Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1d8204e-228a-4854-a20c-a2af2274eb0e.roa
File:                     c1d8204e-228a-4854-a20c-a2af2274eb0e.roa (raw, json)
Hash identifier:          4kjDEKNCsCdheBgmjxXDfJ6uELnEFNfpFd/gIXhj8Ns=
Subject key identifier:   B1:26:D0:94:68:E3:EF:70:6D:AB:DD:F2:27:45:15:28:A5:E2:DF:5E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       36269822B208CB326DCF1F9898D5015E5CC4A03F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1d8204e-228a-4854-a20c-a2af2274eb0e.roa
Signing time:             Wed 12 Jul 2023 00:00:00 +0000
ROA not before:           Wed 12 Jul 2023 00:00:00 +0000
ROA not after:            Wed 16 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:26:98:22:b2:08:cb:32:6d:cf:1f:98:98:d5:01:5e:5c:c4:a0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 12 00:00:00 2023 GMT
            Not After : Aug 16 23:59:59 2023 GMT
        Subject: serialNumber=4fd69a31ff4a42955ba0e1c109b5f1ff629b6cd42b91dbd9350550d58788445e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1c:22:d2:90:35:3a:74:8b:24:68:af:36:37:
                    6f:0b:c7:23:73:fa:01:5b:dc:24:bc:96:7d:d2:f4:
                    05:89:7c:30:c7:5b:69:da:6f:de:21:5a:e5:51:d3:
                    44:d4:da:37:19:2b:50:db:d0:24:02:10:9d:13:70:
                    bc:61:9a:3e:19:c6:d3:90:54:4c:7f:ae:56:05:0e:
                    6a:a0:94:62:77:46:e4:a4:2a:78:62:f5:47:57:ba:
                    d4:bf:2d:d3:a8:f3:9f:9e:4a:1c:1e:bc:50:78:9f:
                    96:fe:bb:08:cd:7f:1f:91:26:d3:d4:c7:d4:36:6b:
                    4a:1d:af:14:fa:32:d6:a9:09:34:12:07:01:e8:2a:
                    fe:54:3e:29:98:11:f5:25:d8:73:a4:29:fc:a8:71:
                    de:f8:ab:16:d3:d8:67:64:00:83:ac:3d:3b:2d:3d:
                    9b:69:61:07:16:7f:ef:dc:fa:af:db:18:ae:39:15:
                    5b:40:0a:e4:35:86:a0:9c:f1:04:f2:4d:5d:da:c3:
                    7a:c1:3a:f9:3d:30:31:9e:13:44:53:70:fe:8d:c5:
                    01:e4:d1:55:8d:06:ed:11:4b:82:ed:aa:9b:cd:2d:
                    16:b6:66:c5:67:97:be:8f:bd:41:27:ab:55:d0:af:
                    db:0a:47:55:bb:52:0c:0a:b6:cc:7e:d9:fc:e6:6f:
                    e9:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:26:D0:94:68:E3:EF:70:6D:AB:DD:F2:27:45:15:28:A5:E2:DF:5E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1d8204e-228a-4854-a20c-a2af2274eb0e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:80:fb:0f:2a:ea:51:4b:f7:bf:45:34:22:cf:83:ca:0c:66:
         ff:72:79:93:08:c7:e0:02:90:97:03:ae:b5:d9:9c:a0:e0:ba:
         9f:67:b5:4e:73:fc:47:32:d5:45:95:eb:ac:a0:54:2e:56:53:
         d6:4d:67:c3:8e:6a:b5:7a:39:74:5f:86:af:b7:ce:15:b8:57:
         11:da:6e:a0:b6:8c:ef:18:b5:4c:38:fe:05:33:ac:c1:58:83:
         19:37:4a:44:7a:9c:27:4a:d1:1d:b8:bf:51:5d:49:c2:f0:9a:
         9b:e5:3a:12:3f:50:8e:96:30:64:a2:60:a1:a3:c1:a6:ac:62:
         bb:da:d3:17:4d:18:55:47:ed:c8:a4:53:70:16:db:da:98:4f:
         58:d0:a5:b1:78:6d:9a:84:a2:3b:61:60:36:74:da:36:26:83:
         2c:26:0c:54:63:cd:8b:34:a6:aa:dc:a1:fe:17:ec:0c:36:dd:
         b1:f3:3d:59:32:1c:8b:9b:b9:d0:e0:40:58:39:ee:67:51:dc:
         a9:3b:f7:67:5c:8a:6f:b4:f8:cd:78:c7:9d:c0:3e:4c:9b:db:
         cf:f6:07:d2:5f:7e:44:50:77:f9:7b:5c:30:18:53:47:0e:0c:
         73:a6:5a:8b:f7:6b:2b:d4:ac:ea:05:ec:b7:bb:33:87:7c:77:
         e6:79:08:67
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNiaYIrIIyzJtzx+YmNUBXlzEoD8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzEyMDAwMDAwWhcNMjMwODE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZmQ2OWEzMWZmNGE0Mjk1NWJhMGUxYzEwOWI1ZjFmZjYy
OWI2Y2Q0MmI5MWRiZDkzNTA1NTBkNTg3ODg0NDVlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2HCLSkDU6dIskaK82N28LxyNz+gFb3CS8ln3S9AWJfDDH
W2nab94hWuVR00TU2jcZK1Db0CQCEJ0TcLxhmj4ZxtOQVEx/rlYFDmqglGJ3RuSk
Knhi9UdXutS/LdOo85+eShwevFB4n5b+uwjNfx+RJtPUx9Q2a0odrxT6MtapCTQS
BwHoKv5UPimYEfUl2HOkKfyocd74qxbT2GdkAIOsPTstPZtpYQcWf+/c+q/bGK45
FVtACuQ1hqCc8QTyTV3aw3rBOvk9MDGeE0RTcP6NxQHk0VWNBu0RS4LtqpvNLRa2
ZsVnl76PvUEnq1XQr9sKR1W7UgwKtsx+2fzmb+lnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsSbQlGjj73Btq93yJ0UVKKXi314wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2MxZDgyMDRlLTIyOGEtNDg1NC1hMjBjLWEyYWYyMjc0ZWIwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACOA+w8q6lFL979FNCLPg8oMZv9y
eZMIx+ACkJcDrrXZnKDgup9ntU5z/Ecy1UWV66ygVC5WU9ZNZ8OOarV6OXRfhq+3
zhW4VxHabqC2jO8YtUw4/gUzrMFYgxk3SkR6nCdK0R24v1FdScLwmpvlOhI/UI6W
MGSiYKGjwaasYrva0xdNGFVH7cikU3AW29qYT1jQpbF4bZqEojthYDZ02jYmgywm
DFRjzYs0pqrcof4X7Aw23bHzPVkyHIubudDgQFg57mdR3Kk792dcim+0+M14x53A
Pkyb28/2B9JffkRQd/l7XDAYU0cODHOmWov3ayvUrOoF7Le7M4d8d+Z5CGc=
-----END CERTIFICATE-----