Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/793824ad-d9c1-482e-b452-9abc09e25233.roa
File:                     793824ad-d9c1-482e-b452-9abc09e25233.roa (raw, json)
Hash identifier:          tbuprrXdv9ugyn8VRopmLlcM681AcIOYLJlxN34n+cE=
Subject key identifier:   80:08:EC:3D:FB:81:26:C1:DD:41:5B:0E:33:B6:DA:9E:F9:26:C0:A7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       47D4AAE8C7E0373ECF37D7B67C87F5F4F9931CE7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/793824ad-d9c1-482e-b452-9abc09e25233.roa
Signing time:             Sat 02 Sep 2023 00:00:00 +0000
ROA not before:           Sat 02 Sep 2023 00:00:00 +0000
ROA not after:            Sat 07 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:d4:aa:e8:c7:e0:37:3e:cf:37:d7:b6:7c:87:f5:f4:f9:93:1c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  2 00:00:00 2023 GMT
            Not After : Oct  7 23:59:59 2023 GMT
        Subject: serialNumber=62e1243a7a824bcf2fa6f00a7b37daebf4daf1482434a6252f12e596ea2045bc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:de:ca:5c:7d:63:a8:0e:e9:a8:8e:5b:a7:3a:
                    74:a8:05:97:53:cb:86:a5:ba:40:3d:dd:4a:93:7c:
                    b1:b4:77:ae:b7:44:1b:61:4e:9e:dc:dd:20:d4:fa:
                    69:94:46:1c:54:95:f5:b2:25:c0:65:53:ad:08:56:
                    7b:0f:f9:e7:95:77:cb:a4:ed:fe:52:5a:a7:90:93:
                    37:3d:67:26:da:e7:13:82:f7:03:e2:60:62:2b:66:
                    7a:06:96:1e:14:9a:bc:d2:88:41:71:cc:37:a7:df:
                    33:a7:f0:f2:77:92:d9:c2:12:fd:6e:25:8e:7a:f1:
                    ab:8c:9e:6f:2d:1d:80:53:34:c3:b6:b0:d3:fd:83:
                    83:61:8b:ff:df:48:8c:72:ed:69:c3:35:b4:48:31:
                    c8:45:d8:a5:ae:65:de:68:e4:01:2a:0c:45:80:0a:
                    20:34:29:bb:cc:e3:57:fe:ea:97:48:b4:12:5e:8d:
                    c1:50:37:23:6f:23:4e:7a:0f:e9:9e:ba:d7:2d:d9:
                    98:2a:2f:13:93:24:4f:33:11:1a:cb:b0:54:e6:f5:
                    68:1b:4d:de:e3:04:80:b6:af:39:34:97:fc:09:be:
                    6e:55:9f:20:61:d1:0d:f4:22:63:4a:63:27:1f:6b:
                    18:51:72:ec:c8:4e:48:8d:f4:01:dc:91:08:5c:4b:
                    7a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:08:EC:3D:FB:81:26:C1:DD:41:5B:0E:33:B6:DA:9E:F9:26:C0:A7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/793824ad-d9c1-482e-b452-9abc09e25233.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:e2:c6:a3:00:8f:20:68:10:ca:db:dd:41:86:fd:5c:a2:7d:
         b2:8b:d0:1d:94:07:c9:95:12:40:99:92:a7:b9:9c:b6:9e:af:
         00:f1:c0:24:c3:e2:ed:9e:08:bc:8d:98:39:5d:3d:a5:e0:58:
         91:2c:a7:42:6f:91:7b:7e:bc:d6:26:e2:54:0d:bd:bb:29:ae:
         01:ee:43:b5:22:68:c3:f8:38:66:da:ac:5f:58:d2:e4:b3:45:
         23:4e:ec:a5:44:8b:49:39:96:3c:a7:d3:23:fe:97:4b:ee:16:
         f3:ac:88:95:5a:ee:70:08:a0:41:d4:4d:c2:5c:1f:4e:f2:1a:
         bd:41:7e:5e:6a:fd:fe:28:62:5e:57:82:6c:7f:df:8e:86:a2:
         1b:d6:89:90:05:83:10:08:13:87:33:eb:8d:6b:52:07:be:87:
         95:90:8d:2b:c3:f6:99:43:53:fd:33:3c:a5:1f:13:39:c2:6c:
         8f:70:8e:84:15:b8:c2:9e:1a:53:86:51:ee:3b:8b:00:c7:c7:
         9e:4f:45:77:d1:82:3d:e0:6c:26:d5:d2:c8:7f:d4:de:92:29:
         68:a4:02:6f:4a:ea:87:2e:11:b9:22:d7:49:51:26:fd:13:0e:
         2e:9c:1d:dd:35:d1:a0:f4:23:25:e1:10:38:91:89:2d:54:a8:
         ba:0d:fa:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR9Sq6MfgNz7PN9e2fIf19PmTHOcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTAyMDAwMDAwWhcNMjMxMDA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MmUxMjQzYTdhODI0YmNmMmZhNmYwMGE3YjM3ZGFlYmY0
ZGFmMTQ4MjQzNGE2MjUyZjEyZTU5NmVhMjA0NWJjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCe3spcfWOoDumojlunOnSoBZdTy4alukA93UqTfLG0d663
RBthTp7c3SDU+mmURhxUlfWyJcBlU60IVnsP+eeVd8uk7f5SWqeQkzc9Zyba5xOC
9wPiYGIrZnoGlh4UmrzSiEFxzDen3zOn8PJ3ktnCEv1uJY568auMnm8tHYBTNMO2
sNP9g4Nhi//fSIxy7WnDNbRIMchF2KWuZd5o5AEqDEWACiA0KbvM41f+6pdItBJe
jcFQNyNvI056D+meutct2ZgqLxOTJE8zERrLsFTm9WgbTd7jBIC2rzk0l/wJvm5V
nyBh0Q30ImNKYycfaxhRcuzITkiN9AHckQhcS3r3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgAjsPfuBJsHdQVsOM7banvkmwKcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc5MzgyNGFkLWQ5YzEtNDgyZS1iNDUyLTlhYmMwOWUyNTIzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFDixqMAjyBoEMrb3UGG/VyifbKL
0B2UB8mVEkCZkqe5nLaerwDxwCTD4u2eCLyNmDldPaXgWJEsp0JvkXt+vNYm4lQN
vbsprgHuQ7UiaMP4OGbarF9Y0uSzRSNO7KVEi0k5ljyn0yP+l0vuFvOsiJVa7nAI
oEHUTcJcH07yGr1Bfl5q/f4oYl5Xgmx/346GohvWiZAFgxAIE4cz641rUge+h5WQ
jSvD9plDU/0zPKUfEznCbI9wjoQVuMKeGlOGUe47iwDHx55PRXfRgj3gbCbV0sh/
1N6SKWikAm9K6ocuEbki10lRJv0TDi6cHd010aD0IyXhEDiRiS1UqLoN+t8=
-----END CERTIFICATE-----