Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/95b34949-7f97-45b4-8fd2-e5c2e6d66014.roa
File:                     95b34949-7f97-45b4-8fd2-e5c2e6d66014.roa (raw, json)
Hash identifier:          Tetg8icCC00dqlUf1PLDL7KVU8buEuqPY/7mfPO+B4A=
Subject key identifier:   D6:95:3F:A2:4C:07:54:45:21:8A:D5:F7:3C:96:23:39:4E:18:68:1F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       689E9820F4442D745B813C8F16092FE3A92F4DA3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/95b34949-7f97-45b4-8fd2-e5c2e6d66014.roa
Signing time:             Fri 07 Jul 2023 00:00:00 +0000
ROA not before:           Fri 07 Jul 2023 00:00:00 +0000
ROA not after:            Fri 11 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:9e:98:20:f4:44:2d:74:5b:81:3c:8f:16:09:2f:e3:a9:2f:4d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  7 00:00:00 2023 GMT
            Not After : Aug 11 23:59:59 2023 GMT
        Subject: serialNumber=b4bafa493a0c2ee3e45d260ebd0d368795be614c6b724bc7671035368dc4a547, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:95:db:2d:41:e6:0b:2d:db:72:62:20:00:9e:
                    66:ac:94:cf:77:cb:7c:18:ea:f7:1e:12:15:40:01:
                    58:df:0e:38:2e:49:fe:2c:68:7d:ff:e2:e1:4d:80:
                    b0:de:9c:cf:5c:df:91:ca:be:56:b7:68:d2:2d:67:
                    08:26:d1:e3:ab:8a:23:1a:f0:94:34:0e:be:18:7c:
                    4b:92:55:25:8f:cf:bd:c4:f1:53:d0:9a:cb:22:e0:
                    7a:56:3f:72:4d:15:f4:32:b3:11:65:cf:0c:c6:0c:
                    d1:bc:af:12:00:ef:b7:d6:b5:96:b3:55:2a:94:0e:
                    de:3c:52:97:03:9d:40:7a:68:c4:c5:6c:cd:f2:3e:
                    10:03:ac:3c:75:99:b1:fc:4e:73:88:04:a6:f3:ca:
                    8d:78:6a:c6:96:ae:fd:94:2a:78:47:cc:9b:bf:3c:
                    e3:6e:ba:23:b5:14:c2:fd:a8:a2:74:f8:cf:65:dd:
                    18:6b:85:68:d8:b3:3b:d8:ab:8a:4d:36:df:fc:6f:
                    27:bb:92:1c:14:10:35:25:7a:89:ef:3d:55:f9:84:
                    5e:34:a9:ce:ad:49:61:77:10:f4:5e:d9:13:f0:c6:
                    8f:28:bd:dd:01:cf:ee:90:5a:9e:7f:72:79:5f:98:
                    53:65:93:99:a0:2c:65:aa:de:c0:5f:fa:93:9e:e3:
                    98:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:95:3F:A2:4C:07:54:45:21:8A:D5:F7:3C:96:23:39:4E:18:68:1F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/95b34949-7f97-45b4-8fd2-e5c2e6d66014.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:f3:19:c1:bf:c7:6b:77:8b:ac:d9:18:96:7c:11:1e:00:31:
         11:0d:9d:9a:65:c5:2f:1a:e2:5d:32:e6:d5:38:63:4f:9d:8e:
         ed:2e:32:fb:c2:a2:88:01:88:c0:85:96:3b:23:f3:63:97:98:
         1f:4e:ef:9b:89:d5:dc:f4:ef:0f:b0:0c:9c:3c:8a:ea:2b:89:
         ce:ef:e0:bd:ec:9b:26:d1:27:03:21:f1:0a:a0:a4:8c:78:8f:
         1d:54:3f:03:c7:85:84:23:3a:f6:d6:d9:d0:70:51:e1:61:a3:
         81:c2:47:30:9b:36:9b:e0:01:dd:2b:80:43:89:9b:f4:8c:4b:
         4c:42:50:ca:61:05:28:3f:3c:5e:ab:c5:7a:17:1f:90:75:12:
         27:af:5a:1d:2d:79:43:32:14:b6:e4:26:a4:35:ec:54:b6:a0:
         1f:66:5c:02:d4:e9:1a:c9:20:05:39:33:2a:b6:70:ee:b4:14:
         0f:f1:85:8c:83:bb:5d:36:1b:c1:da:ea:1a:42:be:5e:da:3c:
         85:e5:74:20:07:0b:15:98:06:66:df:f4:8b:7d:4f:e1:a5:fa:
         32:de:e5:ef:43:0f:a9:1c:e1:eb:91:3b:79:58:78:16:12:13:
         b9:a3:2e:93:c3:ec:d2:eb:65:03:21:33:be:21:ea:0a:28:9b:
         32:ab:60:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaJ6YIPRELXRbgTyPFgkv46kvTaMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzA3MDAwMDAwWhcNMjMwODExMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNGJhZmE0OTNhMGMyZWUzZTQ1ZDI2MGViZDBkMzY4Nzk1
YmU2MTRjNmI3MjRiYzc2NzEwMzUzNjhkYzRhNTQ3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQColdstQeYLLdtyYiAAnmaslM93y3wY6vceEhVAAVjfDjgu
Sf4saH3/4uFNgLDenM9c35HKvla3aNItZwgm0eOriiMa8JQ0Dr4YfEuSVSWPz73E
8VPQmssi4HpWP3JNFfQysxFlzwzGDNG8rxIA77fWtZazVSqUDt48UpcDnUB6aMTF
bM3yPhADrDx1mbH8TnOIBKbzyo14asaWrv2UKnhHzJu/PONuuiO1FML9qKJ0+M9l
3RhrhWjYszvYq4pNNt/8bye7khwUEDUleonvPVX5hF40qc6tSWF3EPRe2RPwxo8o
vd0Bz+6QWp5/cnlfmFNlk5mgLGWq3sBf+pOe45irAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1pU/okwHVEUhitX3PJYjOU4YaB8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk1YjM0OTQ5LTdmOTctNDViNC04ZmQyLWU1YzJlNmQ2NjAxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFjzGcG/x2t3i6zZGJZ8ER4AMREN
nZplxS8a4l0y5tU4Y0+dju0uMvvCoogBiMCFljsj82OXmB9O75uJ1dz07w+wDJw8
iuoric7v4L3smybRJwMh8QqgpIx4jx1UPwPHhYQjOvbW2dBwUeFho4HCRzCbNpvg
Ad0rgEOJm/SMS0xCUMphBSg/PF6rxXoXH5B1EievWh0teUMyFLbkJqQ17FS2oB9m
XALU6RrJIAU5Myq2cO60FA/xhYyDu102G8Ha6hpCvl7aPIXldCAHCxWYBmbf9It9
T+Gl+jLe5e9DD6kc4euRO3lYeBYSE7mjLpPD7NLrZQMhM74h6goomzKrYJc=
-----END CERTIFICATE-----