Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/64dce748-2906-4555-9599-5c3c70597677.roa
File:                     64dce748-2906-4555-9599-5c3c70597677.roa (raw, json)
Hash identifier:          TezKwDBhx40ERr+GkhYLhB3yL8z7e9coAW1cbQ2Hpck=
Subject key identifier:   7F:C5:97:83:64:2F:CA:61:7D:F9:8F:AA:76:12:D4:6B:2B:6A:45:F9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       68FBBDA76EECEEA4ECA2D7F6E944622E4C664E7C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/64dce748-2906-4555-9599-5c3c70597677.roa
Signing time:             Fri 04 Aug 2023 00:00:00 +0000
ROA not before:           Fri 04 Aug 2023 00:00:00 +0000
ROA not after:            Fri 08 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:fb:bd:a7:6e:ec:ee:a4:ec:a2:d7:f6:e9:44:62:2e:4c:66:4e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  4 00:00:00 2023 GMT
            Not After : Sep  8 23:59:59 2023 GMT
        Subject: serialNumber=51c6536f8887f8df85930b1a9535e51d5eef66b95391b680e273adbd79dd5043, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bc:f3:99:42:5b:6a:94:d6:2f:f5:e5:06:cf:
                    40:1d:8c:0e:bb:ed:98:4d:a0:26:b3:35:68:f9:91:
                    de:20:30:8e:f9:1a:01:01:d8:74:b9:89:72:87:b1:
                    99:fa:5c:66:6f:b8:02:b7:60:1e:f9:a0:27:7a:4a:
                    2e:0c:48:f7:37:88:6d:c6:b1:ce:b8:75:bd:13:7b:
                    26:20:95:d9:69:4a:bc:ad:d5:ce:73:7c:7a:89:35:
                    1f:35:ed:be:af:46:18:51:35:e6:60:0f:f8:ff:e2:
                    e8:b3:44:1e:0e:40:24:0a:c9:99:91:b2:9a:ac:d6:
                    23:11:7e:47:a2:36:7b:46:ae:0c:8d:2c:3b:db:68:
                    38:08:70:33:c1:c9:e3:ae:7b:17:06:d6:f9:3d:e9:
                    20:4a:96:bf:f1:c4:12:bc:ea:4c:ad:b9:6a:e2:03:
                    1e:cf:78:c0:6d:b5:5a:b0:91:2a:a4:e9:14:98:9c:
                    b4:0b:86:f3:f9:c5:40:60:95:ad:67:e9:77:b9:82:
                    07:77:b2:bd:a5:4c:f0:05:4a:b8:05:b0:e6:d7:bc:
                    f7:90:44:6a:7c:70:c6:44:d9:ad:ad:ff:1f:9e:b2:
                    3b:d5:70:31:e3:c6:91:c4:07:73:d9:cc:e4:c7:67:
                    f5:f9:2e:95:b3:55:06:2e:e2:0f:64:fa:e8:43:d3:
                    51:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:C5:97:83:64:2F:CA:61:7D:F9:8F:AA:76:12:D4:6B:2B:6A:45:F9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/64dce748-2906-4555-9599-5c3c70597677.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:23:51:d3:c0:89:5e:5b:41:40:21:99:38:ec:48:b6:c2:58:
         77:43:41:45:45:54:d4:be:9a:30:73:19:88:76:95:b0:f2:2b:
         6a:b5:7d:b6:0b:79:35:7e:4c:73:db:31:c5:c8:72:09:30:e4:
         16:25:37:61:9e:ec:78:eb:fb:6a:00:10:d7:ba:72:fb:4a:7e:
         c9:3f:e4:30:b7:50:68:96:71:3f:29:24:92:ae:c0:9a:8c:c9:
         11:36:98:df:20:8e:85:f9:b2:4b:a6:c2:3b:79:0d:89:85:90:
         61:ec:f8:19:d1:63:7d:19:3b:28:2f:6c:58:e5:cc:14:74:c8:
         f1:ab:af:e7:f3:89:f5:d6:df:de:86:6f:4f:06:e8:0d:13:ca:
         0f:cc:ad:03:ca:36:a9:c6:e2:7b:89:00:0e:28:ff:ab:f3:6e:
         bf:b6:27:13:0e:8c:18:43:32:88:39:46:15:b1:b3:d5:01:60:
         eb:99:b0:36:17:68:67:02:6b:6d:b6:09:6b:64:d6:ea:68:5f:
         d2:f5:14:1b:16:8f:75:ac:4d:0f:ca:3b:d5:6b:c2:2d:63:f1:
         2a:2d:1f:7c:09:5e:72:9d:40:84:33:e8:46:e9:d9:a0:db:fa:
         55:c6:2c:8e:96:9d:64:72:4c:d9:9f:68:a7:0f:d6:43:d4:52:
         60:e6:f1:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaPu9p27s7qTsotf26URiLkxmTnwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODA0MDAwMDAwWhcNMjMwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MWM2NTM2Zjg4ODdmOGRmODU5MzBiMWE5NTM1ZTUxZDVl
ZWY2NmI5NTM5MWI2ODBlMjczYWRiZDc5ZGQ1MDQzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClvPOZQltqlNYv9eUGz0AdjA677ZhNoCazNWj5kd4gMI75
GgEB2HS5iXKHsZn6XGZvuAK3YB75oCd6Si4MSPc3iG3Gsc64db0TeyYgldlpSryt
1c5zfHqJNR817b6vRhhRNeZgD/j/4uizRB4OQCQKyZmRspqs1iMRfkeiNntGrgyN
LDvbaDgIcDPByeOuexcG1vk96SBKlr/xxBK86kytuWriAx7PeMBttVqwkSqk6RSY
nLQLhvP5xUBgla1n6Xe5ggd3sr2lTPAFSrgFsObXvPeQRGp8cMZE2a2t/x+esjvV
cDHjxpHEB3PZzOTHZ/X5LpWzVQYu4g9k+uhD01F9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUf8WXg2QvymF9+Y+qdhLUaytqRfkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY0ZGNlNzQ4LTI5MDYtNDU1NS05NTk5LTVjM2M3MDU5NzY3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEYjUdPAiV5bQUAhmTjsSLbCWHdD
QUVFVNS+mjBzGYh2lbDyK2q1fbYLeTV+THPbMcXIcgkw5BYlN2Ge7Hjr+2oAENe6
cvtKfsk/5DC3UGiWcT8pJJKuwJqMyRE2mN8gjoX5skumwjt5DYmFkGHs+BnRY30Z
OygvbFjlzBR0yPGrr+fzifXW396Gb08G6A0Tyg/MrQPKNqnG4nuJAA4o/6vzbr+2
JxMOjBhDMog5RhWxs9UBYOuZsDYXaGcCa222CWtk1upoX9L1FBsWj3WsTQ/KO9Vr
wi1j8SotH3wJXnKdQIQz6Ebp2aDb+lXGLI6WnWRyTNmfaKcP1kPUUmDm8eo=
-----END CERTIFICATE-----