Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60df2fad-4982-4427-bdc0-8b0f77f5ef6c.roa
File:                     60df2fad-4982-4427-bdc0-8b0f77f5ef6c.roa (raw, json)
Hash identifier:          wVvIbhyK6cmg5UtTAQdyBvXJvOR2+F+IJ+nkMKtLzZc=
Subject key identifier:   FE:DD:B3:30:E9:3F:4A:C6:5F:25:8C:2F:A6:54:86:B5:7F:D2:6D:AB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6B32EF3FD7EC40AB395BB6AD43C3F06EF2361EF9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60df2fad-4982-4427-bdc0-8b0f77f5ef6c.roa
Signing time:             Tue 11 Jul 2023 00:00:00 +0000
ROA not before:           Tue 11 Jul 2023 00:00:00 +0000
ROA not after:            Tue 15 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:32:ef:3f:d7:ec:40:ab:39:5b:b6:ad:43:c3:f0:6e:f2:36:1e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 11 00:00:00 2023 GMT
            Not After : Aug 15 23:59:59 2023 GMT
        Subject: serialNumber=35e816148987f38946c02419d3ae4513357f9315e1a9f674131e30f1e29aae91, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7e:ef:d3:a7:2f:49:c9:00:cc:f2:fb:cf:24:
                    ec:ee:5d:02:cc:ea:44:48:c0:7b:76:db:4b:7b:b6:
                    87:45:58:a3:f1:b5:7d:46:de:8f:ff:e7:83:ed:68:
                    65:77:89:2b:31:81:1e:28:07:66:29:2d:a2:76:ae:
                    32:b4:93:0d:61:9e:bf:50:e1:46:58:bf:f1:9b:c9:
                    72:d3:1d:30:85:dc:2b:42:5b:6f:99:43:c5:7d:06:
                    ad:d1:34:cc:4d:ee:2f:0a:57:d0:b2:55:86:d8:14:
                    f8:5c:c9:8e:2b:0e:c7:69:6a:b0:dc:0a:1c:f2:71:
                    dd:19:aa:e0:63:a8:4c:6e:29:c7:7b:e4:c2:a0:85:
                    a2:91:07:f5:28:ac:7f:bc:04:58:c2:48:8b:c9:0c:
                    69:02:7f:16:67:9f:95:9d:8e:4f:f8:7a:63:e1:67:
                    b2:52:00:12:e4:3c:67:f5:c0:fb:9d:9d:a9:73:85:
                    4f:cf:c8:f9:c1:45:71:1b:09:07:b6:1c:e3:a1:f7:
                    9f:bd:7f:20:ea:67:8b:0c:cd:08:35:c1:93:b9:48:
                    e0:69:7a:4a:d6:a1:0c:59:aa:09:51:f5:20:62:65:
                    13:f5:98:60:f8:25:ff:59:f2:56:61:73:b7:c9:f0:
                    cf:83:86:54:9f:c2:d2:73:33:60:89:e4:1d:f0:9b:
                    47:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:DD:B3:30:E9:3F:4A:C6:5F:25:8C:2F:A6:54:86:B5:7F:D2:6D:AB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60df2fad-4982-4427-bdc0-8b0f77f5ef6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:bf:e8:e9:8f:22:b3:e6:8b:db:66:ec:8e:df:64:c8:53:38:
         36:d6:2f:66:e8:5b:03:f5:5d:b6:20:86:bc:ac:42:b4:f1:c4:
         5c:75:e4:81:1d:35:3f:0e:25:91:62:b3:2f:32:3a:6e:72:86:
         d8:74:91:3a:5f:42:ad:bd:94:33:86:d0:e2:5c:f8:8f:7e:52:
         a8:46:16:1c:40:72:e2:f4:7c:f7:d0:24:57:df:20:81:b7:0a:
         a2:c5:47:6c:48:37:0d:17:44:ad:22:e9:aa:3e:11:f1:91:83:
         97:9a:34:2b:0a:69:d0:03:21:a8:58:b5:8f:15:c4:29:d1:1d:
         6d:38:e4:70:30:ff:fb:1d:ce:0f:f3:82:02:7d:b2:1e:ea:24:
         05:9c:69:19:b7:6c:a4:45:cf:26:b9:67:16:08:50:b7:ec:d5:
         b8:2f:64:2b:9f:b0:66:b4:d0:c2:8f:ff:59:34:77:f6:e2:e0:
         ee:d6:5b:67:d2:bd:fb:5e:7a:40:1f:27:fd:c9:c8:13:21:74:
         9a:21:ff:e1:c9:bd:2f:da:a6:52:54:cf:12:54:6f:d5:33:5b:
         97:ab:cb:3b:46:1a:04:f9:23:24:6f:0f:4a:c3:99:14:a6:87:
         1f:fc:e0:21:1b:f7:75:84:0e:84:c6:9a:5e:2e:d4:d8:ea:9c:
         97:3a:eb:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUazLvP9fsQKs5W7atQ8PwbvI2HvkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzExMDAwMDAwWhcNMjMwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNWU4MTYxNDg5ODdmMzg5NDZjMDI0MTlkM2FlNDUxMzM1
N2Y5MzE1ZTFhOWY2NzQxMzFlMzBmMWUyOWFhZTkxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2fu/Tpy9JyQDM8vvPJOzuXQLM6kRIwHt220t7todFWKPx
tX1G3o//54PtaGV3iSsxgR4oB2YpLaJ2rjK0kw1hnr9Q4UZYv/GbyXLTHTCF3CtC
W2+ZQ8V9Bq3RNMxN7i8KV9CyVYbYFPhcyY4rDsdparDcChzycd0ZquBjqExuKcd7
5MKghaKRB/UorH+8BFjCSIvJDGkCfxZnn5Wdjk/4emPhZ7JSABLkPGf1wPudnalz
hU/PyPnBRXEbCQe2HOOh95+9fyDqZ4sMzQg1wZO5SOBpekrWoQxZqglR9SBiZRP1
mGD4Jf9Z8lZhc7fJ8M+DhlSfwtJzM2CJ5B3wm0fVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/t2zMOk/SsZfJYwvplSGtX/SbaswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYwZGYyZmFkLTQ5ODItNDQyNy1iZGMwLThiMGY3N2Y1ZWY2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGq/6OmPIrPmi9tm7I7fZMhTODbW
L2boWwP1XbYghrysQrTxxFx15IEdNT8OJZFisy8yOm5yhth0kTpfQq29lDOG0OJc
+I9+UqhGFhxAcuL0fPfQJFffIIG3CqLFR2xINw0XRK0i6ao+EfGRg5eaNCsKadAD
IahYtY8VxCnRHW045HAw//sdzg/zggJ9sh7qJAWcaRm3bKRFzya5ZxYIULfs1bgv
ZCufsGa00MKP/1k0d/bi4O7WW2fSvfteekAfJ/3JyBMhdJoh/+HJvS/aplJUzxJU
b9UzW5eryztGGgT5IyRvD0rDmRSmhx/84CEb93WEDoTGml4u1NjqnJc6600=
-----END CERTIFICATE-----