Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84aa9fee-7240-4cf2-b281-4d5f96cb0ba9.roa
File:                     84aa9fee-7240-4cf2-b281-4d5f96cb0ba9.roa (raw, json)
Hash identifier:          Xb2RSIIyjcmMgLi2pIqU0K7gx6z0EPk1h5KGiihm0QQ=
Subject key identifier:   5A:E5:20:A2:C6:09:9B:1A:92:D8:F7:C7:0D:E8:0A:86:21:0C:B0:8C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4B02F9C336D500F39FA090D92424148049D2A1EC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84aa9fee-7240-4cf2-b281-4d5f96cb0ba9.roa
Signing time:             Mon 28 Aug 2023 00:00:00 +0000
ROA not before:           Mon 28 Aug 2023 00:00:00 +0000
ROA not after:            Mon 02 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:02:f9:c3:36:d5:00:f3:9f:a0:90:d9:24:24:14:80:49:d2:a1:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 28 00:00:00 2023 GMT
            Not After : Oct  2 23:59:59 2023 GMT
        Subject: serialNumber=ad496c3a8255a0cc57157afd5a8861c274b917cf82a2dc3b210d6d927e065727, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:50:1a:fc:1f:cb:0e:a1:02:1d:51:e8:70:35:
                    d1:45:6a:fb:04:e1:7c:9b:3f:a7:32:0b:d6:3d:ee:
                    d6:3d:2e:54:29:a5:7f:e0:2a:a6:27:e1:3a:ab:a7:
                    c2:f7:49:1f:0a:77:ef:24:f8:fd:e2:f9:95:67:48:
                    f3:66:a7:db:e6:89:dd:7a:79:4f:6c:f9:9a:7d:14:
                    5d:0d:fd:ed:99:b3:3c:61:3c:50:56:a7:bc:07:7f:
                    ef:1b:67:9c:58:44:93:c4:bf:cd:ce:a3:81:1f:7a:
                    a7:f9:e0:79:31:ab:f6:06:3c:d1:e3:84:94:0f:d4:
                    3a:9b:24:27:37:3d:8c:05:93:3a:72:06:f0:5a:0e:
                    db:85:89:63:5c:d4:db:7a:c2:61:58:d0:ff:f1:45:
                    5b:82:2c:ed:a5:4b:b1:a2:7a:3b:4f:00:9a:f8:75:
                    72:48:eb:c9:50:b6:2c:69:91:1c:84:ab:31:c8:e8:
                    21:e7:c3:24:45:84:8a:ca:48:7e:1a:32:a1:c0:ef:
                    40:b2:30:b5:83:72:79:79:e0:e6:a3:1d:b8:88:67:
                    ed:e3:ed:15:b7:8c:a6:82:46:9c:f9:8f:65:02:aa:
                    1b:1a:cc:ba:83:46:b0:c4:33:36:71:4e:de:d6:9e:
                    e9:aa:0c:11:96:b9:2f:0e:6d:86:a9:c7:47:66:76:
                    d0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:E5:20:A2:C6:09:9B:1A:92:D8:F7:C7:0D:E8:0A:86:21:0C:B0:8C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84aa9fee-7240-4cf2-b281-4d5f96cb0ba9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:5b:df:7d:97:2b:99:fd:fa:48:40:8c:a3:36:18:f1:8b:32:
         5c:f2:7e:b8:f4:f9:c1:e5:4e:86:4a:d0:8b:86:60:40:f9:33:
         0e:e4:73:37:ac:e5:46:62:d2:e9:b8:7b:49:dd:eb:b9:86:12:
         0b:01:e4:af:ae:33:04:aa:b8:5a:19:46:c8:2a:68:a3:5c:be:
         aa:8f:1a:00:fd:e9:56:7a:02:88:52:b0:5a:56:79:b9:32:64:
         0b:2e:cd:8f:00:23:78:bc:01:1b:03:f8:63:31:77:5d:d2:56:
         44:9c:3b:be:6b:10:16:c2:28:1f:31:1a:f4:c2:7e:85:9b:e4:
         b3:7e:e6:33:d3:53:a2:60:4a:ef:69:09:16:29:3b:b7:ad:85:
         84:41:1c:f5:19:3d:d4:33:c8:5f:95:9b:6d:a4:69:2c:57:cf:
         ed:f0:f0:b3:77:a6:e1:63:8d:de:ef:c5:ea:f9:5b:c2:10:6d:
         f6:9d:23:60:1a:0b:66:2f:5f:9c:f9:3e:85:34:ff:bb:44:25:
         67:44:56:95:db:c0:00:5b:c0:94:9b:42:7a:82:e8:52:15:62:
         c3:03:f7:03:9e:46:83:c7:fc:5f:c4:44:f3:3a:7f:ce:99:cd:
         49:4e:7e:5c:97:e0:f0:c5:30:2b:e8:28:1d:51:f1:96:3e:be:
         ae:f7:72:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSwL5wzbVAPOfoJDZJCQUgEnSoewwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI4MDAwMDAwWhcNMjMxMDAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDQ5NmMzYTgyNTVhMGNjNTcxNTdhZmQ1YTg4NjFjMjc0
YjkxN2NmODJhMmRjM2IyMTBkNmQ5MjdlMDY1NzI3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnUBr8H8sOoQIdUehwNdFFavsE4XybP6cyC9Y97tY9LlQp
pX/gKqYn4Tqrp8L3SR8Kd+8k+P3i+ZVnSPNmp9vmid16eU9s+Zp9FF0N/e2Zszxh
PFBWp7wHf+8bZ5xYRJPEv83Oo4Efeqf54Hkxq/YGPNHjhJQP1DqbJCc3PYwFkzpy
BvBaDtuFiWNc1Nt6wmFY0P/xRVuCLO2lS7GiejtPAJr4dXJI68lQtixpkRyEqzHI
6CHnwyRFhIrKSH4aMqHA70CyMLWDcnl54OajHbiIZ+3j7RW3jKaCRpz5j2UCqhsa
zLqDRrDEMzZxTt7WnumqDBGWuS8ObYapx0dmdtCFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWuUgosYJmxqS2PfHDegKhiEMsIwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg0YWE5ZmVlLTcyNDAtNGNmMi1iMjgxLTRkNWY5NmNiMGJhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADZb332XK5n9+khAjKM2GPGLMlzy
frj0+cHlToZK0IuGYED5Mw7kczes5UZi0um4e0nd67mGEgsB5K+uMwSquFoZRsgq
aKNcvqqPGgD96VZ6AohSsFpWebkyZAsuzY8AI3i8ARsD+GMxd13SVkScO75rEBbC
KB8xGvTCfoWb5LN+5jPTU6JgSu9pCRYpO7ethYRBHPUZPdQzyF+Vm22kaSxXz+3w
8LN3puFjjd7vxer5W8IQbfadI2AaC2YvX5z5PoU0/7tEJWdEVpXbwABbwJSbQnqC
6FIVYsMD9wOeRoPH/F/ERPM6f86ZzUlOflyX4PDFMCvoKB1R8ZY+vq73csQ=
-----END CERTIFICATE-----