Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/767ca9f9-baad-47d1-a147-9404ce5ad54e.roa
File:                     767ca9f9-baad-47d1-a147-9404ce5ad54e.roa (raw, json)
Hash identifier:          Gw85ZH2Vdk4atodnQuZuGOovBQ9mDmNMYJPjBLZz0+Q=
Subject key identifier:   3C:73:AE:B2:77:DC:37:DE:87:CA:FC:7E:FE:18:12:22:8C:C8:0F:E7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1EB9C6DAFED3DDCF3457A62B18E2CEB3BC4435DF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/767ca9f9-baad-47d1-a147-9404ce5ad54e.roa
Signing time:             Tue 05 Sep 2023 00:00:00 +0000
ROA not before:           Tue 05 Sep 2023 00:00:00 +0000
ROA not after:            Tue 10 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:b9:c6:da:fe:d3:dd:cf:34:57:a6:2b:18:e2:ce:b3:bc:44:35:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  5 00:00:00 2023 GMT
            Not After : Oct 10 23:59:59 2023 GMT
        Subject: serialNumber=3fd052d793cf2c55201179c59877972cc0c65870ac215740411b28fa087b7d15, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:dd:5c:3f:2b:a9:15:45:b2:85:87:6b:23:94:
                    e0:a2:ef:87:ef:59:7f:1b:c2:be:3c:0f:e2:3c:c0:
                    52:2a:4b:04:21:ec:88:e6:33:9c:12:4b:df:d6:ee:
                    47:86:ea:5b:98:db:93:08:20:26:0a:73:2f:47:99:
                    94:aa:f0:f2:ba:7d:7d:3a:bb:fe:05:1b:8f:67:86:
                    27:05:22:c4:2e:c0:02:55:f6:f8:d6:ce:99:64:3a:
                    66:a9:4c:ac:91:26:4f:f7:6a:11:d6:d5:9e:7e:19:
                    93:06:45:ae:01:11:84:0b:d4:b3:d3:aa:42:8d:13:
                    cd:7f:f5:32:fb:91:91:1d:30:9a:13:e4:7a:7e:f6:
                    f2:13:b9:f8:ac:15:c3:6f:ee:ad:c9:32:fb:51:5e:
                    f2:00:7d:8d:a3:df:01:e8:59:01:c0:ba:19:b4:00:
                    94:72:0d:d7:06:e2:13:1b:cd:7a:63:51:63:5f:38:
                    3a:f0:e0:2e:16:74:ff:ae:c4:31:dd:94:ab:e3:9d:
                    7a:ea:7c:f9:03:59:87:fa:03:ad:9e:49:36:76:7e:
                    90:5d:57:60:94:47:d2:6e:8e:2a:95:c4:07:3c:5f:
                    85:b2:89:21:4a:72:b7:58:52:8c:58:1e:42:1b:1c:
                    60:17:51:c6:5c:8b:93:35:8a:bd:ab:c9:ad:7a:1a:
                    97:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:73:AE:B2:77:DC:37:DE:87:CA:FC:7E:FE:18:12:22:8C:C8:0F:E7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/767ca9f9-baad-47d1-a147-9404ce5ad54e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:3e:0c:1c:53:93:73:6e:37:66:ff:34:bc:92:30:e2:38:fd:
         50:aa:76:e4:47:96:3e:40:9f:21:2a:71:a9:74:86:a6:ab:f0:
         0f:d3:79:64:8b:d1:0e:f4:80:2c:3e:0a:61:a9:6d:b9:e9:db:
         c6:cc:66:35:3f:13:75:63:d1:a1:e6:67:38:c8:36:f6:ae:60:
         f4:23:a1:d2:37:19:1b:1f:46:67:0c:c1:4c:e8:39:3c:6d:84:
         ec:7d:b5:1e:6a:2f:83:0b:ed:f6:2f:91:01:03:a1:54:fe:a3:
         32:74:89:f9:bb:8b:8e:da:4e:95:c0:ac:20:2d:06:36:b5:16:
         50:43:46:38:07:e2:b3:7c:6d:47:e5:fb:15:73:8b:4f:b0:3d:
         4b:25:cf:80:97:c2:33:c3:5d:e4:d8:3c:d1:58:bd:3c:5f:7d:
         91:66:a4:44:f9:7d:b4:7f:66:70:09:4d:c9:0f:56:6b:09:8c:
         32:67:9c:fc:03:61:5d:68:1b:e6:a7:c2:d6:87:88:31:7d:42:
         17:bf:41:77:9c:8f:dd:88:3c:f1:0b:df:45:a2:70:94:36:77:
         56:6c:3b:07:ca:c2:2b:1e:80:07:c4:81:19:9e:58:b5:16:a7:
         fc:a3:05:b8:08:44:28:94:e1:41:32:97:2b:f0:9a:83:26:6f:
         99:8c:57:d5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHrnG2v7T3c80V6YrGOLOs7xENd8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA1MDAwMDAwWhcNMjMxMDEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZmQwNTJkNzkzY2YyYzU1MjAxMTc5YzU5ODc3OTcyY2Mw
YzY1ODcwYWMyMTU3NDA0MTFiMjhmYTA4N2I3ZDE1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDO3Vw/K6kVRbKFh2sjlOCi74fvWX8bwr48D+I8wFIqSwQh
7IjmM5wSS9/W7keG6luY25MIICYKcy9HmZSq8PK6fX06u/4FG49nhicFIsQuwAJV
9vjWzplkOmapTKyRJk/3ahHW1Z5+GZMGRa4BEYQL1LPTqkKNE81/9TL7kZEdMJoT
5Hp+9vITufisFcNv7q3JMvtRXvIAfY2j3wHoWQHAuhm0AJRyDdcG4hMbzXpjUWNf
ODrw4C4WdP+uxDHdlKvjnXrqfPkDWYf6A62eSTZ2fpBdV2CUR9JujiqVxAc8X4Wy
iSFKcrdYUoxYHkIbHGAXUcZci5M1ir2rya16GpdFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPHOusnfcN96Hyvx+/hgSIozID+cwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc2N2NhOWY5LWJhYWQtNDdkMS1hMTQ3LTk0MDRjZTVhZDU0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHc+DBxTk3NuN2b/NLySMOI4/VCq
duRHlj5AnyEqcal0hqar8A/TeWSL0Q70gCw+CmGpbbnp28bMZjU/E3Vj0aHmZzjI
NvauYPQjodI3GRsfRmcMwUzoOTxthOx9tR5qL4ML7fYvkQEDoVT+ozJ0ifm7i47a
TpXArCAtBja1FlBDRjgH4rN8bUfl+xVzi0+wPUslz4CXwjPDXeTYPNFYvTxffZFm
pET5fbR/ZnAJTckPVmsJjDJnnPwDYV1oG+anwtaHiDF9Qhe/QXecj92IPPEL30Wi
cJQ2d1ZsOwfKwisegAfEgRmeWLUWp/yjBbgIRCiU4UEylyvwmoMmb5mMV9U=
-----END CERTIFICATE-----