Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/869d7055-a0a7-42da-99b0-1764600f63f1.roa
File:                     869d7055-a0a7-42da-99b0-1764600f63f1.roa (raw, json)
Hash identifier:          rbQcREBkwu4lgd/NfYxwGJ0lZcHHFImpPk1sLe/LiQM=
Subject key identifier:   11:F1:05:A2:BC:70:05:9E:9F:ED:70:DB:B4:22:A3:DB:90:1B:FB:FB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7DF7A2942F159EA469C2D1E003D4DA8F00926DCA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/869d7055-a0a7-42da-99b0-1764600f63f1.roa
Signing time:             Fri 25 Aug 2023 00:00:00 +0000
ROA not before:           Fri 25 Aug 2023 00:00:00 +0000
ROA not after:            Fri 29 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:f7:a2:94:2f:15:9e:a4:69:c2:d1:e0:03:d4:da:8f:00:92:6d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 25 00:00:00 2023 GMT
            Not After : Sep 29 23:59:59 2023 GMT
        Subject: serialNumber=342021c78821acad11c3287ece6a1cab421a43955dd5de88719d98124235753c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c7:ee:17:1e:46:f5:80:a1:9d:15:1b:6c:6a:
                    5a:88:d9:a8:f7:1b:03:04:77:f4:64:ef:f3:10:5e:
                    51:35:31:f2:13:01:83:9a:af:9d:6e:24:82:bf:e2:
                    e7:ce:a9:45:b2:6f:eb:bc:28:4f:ad:a0:d2:23:69:
                    24:71:fa:9f:d6:a8:1e:bf:11:f6:32:02:03:48:98:
                    85:94:35:5b:26:07:d8:5d:27:d5:1c:2d:ee:81:4c:
                    31:96:68:78:dc:10:52:18:d3:75:b4:04:6d:cf:92:
                    d1:08:00:2a:c0:6d:d6:f7:72:ae:62:68:fb:c9:4d:
                    0d:73:13:75:0e:f0:cd:97:88:59:d0:08:03:e0:c0:
                    3f:ea:02:1b:dd:24:b3:b9:d6:7c:3f:9e:30:61:33:
                    ab:86:84:45:be:4e:94:6a:7f:62:d3:2f:03:6b:cb:
                    20:35:73:ee:47:01:f0:74:b6:bf:02:ae:78:d6:3c:
                    c6:c8:a3:23:0f:51:c1:af:f3:f6:95:79:ad:1b:aa:
                    28:a6:57:72:80:4e:72:5a:53:7a:84:32:40:6b:0b:
                    d0:29:5a:2c:a8:72:a3:9a:0e:8b:44:7e:1c:50:44:
                    57:16:c3:64:fb:9f:27:51:ce:94:d3:af:5a:73:63:
                    2e:9b:62:db:0b:84:30:ce:fe:ed:92:1f:89:31:15:
                    7e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F1:05:A2:BC:70:05:9E:9F:ED:70:DB:B4:22:A3:DB:90:1B:FB:FB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/869d7055-a0a7-42da-99b0-1764600f63f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:c2:c8:46:07:06:4c:6c:53:5a:e4:b2:27:e7:a3:62:26:12:
         e3:5f:c8:5d:9f:06:f8:d9:c7:58:4b:d3:d0:49:22:89:2d:04:
         ce:cc:a8:12:4e:22:8e:81:1b:30:2b:f2:a0:73:a7:43:79:14:
         c2:fb:e7:28:ec:87:0e:ec:ad:6b:d4:69:40:ac:0b:f8:d7:ea:
         5d:c4:ff:51:e6:2e:55:a2:82:bc:dc:f3:3f:00:3c:dc:40:1d:
         17:6c:c3:19:ac:0c:dc:9f:c1:76:e6:bc:6a:ae:13:5f:4b:28:
         9d:57:93:34:c7:d0:22:8e:20:2a:06:4a:2a:2c:b6:86:0c:8b:
         21:96:92:fb:6f:92:20:26:67:e9:97:94:b0:22:15:1c:ad:da:
         dd:27:9c:a9:05:47:57:97:dc:48:e5:21:fc:2c:13:79:ec:2e:
         c5:8f:67:45:aa:90:35:ed:1a:49:3f:f5:cc:c9:ce:7f:e6:fa:
         d0:66:80:ed:11:ab:f1:fb:ba:e7:e3:a1:c5:81:00:d2:d0:ee:
         b2:f8:51:55:ab:59:e2:39:d7:54:85:3c:44:1b:bd:94:35:ac:
         70:92:62:86:32:d7:17:4b:2c:fb:33:d1:03:d9:3f:3a:46:fa:
         04:ea:29:be:62:0d:4c:d0:a2:fa:27:99:60:0a:ab:d2:de:a3:
         e6:f1:aa:2a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUffeilC8VnqRpwtHgA9TajwCSbcowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI1MDAwMDAwWhcNMjMwOTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDIwMjFjNzg4MjFhY2FkMTFjMzI4N2VjZTZhMWNhYjQy
MWE0Mzk1NWRkNWRlODg3MTlkOTgxMjQyMzU3NTNjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcx+4XHkb1gKGdFRtsalqI2aj3GwMEd/Rk7/MQXlE1MfIT
AYOar51uJIK/4ufOqUWyb+u8KE+toNIjaSRx+p/WqB6/EfYyAgNImIWUNVsmB9hd
J9UcLe6BTDGWaHjcEFIY03W0BG3PktEIACrAbdb3cq5iaPvJTQ1zE3UO8M2XiFnQ
CAPgwD/qAhvdJLO51nw/njBhM6uGhEW+TpRqf2LTLwNryyA1c+5HAfB0tr8CrnjW
PMbIoyMPUcGv8/aVea0bqiimV3KATnJaU3qEMkBrC9ApWiyocqOaDotEfhxQRFcW
w2T7nydRzpTTr1pzYy6bYtsLhDDO/u2SH4kxFX4BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEfEForxwBZ6f7XDbtCKj25Ab+/swHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg2OWQ3MDU1LWEwYTctNDJkYS05OWIwLTE3NjQ2MDBmNjNmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ7CyEYHBkxsU1rksifno2ImEuNf
yF2fBvjZx1hL09BJIoktBM7MqBJOIo6BGzAr8qBzp0N5FML75yjshw7srWvUaUCs
C/jX6l3E/1HmLlWigrzc8z8APNxAHRdswxmsDNyfwXbmvGquE19LKJ1XkzTH0CKO
ICoGSiostoYMiyGWkvtvkiAmZ+mXlLAiFRyt2t0nnKkFR1eX3EjlIfwsE3nsLsWP
Z0WqkDXtGkk/9czJzn/m+tBmgO0Rq/H7uufjocWBANLQ7rL4UVWrWeI511SFPEQb
vZQ1rHCSYoYy1xdLLPsz0QPZPzpG+gTqKb5iDUzQovonmWAKq9Leo+bxqio=
-----END CERTIFICATE-----