Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/925a784a-a2e7-45b1-b327-cf66529c9f48.roa
File:                     925a784a-a2e7-45b1-b327-cf66529c9f48.roa (raw, json)
Hash identifier:          QB4m2XyTPQtNzuGIpKRRMaJvIe6KtnFqkNOmcsDy9Tg=
Subject key identifier:   EE:69:86:39:9C:F4:35:1E:79:D9:20:12:A3:70:23:7A:E1:B7:3F:C2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3A444AEAB90B1D478F11A61D999EDAD7A7ED10C3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/925a784a-a2e7-45b1-b327-cf66529c9f48.roa
Signing time:             Sat 15 Jul 2023 00:00:00 +0000
ROA not before:           Sat 15 Jul 2023 00:00:00 +0000
ROA not after:            Sat 19 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:44:4a:ea:b9:0b:1d:47:8f:11:a6:1d:99:9e:da:d7:a7:ed:10:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 15 00:00:00 2023 GMT
            Not After : Aug 19 23:59:59 2023 GMT
        Subject: serialNumber=5b2d87b7f438155765f6d6770cde7e5c823941b1364f30095c5f2776b48b88fe, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:07:7e:3d:60:ae:fe:3c:34:9c:17:bc:69:5b:
                    22:e2:78:63:77:2b:19:6d:7c:70:16:07:44:7f:4b:
                    2b:f7:d3:15:27:32:3f:45:29:69:49:0c:52:46:3d:
                    68:00:68:b8:41:75:8b:b2:6e:5a:a3:01:96:7c:5a:
                    f1:aa:31:68:7b:06:0d:46:ef:a0:de:57:72:de:95:
                    8c:44:40:69:88:90:34:b9:71:d7:79:8c:7e:a6:2d:
                    d2:03:99:12:08:31:42:2e:6a:28:fb:4f:a5:54:1c:
                    4a:75:5a:23:e9:3f:cd:f6:87:ef:6d:53:c0:1b:26:
                    32:b8:9d:30:99:4d:42:a4:2e:1e:2b:6f:14:32:de:
                    ac:a5:d0:26:bd:52:df:11:cc:13:37:fe:97:e0:64:
                    b1:11:2b:e5:ca:99:8c:54:9a:a0:2a:fb:1e:7f:54:
                    fd:84:4e:98:fb:3c:1c:e4:52:bf:af:ff:b0:b2:e2:
                    fd:de:1e:0f:f5:26:d7:8c:b6:18:79:33:80:5d:1b:
                    ed:06:78:b7:15:a6:39:b5:90:4a:4c:01:13:6d:59:
                    05:0d:4c:a1:1f:5a:1a:e8:ef:e4:cf:4a:41:13:40:
                    f9:e3:bb:53:6e:b0:09:46:76:dc:f8:1f:38:44:72:
                    2e:a9:ea:f1:d4:45:17:da:bb:43:a9:c8:fb:74:49:
                    08:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:69:86:39:9C:F4:35:1E:79:D9:20:12:A3:70:23:7A:E1:B7:3F:C2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/925a784a-a2e7-45b1-b327-cf66529c9f48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:87:b8:82:8d:22:1e:22:6e:ff:00:10:e8:f7:d3:a3:9a:2d:
         56:19:a8:21:b2:c8:e5:b9:f8:ee:c6:1f:31:9c:b6:33:65:33:
         bb:e8:01:11:a1:72:28:18:d4:c3:ea:b8:94:1a:7d:4c:88:56:
         47:b0:a9:74:32:52:33:1e:fe:03:6d:2c:76:21:75:a6:d8:91:
         13:d0:66:3b:3b:87:2f:6e:c4:05:3e:41:78:39:09:c4:15:b2:
         20:dd:c4:e6:82:ac:93:34:36:33:f8:7b:8c:c8:4a:f5:32:97:
         33:a4:6d:b9:d5:ca:89:a6:d1:eb:f1:09:3c:eb:d1:53:42:72:
         95:c8:34:ae:ef:f9:90:80:38:de:ea:c3:4c:08:7f:dd:23:28:
         0d:95:78:22:b9:1b:e6:ad:16:d1:73:b5:cc:ed:fc:82:67:22:
         d6:34:ec:09:4b:8c:76:a0:fd:c9:08:f8:23:55:59:9e:6e:21:
         d7:ef:fb:c1:aa:28:fc:8d:2b:bb:11:b3:08:44:7a:16:cc:0e:
         1f:ab:01:f8:3d:4e:61:21:7f:ad:4a:bf:a2:ab:00:1d:05:78:
         07:81:39:2e:0b:9d:48:48:f9:b3:9e:48:fc:84:d5:85:71:7c:
         c8:77:a6:43:98:9a:49:1e:0c:5f:76:1e:4c:41:5f:64:41:2b:
         6d:5c:26:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOkRK6rkLHUePEaYdmZ7a16ftEMMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE1MDAwMDAwWhcNMjMwODE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YjJkODdiN2Y0MzgxNTU3NjVmNmQ2NzcwY2RlN2U1Yzgy
Mzk0MWIxMzY0ZjMwMDk1YzVmMjc3NmI0OGI4OGZlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCKB349YK7+PDScF7xpWyLieGN3KxltfHAWB0R/Syv30xUn
Mj9FKWlJDFJGPWgAaLhBdYuyblqjAZZ8WvGqMWh7Bg1G76DeV3LelYxEQGmIkDS5
cdd5jH6mLdIDmRIIMUIuaij7T6VUHEp1WiPpP832h+9tU8AbJjK4nTCZTUKkLh4r
bxQy3qyl0Ca9Ut8RzBM3/pfgZLERK+XKmYxUmqAq+x5/VP2ETpj7PBzkUr+v/7Cy
4v3eHg/1JteMthh5M4BdG+0GeLcVpjm1kEpMARNtWQUNTKEfWhro7+TPSkETQPnj
u1NusAlGdtz4HzhEci6p6vHURRfau0OpyPt0SQh1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7mmGOZz0NR552SASo3AjeuG3P8IwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzkyNWE3ODRhLWEyZTctNDViMS1iMzI3LWNmNjY1MjljOWY0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAmHuIKNIh4ibv8AEOj306OaLVYZ
qCGyyOW5+O7GHzGctjNlM7voARGhcigY1MPquJQafUyIVkewqXQyUjMe/gNtLHYh
dabYkRPQZjs7hy9uxAU+QXg5CcQVsiDdxOaCrJM0NjP4e4zISvUylzOkbbnVyomm
0evxCTzr0VNCcpXINK7v+ZCAON7qw0wIf90jKA2VeCK5G+atFtFztczt/IJnItY0
7AlLjHag/ckI+CNVWZ5uIdfv+8GqKPyNK7sRswhEehbMDh+rAfg9TmEhf61Kv6Kr
AB0FeAeBOS4LnUhI+bOeSPyE1YVxfMh3pkOYmkkeDF92HkxBX2RBK21cJkY=
-----END CERTIFICATE-----