Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3fb10bfd-e566-4163-b9ea-bfa48cd9c6b8.roa
File:                     3fb10bfd-e566-4163-b9ea-bfa48cd9c6b8.roa (raw, json)
Hash identifier:          iTc3j9YU3/apaOHe84dBdiAS7vaV8J9bUtPpOv+gOPc=
Subject key identifier:   DE:89:D7:F9:52:90:22:76:A8:C5:91:87:D9:2C:84:A6:F7:32:AC:3F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       22FCAA05C9623098CFC3262127DB18B2E79EF13C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3fb10bfd-e566-4163-b9ea-bfa48cd9c6b8.roa
Signing time:             Fri 14 Jul 2023 00:00:00 +0000
ROA not before:           Fri 14 Jul 2023 00:00:00 +0000
ROA not after:            Fri 18 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:fc:aa:05:c9:62:30:98:cf:c3:26:21:27:db:18:b2:e7:9e:f1:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 14 00:00:00 2023 GMT
            Not After : Aug 18 23:59:59 2023 GMT
        Subject: serialNumber=91320b5994b5d9992d8e0bf5c4ea2bdfb73d68d9a70f525917d5e50956ac94e5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b2:31:90:cb:28:df:14:fa:4d:62:4c:07:51:
                    d2:b2:70:57:17:cf:94:1b:3a:e6:bd:e4:2e:52:8d:
                    d1:8a:24:94:cc:3b:f4:fb:23:4c:f9:d0:1f:1a:52:
                    1a:74:77:31:04:7f:3e:b3:8d:43:0b:3a:40:c4:36:
                    5f:ee:32:ff:2a:78:58:7d:b9:28:8a:fa:80:76:d6:
                    f5:4c:09:53:02:62:18:a3:9d:44:8d:4a:87:87:77:
                    37:ad:f0:06:6a:71:f0:51:08:43:2e:f8:8f:37:e3:
                    0c:e4:a0:8a:d3:fa:05:34:b9:3d:ec:4f:d2:79:62:
                    38:3a:81:ba:33:bd:50:85:f0:cf:37:b6:05:e3:78:
                    7b:85:0d:0f:21:31:5d:90:05:03:1e:2a:c6:f2:d3:
                    f9:9e:1e:86:04:71:51:2d:4c:c9:1b:9a:a8:a7:51:
                    a5:5f:82:f5:31:ef:c3:51:cd:21:77:e9:47:49:fc:
                    d1:52:b9:9d:9b:4d:88:c8:54:3a:bc:9c:50:c7:3e:
                    fd:cd:b6:ee:d7:be:5c:50:b0:d8:71:a8:35:e6:db:
                    d3:f9:c5:45:63:23:81:6e:79:ca:23:60:c3:a6:5e:
                    c2:5e:25:0e:f3:bc:ac:7f:ad:4b:62:ec:fa:fa:28:
                    16:b3:93:41:1c:ad:33:e2:1e:27:fc:b6:c6:8a:32:
                    01:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:89:D7:F9:52:90:22:76:A8:C5:91:87:D9:2C:84:A6:F7:32:AC:3F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3fb10bfd-e566-4163-b9ea-bfa48cd9c6b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:94:f9:e7:85:b5:b6:7e:e6:1c:99:22:4f:0e:6e:b1:96:01:
         7f:13:d8:3b:47:b1:cc:38:c4:c2:5f:1b:ec:c0:43:e9:65:ed:
         21:d7:38:9e:bd:b6:d6:5b:65:30:ae:c4:76:38:86:ac:19:68:
         93:4e:e5:77:ff:e8:27:92:44:27:61:86:4b:b1:70:c1:a7:ac:
         63:5c:66:3f:62:06:f8:df:89:7e:a4:ee:ef:71:6f:d3:e2:d9:
         49:37:00:ee:cb:e8:d0:74:54:89:34:69:a2:f6:a5:f8:1a:66:
         fa:84:1d:6b:63:ec:bf:4b:d1:ce:a7:7b:2f:c7:ec:c6:6f:25:
         f0:da:f5:9d:fd:01:15:2a:10:dd:0d:50:d2:53:d4:60:03:09:
         46:22:ef:53:e2:9e:a1:1f:b6:1b:28:fb:0a:14:49:b2:3e:7d:
         65:1c:12:0c:03:fc:99:25:da:26:c8:30:aa:0c:0f:7b:66:43:
         a0:f8:bd:90:8b:8a:1a:61:56:31:bc:9f:4f:f5:55:4f:bf:4a:
         d0:b5:66:a9:80:02:dd:36:26:67:d9:60:37:5e:a8:31:19:04:
         41:48:c0:ef:1d:9e:7d:4f:d2:6d:4c:a9:97:c6:46:cf:71:be:
         9c:4d:c1:ba:6b:b1:52:ce:8c:c7:42:7c:14:50:df:5d:8c:03:
         fe:49:5a:93
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIvyqBcliMJjPwyYhJ9sYsuee8TwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE0MDAwMDAwWhcNMjMwODE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MTMyMGI1OTk0YjVkOTk5MmQ4ZTBiZjVjNGVhMmJkZmI3
M2Q2OGQ5YTcwZjUyNTkxN2Q1ZTUwOTU2YWM5NGU1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGsjGQyyjfFPpNYkwHUdKycFcXz5QbOua95C5SjdGKJJTM
O/T7I0z50B8aUhp0dzEEfz6zjUMLOkDENl/uMv8qeFh9uSiK+oB21vVMCVMCYhij
nUSNSoeHdzet8AZqcfBRCEMu+I834wzkoIrT+gU0uT3sT9J5Yjg6gbozvVCF8M83
tgXjeHuFDQ8hMV2QBQMeKsby0/meHoYEcVEtTMkbmqinUaVfgvUx78NRzSF36UdJ
/NFSuZ2bTYjIVDq8nFDHPv3Ntu7XvlxQsNhxqDXm29P5xUVjI4FuecojYMOmXsJe
JQ7zvKx/rUti7Pr6KBazk0EcrTPiHif8tsaKMgHjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3onX+VKQInaoxZGH2SyEpvcyrD8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNmYjEwYmZkLWU1NjYtNDE2My1iOWVhLWJmYTQ4Y2Q5YzZiOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADmU+eeFtbZ+5hyZIk8ObrGWAX8T
2DtHscw4xMJfG+zAQ+ll7SHXOJ69ttZbZTCuxHY4hqwZaJNO5Xf/6CeSRCdhhkux
cMGnrGNcZj9iBvjfiX6k7u9xb9Pi2Uk3AO7L6NB0VIk0aaL2pfgaZvqEHWtj7L9L
0c6ney/H7MZvJfDa9Z39ARUqEN0NUNJT1GADCUYi71PinqEfthso+woUSbI+fWUc
EgwD/Jkl2ibIMKoMD3tmQ6D4vZCLihphVjG8n0/1VU+/StC1ZqmAAt02JmfZYDde
qDEZBEFIwO8dnn1P0m1MqZfGRs9xvpxNwbprsVLOjMdCfBRQ312MA/5JWpM=
-----END CERTIFICATE-----