:3a:f9:7d:41:1b:36:41:80:40:2c:ac:6d:3e:7f:
         2e:60:95:d7:90:b5:aa:e9:b3:cf:5b:f0:03:7b:ec:5d:fa:96:
         17:df:95:fe:83:55:82:84:c9:d6:22:bf:7d:8e:91:08:3e:c8:
         d0:d7:82:68:60:ec:c9:42:fe:e9:42:58:61:0b:8d:e9:ea:94:
         e4:66:cb:41:56:2d:f2:b2:6e:0d:43:d8:40:17:ff:19:58:7a:
         6f:6a:2e:00:ab:0b:4a:a7:d7:b1:b5:2e:12:1c:13:d3:7a:87:
         16:c9:10:35:7e:82:ed:80:a8:69:db:ac:f2:49:ef:fa:98:fa:
         3f:13:fd:26:86:a1:55:91:dd:62:16:52:2c:06:67:00:fb:50:
         12:92:9e:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVwoI27LPVKyb7TrBcOugPgQmH9UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE4MDAwMDAwWhcNMjMwODIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwOWZlMWRhNTljMjZiNjU5OGEwZWM0NWYwMzkxN2U4MDM2
Mzk0M2VjODBiYjBiZDUyMDJlNGE4M2QyOTEyMjA2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvOB702N2++IWh1NPVjYuJs66c5/UUC7l3mIvC9rA7Wl32
6bJowIZdeyFwYplbEs+mHFjsT4MYhUHiM8GXbgckjEl/M1tAfoGBHSupfJp9+USV
1PHsNIOWBFGI7h4rer9AeTXqcYHnQB/DBQOAanSed+cbqUi2Yk+LK6rv4duwJswv
3ctiK0Rm7RO7d86xYCa9q3ZaK0Gj7lpNjI+Vsj/se8B2JqK3WMiDXhkLbVxjmaeB
8RMB9cSftJ50poP8YzX4kRqrl02KldKvgs2KCxtLIQNr/y7G4LooSMme0rPDwnmP
h1g6sig2gOBR5Wt5uT21IAiogDof2P/sQiSJJ3QjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUObpumE3YvAE58L+Ekqu3RzMUyZwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFjNDY0OWRhLWVjYjctNGFiZC04NWU5LWU4Njc2MzVhYjYwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIRtjNb/hASeV3ZdqMtTxP19FQL9
gocbqPwC9DtQxXTQXt0BU2JS9rAmmsjiRfyk1AQBuV/hyt0XkM9x+hhVsD+o74te
SL9jdMhUnPxy1kVPtDOPs03abZ3pVwxGXMpgr6/cMLmMYGZL57QAsojWj9U6+X1B
GzZBgEAsrG0+fy5gldeQtarps89b8AN77F36lhfflf6DVYKEydYiv32OkQg+yNDX
gmhg7MlC/ulCWGELjenqlORmy0FWLfKybg1D2EAX/xlYem9qLgCrC0qn17G1LhIc
E9N6hxbJEDV+gu2AqGnbrPJJ7/qY+j8T/SaGoVWR3WIWUiwGZwD7UBKSnh4=
-----END CERTIFICATE-----