Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ce8740fd-2b07-4748-8374-2fd5de9dcb10.roa
File:                     ce8740fd-2b07-4748-8374-2fd5de9dcb10.roa (raw, json)
Hash identifier:          zB29lgh1RsXEbE8qG5oPqNqSByU9hjgbmYHFOw5r9MI=
Subject key identifier:   BB:73:D0:B8:A8:FE:2D:B7:F1:FB:D8:79:22:B2:54:10:38:15:D7:A3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       48F5B3B102727DEC60253BCF5D2043479AB263E0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ce8740fd-2b07-4748-8374-2fd5de9dcb10.roa
Signing time:             Sat 15 Jul 2023 00:00:00 +0000
ROA not before:           Sat 15 Jul 2023 00:00:00 +0000
ROA not after:            Sat 19 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:f5:b3:b1:02:72:7d:ec:60:25:3b:cf:5d:20:43:47:9a:b2:63:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 15 00:00:00 2023 GMT
            Not After : Aug 19 23:59:59 2023 GMT
        Subject: serialNumber=37ccce31d21d599bb954bd420c7386ca28cea928ec63a63dc6bf49f141107ed8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:0d:5c:ff:49:44:a7:54:0d:c2:46:4c:0b:22:
                    2e:c4:40:b7:22:f5:71:f6:4b:b6:9d:ca:f1:f7:21:
                    fb:36:65:a1:9f:0f:dc:cd:59:3c:88:4c:89:93:02:
                    d5:d3:3c:4c:e4:0a:84:75:5e:92:30:97:ff:b3:6d:
                    25:e5:a8:98:7b:27:6b:98:45:cc:01:2e:84:3d:95:
                    02:e5:9e:f0:8e:ca:79:0d:0e:53:1b:b4:ba:69:b7:
                    01:99:1b:7f:0c:4d:e1:dd:97:2d:8a:df:7f:b3:1b:
                    88:31:64:99:2d:ef:f1:cd:85:95:c9:d4:2b:fe:ad:
                    86:0c:e1:8a:fd:12:6d:77:c9:8e:60:27:8a:b0:2d:
                    47:e9:8e:ce:cc:5f:79:78:d4:ba:c2:f5:bc:35:c9:
                    da:c7:63:56:18:d1:de:2e:1b:0a:e0:37:f0:f2:bf:
                    94:5a:48:d9:66:fc:fd:38:8a:f7:e2:5d:9d:2a:63:
                    9d:5a:fe:99:89:73:2f:2f:58:f7:10:60:c2:9d:ca:
                    34:c1:21:9f:bf:67:51:96:a1:6f:2e:ac:82:22:7a:
                    65:31:a4:f2:ad:04:85:b6:de:20:1a:52:f0:50:8f:
                    89:18:05:0e:ff:61:16:3b:84:af:90:fb:42:da:ca:
                    55:4e:1b:f1:cd:2b:0a:4e:f2:1d:fa:ca:45:a8:eb:
                    96:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:73:D0:B8:A8:FE:2D:B7:F1:FB:D8:79:22:B2:54:10:38:15:D7:A3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ce8740fd-2b07-4748-8374-2fd5de9dcb10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:e9:49:f3:10:3c:8e:13:08:38:6a:e5:6e:7f:d2:64:67:95:
         5c:67:3a:6e:76:7c:7b:fd:b6:83:eb:02:cb:c2:b3:7c:6b:a5:
         31:26:0a:ef:e9:d6:ff:33:dc:d1:b9:c5:b2:c6:4c:0d:fa:ac:
         65:9b:ce:e3:4e:7f:30:28:91:a1:c5:ee:7d:87:3f:00:82:0e:
         62:c5:d1:b0:83:b4:50:08:7c:a4:df:c0:1a:76:d1:3e:92:b5:
         e7:15:81:e0:12:00:29:b2:c9:a7:8e:c4:27:47:9d:4c:98:55:
         5b:be:2f:fb:ce:f9:71:66:54:52:c4:41:d0:e4:d8:3a:4c:d1:
         dd:8c:4c:6d:e3:ca:1f:c0:b7:f4:d4:42:09:83:94:3a:8d:41:
         7b:b3:a1:c3:44:67:2b:e5:2c:af:68:d8:64:76:e8:d7:d5:c5:
         9d:61:45:ac:47:99:f4:b9:a9:c2:36:6b:fa:2f:7d:97:bb:20:
         6e:91:df:b5:8f:39:7c:33:67:8e:3d:00:01:01:ec:e9:f5:75:
         a7:00:9e:e4:68:7e:80:fe:b0:55:0d:42:c9:27:9f:54:d5:9e:
         22:af:f1:5c:c7:fb:8f:58:58:57:9d:e6:b7:c4:e1:17:ff:45:
         d8:56:80:51:19:27:ab:00:a9:25:8f:11:d9:0f:ae:ae:15:97:
         52:04:50:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSPWzsQJyfexgJTvPXSBDR5qyY+AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE1MDAwMDAwWhcNMjMwODE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2NjY2UzMWQyMWQ1OTliYjk1NGJkNDIwYzczODZjYTI4
Y2VhOTI4ZWM2M2E2M2RjNmJmNDlmMTQxMTA3ZWQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnDVz/SUSnVA3CRkwLIi7EQLci9XH2S7adyvH3Ifs2ZaGf
D9zNWTyITImTAtXTPEzkCoR1XpIwl/+zbSXlqJh7J2uYRcwBLoQ9lQLlnvCOynkN
DlMbtLpptwGZG38MTeHdly2K33+zG4gxZJkt7/HNhZXJ1Cv+rYYM4Yr9Em13yY5g
J4qwLUfpjs7MX3l41LrC9bw1ydrHY1YY0d4uGwrgN/Dyv5RaSNlm/P04ivfiXZ0q
Y51a/pmJcy8vWPcQYMKdyjTBIZ+/Z1GWoW8urIIiemUxpPKtBIW23iAaUvBQj4kY
BQ7/YRY7hK+Q+0LaylVOG/HNKwpO8h36ykWo65a1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUu3PQuKj+Lbfx+9h5IrJUEDgV16MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NlODc0MGZkLTJiMDctNDc0OC04Mzc0LTJmZDVkZTlkY2IxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFvpSfMQPI4TCDhq5W5/0mRnlVxn
Om52fHv9toPrAsvCs3xrpTEmCu/p1v8z3NG5xbLGTA36rGWbzuNOfzAokaHF7n2H
PwCCDmLF0bCDtFAIfKTfwBp20T6StecVgeASACmyyaeOxCdHnUyYVVu+L/vO+XFm
VFLEQdDk2DpM0d2MTG3jyh/At/TUQgmDlDqNQXuzocNEZyvlLK9o2GR26NfVxZ1h
RaxHmfS5qcI2a/ovfZe7IG6R37WPOXwzZ449AAEB7On1dacAnuRofoD+sFUNQskn
n1TVniKv8VzH+49YWFed5rfE4Rf/RdhWgFEZJ6sAqSWPEdkPrq4Vl1IEUMM=
-----END CERTIFICATE-----