Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb6be9a2-5a52-4d56-9cd8-c7d2cce0c596.roa
File:                     bb6be9a2-5a52-4d56-9cd8-c7d2cce0c596.roa (raw, json)
Hash identifier:          XiOALHVWRTIbuK161cS+G7M0+V2eGbdhpcNfpMYjAY4=
Subject key identifier:   B9:FD:4F:4B:09:CF:40:8D:2C:7E:BB:CC:C8:D7:74:5C:09:CC:0A:1C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       71989734E2ED5B58C09E73287132E947168C012E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb6be9a2-5a52-4d56-9cd8-c7d2cce0c596.roa
Signing time:             Mon 24 Jul 2023 00:00:00 +0000
ROA not before:           Mon 24 Jul 2023 00:00:00 +0000
ROA not after:            Mon 28 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:98:97:34:e2:ed:5b:58:c0:9e:73:28:71:32:e9:47:16:8c:01:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 24 00:00:00 2023 GMT
            Not After : Aug 28 23:59:59 2023 GMT
        Subject: serialNumber=a76eace1e23a6d28b8e955aaa6907088914a383dcc29e9653b6c48b9a729e737, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:54:68:e8:2b:91:32:9f:7d:2e:68:d9:fa:83:
                    a5:ed:54:73:9e:f6:0e:51:f1:7e:fe:84:02:da:6b:
                    83:d3:6c:75:49:25:8d:51:7e:26:5f:68:e9:fc:ea:
                    67:05:84:e9:f3:c9:ce:fa:f3:68:a9:3c:03:a5:54:
                    c2:ef:4a:94:4a:8a:1a:e9:76:3e:d1:be:6f:77:7a:
                    08:5b:cc:e8:31:17:48:80:9b:2b:ce:f3:6b:ad:95:
                    27:bb:03:99:a6:32:ae:a5:e5:0e:8b:ff:2e:6c:19:
                    ea:c2:af:45:09:bb:85:01:69:9f:9b:d4:ab:29:93:
                    87:e1:f3:57:45:6b:61:7d:6b:d9:54:09:1d:8e:b1:
                    dc:95:ff:2c:e4:1c:d3:9c:3a:c7:58:e9:55:0b:41:
                    c7:e0:da:89:73:f5:81:09:1c:d1:e6:69:ee:75:f9:
                    f9:f4:1b:12:f3:70:be:51:2c:08:17:62:52:3c:ff:
                    89:1a:96:b5:3c:fb:e0:bd:73:ce:02:36:c3:59:90:
                    e0:15:91:71:61:b8:18:17:a1:bb:d9:42:3d:cd:ec:
                    6b:5b:e1:83:d4:59:bc:d4:a3:45:8b:73:6c:24:1c:
                    61:b2:7e:69:3d:aa:c9:1f:35:49:b2:c9:68:20:f7:
                    48:cf:b1:bc:a9:7b:43:9a:b5:be:e5:79:df:12:81:
                    0b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FD:4F:4B:09:CF:40:8D:2C:7E:BB:CC:C8:D7:74:5C:09:CC:0A:1C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb6be9a2-5a52-4d56-9cd8-c7d2cce0c596.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:90:a2:a1:d3:63:f8:89:f4:c4:5a:9a:0b:b6:f0:09:04:18:
         61:45:f8:ce:b4:43:09:df:3d:d2:f1:a4:f7:eb:b5:b0:4b:25:
         ec:41:90:93:3d:16:2f:8c:dd:e6:58:0a:d3:56:c6:43:c5:bd:
         2f:11:20:8e:54:92:fe:77:60:7d:f0:15:ca:c6:1e:9b:eb:4d:
         89:e9:30:d4:0a:26:76:6f:81:41:b7:a3:2b:8f:9b:17:a1:a6:
         a5:f9:57:1b:43:49:d1:5a:0b:3f:eb:cc:41:01:75:5c:8e:75:
         6f:97:50:f7:20:b5:f2:49:51:b5:fb:1f:a8:95:49:e0:11:16:
         9c:83:3e:7b:bb:b4:23:4f:d3:85:4b:2d:3c:31:91:cc:c6:bc:
         24:68:ff:99:f7:a5:2a:6f:53:df:48:b1:82:fa:20:58:5d:7f:
         87:0f:f2:2f:0f:ff:57:f3:e3:7c:4b:f4:24:b9:57:d3:df:c4:
         8b:9a:7c:fa:c5:e6:5a:23:0d:5c:88:f4:33:c5:df:3c:51:65:
         b9:87:4d:3d:0b:1d:3f:fd:38:72:3e:40:59:c5:f8:f6:79:07:
         e3:0e:ab:d5:e9:7a:c9:0a:69:13:6b:93:db:e9:d1:a6:ca:fd:
         8d:7c:26:88:76:6b:be:e3:5a:63:63:01:84:13:dd:23:c1:ec:
         e5:ca:92:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcZiXNOLtW1jAnnMocTLpRxaMAS4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzI0MDAwMDAwWhcNMjMwODI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzZlYWNlMWUyM2E2ZDI4YjhlOTU1YWFhNjkwNzA4ODkx
NGEzODNkY2MyOWU5NjUzYjZjNDhiOWE3MjllNzM3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqVGjoK5Eyn30uaNn6g6XtVHOe9g5R8X7+hALaa4PTbHVJ
JY1RfiZfaOn86mcFhOnzyc7682ipPAOlVMLvSpRKihrpdj7Rvm93eghbzOgxF0iA
myvO82utlSe7A5mmMq6l5Q6L/y5sGerCr0UJu4UBaZ+b1Kspk4fh81dFa2F9a9lU
CR2OsdyV/yzkHNOcOsdY6VULQcfg2olz9YEJHNHmae51+fn0GxLzcL5RLAgXYlI8
/4kalrU8++C9c84CNsNZkOAVkXFhuBgXobvZQj3N7Gtb4YPUWbzUo0WLc2wkHGGy
fmk9qskfNUmyyWgg90jPsbype0Oatb7led8SgQsPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuf1PSwnPQI0sfrvMyNd0XAnMChwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JiNmJlOWEyLTVhNTItNGQ1Ni05Y2Q4LWM3ZDJjY2UwYzU5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKWQoqHTY/iJ9MRamgu28AkEGGFF
+M60QwnfPdLxpPfrtbBLJexBkJM9Fi+M3eZYCtNWxkPFvS8RII5Ukv53YH3wFcrG
HpvrTYnpMNQKJnZvgUG3oyuPmxehpqX5VxtDSdFaCz/rzEEBdVyOdW+XUPcgtfJJ
UbX7H6iVSeARFpyDPnu7tCNP04VLLTwxkczGvCRo/5n3pSpvU99IsYL6IFhdf4cP
8i8P/1fz43xL9CS5V9PfxIuafPrF5lojDVyI9DPF3zxRZbmHTT0LHT/9OHI+QFnF
+PZ5B+MOq9XpeskKaRNrk9vp0abK/Y18Joh2a77jWmNjAYQT3SPB7OXKkkg=
-----END CERTIFICATE-----