Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2b0130ef-1dfd-4e50-a61c-487a692d4dbe.roa
File:                     2b0130ef-1dfd-4e50-a61c-487a692d4dbe.roa (raw, json)
Hash identifier:          eMQzvKdU1OQNTETSZw2RGlUD5LdknLRwWxgRm+MQNiU=
Subject key identifier:   1D:94:0A:02:DF:76:2A:36:86:D4:6A:E2:B1:21:E6:84:F1:D6:1F:64
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0F322793D4C7EEC5F44D95E92E4973845ABA874B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2b0130ef-1dfd-4e50-a61c-487a692d4dbe.roa
Signing time:             Mon 24 Jul 2023 00:00:00 +0000
ROA not before:           Mon 24 Jul 2023 00:00:00 +0000
ROA not after:            Mon 28 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:32:27:93:d4:c7:ee:c5:f4:4d:95:e9:2e:49:73:84:5a:ba:87:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 24 00:00:00 2023 GMT
            Not After : Aug 28 23:59:59 2023 GMT
        Subject: serialNumber=39b5d9a2e7cfea721199f5c75375289f451e8747f02f4991d7c5eda9a4ac4e68, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:73:30:19:ea:76:53:9b:9a:7d:4e:59:7a:5c:
                    16:c6:46:f5:16:74:9e:f8:1c:3e:36:bc:26:8d:1d:
                    24:e8:7a:80:e5:11:b2:6f:a9:37:a2:31:f8:bf:8c:
                    73:00:9e:da:9b:5d:57:8d:63:ef:e5:32:21:05:26:
                    2b:13:31:5a:1c:f8:68:30:42:95:09:b8:d5:1c:d8:
                    b6:7c:77:ce:fc:25:64:63:15:e7:4c:09:04:82:1a:
                    66:52:df:72:d4:7f:14:9a:84:c7:55:de:e2:f7:0f:
                    e6:0b:c0:66:c2:3f:02:3c:1b:cd:bc:dc:2b:86:20:
                    02:bc:61:2d:6c:35:d1:55:8d:06:b1:a9:4f:9d:b1:
                    ac:69:13:8c:ba:16:5c:94:42:9c:27:1b:7c:21:0b:
                    42:c1:f5:ed:0d:d4:05:77:3f:a0:c5:1c:7c:27:9c:
                    a1:af:6d:2c:5f:f0:ee:e7:9c:36:1c:6c:3e:84:0e:
                    5c:ab:3b:f2:36:2b:2f:30:b9:7d:26:79:f1:9b:1c:
                    ef:cd:d1:ef:67:a6:8f:4d:8a:79:b0:d5:57:46:05:
                    a5:97:9a:67:1c:fc:d5:09:30:38:74:6a:b6:ac:50:
                    17:5a:f3:5f:c0:2e:6b:c7:a6:2c:2b:e0:2a:1f:6d:
                    eb:55:b4:cb:d9:fe:cd:81:5b:d9:15:30:ce:6a:ab:
                    f1:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:94:0A:02:DF:76:2A:36:86:D4:6A:E2:B1:21:E6:84:F1:D6:1F:64
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2b0130ef-1dfd-4e50-a61c-487a692d4dbe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:93:d7:8d:f5:c1:92:84:c4:dc:a2:b4:e5:b5:80:5f:21:fb:
         e5:37:7a:8f:98:b7:17:04:cb:ae:4e:b2:92:d9:b4:c9:85:ec:
         28:9d:37:a8:6f:fc:91:3f:0a:69:0a:0b:c7:0d:f3:08:cc:29:
         5d:fa:a8:75:99:dd:78:11:f2:99:c9:3a:e1:0b:f9:5d:f4:7c:
         e3:a6:0d:10:45:80:00:32:c5:da:1f:aa:4e:c7:1f:77:69:81:
         29:00:bb:53:c4:1d:56:97:ff:25:61:96:ed:5c:13:ee:b7:d5:
         3b:ed:7e:31:64:81:b4:7f:67:d8:a1:5d:1d:b6:b8:46:cd:78:
         3d:aa:4d:74:32:fb:42:e9:47:4c:35:5c:34:5e:ff:de:aa:76:
         98:30:d7:ee:b1:87:c4:27:2b:d3:15:c8:e6:45:e3:cb:86:a6:
         a3:e5:c4:37:a8:f7:b6:9c:e1:e8:74:59:db:0d:23:c4:c1:c7:
         da:07:c6:89:29:d3:e5:6f:44:9b:4c:18:03:15:82:78:21:e1:
         fa:1a:cb:f1:45:ce:c6:44:7a:cd:cd:37:e7:70:84:62:a7:51:
         d9:b1:41:15:a6:07:d9:6f:87:28:62:d7:3c:57:06:0b:16:47:
         b2:c8:57:b6:97:84:19:d4:3c:47:6f:be:dc:12:fa:db:1f:06:
         b4:10:70:04
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDzInk9TH7sX0TZXpLklzhFq6h0swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzI0MDAwMDAwWhcNMjMwODI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOWI1ZDlhMmU3Y2ZlYTcyMTE5OWY1Yzc1Mzc1Mjg5ZjQ1
MWU4NzQ3ZjAyZjQ5OTFkN2M1ZWRhOWE0YWM0ZTY4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbczAZ6nZTm5p9Tll6XBbGRvUWdJ74HD42vCaNHSToeoDl
EbJvqTeiMfi/jHMAntqbXVeNY+/lMiEFJisTMVoc+GgwQpUJuNUc2LZ8d878JWRj
FedMCQSCGmZS33LUfxSahMdV3uL3D+YLwGbCPwI8G8283CuGIAK8YS1sNdFVjQax
qU+dsaxpE4y6FlyUQpwnG3whC0LB9e0N1AV3P6DFHHwnnKGvbSxf8O7nnDYcbD6E
DlyrO/I2Ky8wuX0mefGbHO/N0e9npo9Ninmw1VdGBaWXmmcc/NUJMDh0arasUBda
81/ALmvHpiwr4CofbetVtMvZ/s2BW9kVMM5qq/GzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHZQKAt92KjaG1GrisSHmhPHWH2QwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJiMDEzMGVmLTFkZmQtNGU1MC1hNjFjLTQ4N2E2OTJkNGRiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJmT1431wZKExNyitOW1gF8h++U3
eo+YtxcEy65OspLZtMmF7CidN6hv/JE/CmkKC8cN8wjMKV36qHWZ3XgR8pnJOuEL
+V30fOOmDRBFgAAyxdofqk7HH3dpgSkAu1PEHVaX/yVhlu1cE+631TvtfjFkgbR/
Z9ihXR22uEbNeD2qTXQy+0LpR0w1XDRe/96qdpgw1+6xh8QnK9MVyOZF48uGpqPl
xDeo97ac4eh0WdsNI8TBx9oHxokp0+VvRJtMGAMVgngh4foay/FFzsZEes3NN+dw
hGKnUdmxQRWmB9lvhyhi1zxXBgsWR7LIV7aXhBnUPEdvvtwS+tsfBrQQcAQ=
-----END CERTIFICATE-----