Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6b73d81a-7902-4d91-a1ee-414cbca86210.roa
File:                     6b73d81a-7902-4d91-a1ee-414cbca86210.roa (raw, json)
Hash identifier:          58mgb8LVFcy/fTw1ooXwcT7/f7ARMxVbv+Po7DTdTjA=
Subject key identifier:   22:44:F4:4A:B0:15:B1:B2:E3:41:F4:DE:93:89:66:D6:71:31:F9:27
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7FA19D91B3D2E7815795A633D398BAE62235E00A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6b73d81a-7902-4d91-a1ee-414cbca86210.roa
Signing time:             Wed 20 Sep 2023 00:00:00 +0000
ROA not before:           Wed 20 Sep 2023 00:00:00 +0000
ROA not after:            Wed 25 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:a1:9d:91:b3:d2:e7:81:57:95:a6:33:d3:98:ba:e6:22:35:e0:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 20 00:00:00 2023 GMT
            Not After : Oct 25 23:59:59 2023 GMT
        Subject: serialNumber=835d9fd0890c8cae342a5149f52eb473f848d57cbfa288a2b04cbe3a1d7098fd, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cc:4e:c9:c6:70:57:52:e5:de:31:df:6f:65:
                    21:6f:b1:34:f7:4f:2c:2c:b2:ff:54:8a:69:49:2e:
                    da:e3:e2:59:71:ec:af:d1:6d:bb:4e:b7:d2:95:9f:
                    72:f4:e5:19:d3:ff:4e:59:9e:95:7c:7d:8a:96:c6:
                    cc:10:dd:28:97:59:80:49:4e:7c:45:65:76:6b:bf:
                    0d:51:e6:f5:d7:79:94:ee:3d:bc:be:0d:c0:1d:6c:
                    92:d4:4e:3d:2c:e7:26:02:7a:84:7f:cc:98:54:52:
                    04:fe:0d:a0:a4:43:62:84:dc:0f:e1:22:cf:04:20:
                    00:21:31:49:a1:93:05:bd:f7:ad:c2:64:d0:71:eb:
                    b5:00:e2:15:2a:52:8d:0f:10:77:d0:1c:8e:06:2e:
                    37:c0:f2:ca:f1:b8:01:30:a4:d8:35:37:1a:52:c9:
                    94:18:37:e5:10:37:4c:bb:e9:0a:d2:eb:a1:bf:ca:
                    c2:ae:3b:fc:ee:b4:19:52:fa:a8:78:6d:1f:43:ac:
                    23:63:39:3a:f6:0c:13:f3:48:8d:8c:91:b6:3b:6b:
                    f2:69:ad:6a:fa:48:53:95:7b:65:7c:cf:48:cd:52:
                    b6:a8:b1:6b:43:e1:4a:88:81:3c:ca:26:79:1e:32:
                    e7:45:36:6f:a3:4b:f6:4e:4e:43:27:d8:c7:77:e7:
                    7c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:44:F4:4A:B0:15:B1:B2:E3:41:F4:DE:93:89:66:D6:71:31:F9:27
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6b73d81a-7902-4d91-a1ee-414cbca86210.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:89:1c:95:4e:de:de:a6:e7:90:f7:fc:83:fc:b9:e4:a3:3c:
         58:76:19:c1:cb:b7:80:2b:b3:42:82:10:74:a8:bb:f7:b4:98:
         73:8e:82:0a:fa:80:a7:9f:c3:3e:82:46:9b:3c:8c:7b:8a:5b:
         e1:41:4e:ff:2a:20:e3:6b:d3:a8:b7:e5:14:ea:2f:bd:83:7f:
         d7:6e:13:73:cd:86:bf:d2:c1:9a:28:0a:61:31:9e:af:96:7e:
         e6:a8:6d:ed:83:1c:5b:2f:6a:8c:fb:48:8a:4b:d7:a6:ab:72:
         1a:6a:f3:a3:97:d7:bb:05:38:35:38:d3:e2:68:b9:41:00:f5:
         9f:83:e5:b9:88:d6:cd:49:42:c6:b6:40:c5:32:35:ea:cd:14:
         64:cf:60:a3:48:05:eb:59:34:5b:64:2a:f5:56:19:99:7c:fc:
         92:12:5a:1d:ba:a0:09:cb:23:03:05:a8:84:9f:c3:69:61:64:
         31:b7:63:83:73:bc:32:8b:d4:58:0a:32:dd:f7:0a:06:eb:69:
         ea:16:86:3b:3f:b7:a2:01:80:35:f0:bd:e4:36:9a:2b:f7:07:
         2c:01:8c:08:55:aa:e6:2e:1f:45:e1:a7:fc:d3:e6:ea:1a:1b:
         66:01:44:5a:4f:d6:cc:96:29:2a:d6:c5:3d:6d:87:5c:07:22:
         d0:39:20:16
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUf6GdkbPS54FXlaYz05i65iI14AowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIwMDAwMDAwWhcNMjMxMDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MzVkOWZkMDg5MGM4Y2FlMzQyYTUxNDlmNTJlYjQ3M2Y4
NDhkNTdjYmZhMjg4YTJiMDRjYmUzYTFkNzA5OGZkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJzE7JxnBXUuXeMd9vZSFvsTT3Tywssv9UimlJLtrj4llx
7K/RbbtOt9KVn3L05RnT/05ZnpV8fYqWxswQ3SiXWYBJTnxFZXZrvw1R5vXXeZTu
Pby+DcAdbJLUTj0s5yYCeoR/zJhUUgT+DaCkQ2KE3A/hIs8EIAAhMUmhkwW9963C
ZNBx67UA4hUqUo0PEHfQHI4GLjfA8srxuAEwpNg1NxpSyZQYN+UQN0y76QrS66G/
ysKuO/zutBlS+qh4bR9DrCNjOTr2DBPzSI2MkbY7a/JprWr6SFOVe2V8z0jNUrao
sWtD4UqIgTzKJnkeMudFNm+jS/ZOTkMn2Md353wNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIkT0SrAVsbLjQfTek4lm1nEx+ScwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzZiNzNkODFhLTc5MDItNGQ5MS1hMWVlLTQxNGNiY2E4NjIxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGGJHJVO3t6m55D3/IP8ueSjPFh2
GcHLt4Ars0KCEHSou/e0mHOOggr6gKefwz6CRps8jHuKW+FBTv8qIONr06i35RTq
L72Df9duE3PNhr/SwZooCmExnq+Wfuaobe2DHFsvaoz7SIpL16archpq86OX17sF
ODU40+JouUEA9Z+D5bmI1s1JQsa2QMUyNerNFGTPYKNIBetZNFtkKvVWGZl8/JIS
Wh26oAnLIwMFqISfw2lhZDG3Y4NzvDKL1FgKMt33CgbraeoWhjs/t6IBgDXwveQ2
miv3BywBjAhVquYuH0Xhp/zT5uoaG2YBRFpP1syWKSrWxT1th1wHItA5IBY=
-----END CERTIFICATE-----