Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8a7f3f3-d463-4246-8772-7fb6e0c7ebf7.roa
File:                     d8a7f3f3-d463-4246-8772-7fb6e0c7ebf7.roa (raw, json)
Hash identifier:          A5vPmm1Zl1hwgjmGrJub4+4sd6SwkLwq60QLd7Q+GDY=
Subject key identifier:   53:A2:3C:88:31:DC:8D:C3:0E:C0:39:02:48:8B:F7:A0:49:C3:D1:58
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       41A84D690CF9B8B7D6FE29F960FBECF490C4988B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8a7f3f3-d463-4246-8772-7fb6e0c7ebf7.roa
Signing time:             Wed 19 Jul 2023 00:00:00 +0000
ROA not before:           Wed 19 Jul 2023 00:00:00 +0000
ROA not after:            Wed 23 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:a8:4d:69:0c:f9:b8:b7:d6:fe:29:f9:60:fb:ec:f4:90:c4:98:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 19 00:00:00 2023 GMT
            Not After : Aug 23 23:59:59 2023 GMT
        Subject: serialNumber=fdc473586c0a151c95fdb61d6b1b3da1b9ace71b417220a0c473db9734cf0bb3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:1b:98:df:30:64:d2:cb:4f:a8:5b:14:b1:c1:
                    c5:54:80:de:33:ab:7c:fa:93:a5:7d:40:24:dd:83:
                    22:77:84:72:34:d0:96:0c:81:b4:67:7e:b0:f7:fa:
                    6d:6d:59:58:ac:f5:69:06:97:00:13:15:3b:47:60:
                    bd:68:7b:9f:1e:eb:6b:ab:1b:7b:b6:ad:77:81:0d:
                    45:60:a3:5e:f8:02:db:7a:6c:3f:f8:e3:47:54:ff:
                    f2:a4:e1:6e:d7:df:52:c7:3e:7c:88:6f:90:bc:c4:
                    50:87:fd:97:93:f2:91:93:39:a4:c4:11:26:09:ac:
                    9a:5f:b3:8b:12:ce:98:ed:ff:1b:42:39:cf:b1:07:
                    d1:62:98:70:17:a6:14:01:e4:c9:b6:d4:17:53:f9:
                    06:6d:26:42:1f:9d:71:28:77:7c:e9:27:dd:ac:62:
                    4d:5a:ac:f4:39:9e:c6:58:d4:b2:a6:07:09:5f:26:
                    d4:f6:34:e2:7a:81:d0:15:5c:28:3b:a0:3c:74:c5:
                    f9:ba:2c:5c:b9:a3:80:7c:36:13:e1:c8:9b:41:69:
                    3a:f8:14:e7:78:15:a8:c8:86:49:e1:a4:5c:5d:c4:
                    d0:b9:36:1a:c5:85:03:b9:ac:4c:0a:0c:41:1f:d0:
                    07:78:2a:d4:00:4c:f1:76:85:13:66:d5:0b:ff:03:
                    95:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:A2:3C:88:31:DC:8D:C3:0E:C0:39:02:48:8B:F7:A0:49:C3:D1:58
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8a7f3f3-d463-4246-8772-7fb6e0c7ebf7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:75:70:90:21:4f:ac:60:18:2a:d1:7b:b6:8b:38:7b:05:4b:
         de:a7:8b:55:df:aa:8d:51:d0:8b:3f:e8:58:1b:0b:01:ed:96:
         50:89:20:17:87:0d:c0:b7:2a:aa:14:f7:83:68:34:bc:a2:ce:
         99:cf:d3:56:e3:fe:68:cb:d9:09:2a:63:78:6b:e2:e9:28:04:
         f9:9a:1f:2b:24:fd:72:09:23:83:8a:32:a0:1c:0f:f7:7b:6b:
         26:4c:0f:37:d7:5e:33:08:aa:dc:ae:45:7c:ff:c8:96:26:78:
         a6:31:ee:58:8e:dc:eb:56:dd:61:0d:69:a5:24:04:3f:e4:22:
         38:9c:fb:25:9b:b1:70:e7:11:78:2e:73:7c:af:56:37:36:ff:
         ca:d8:0f:45:6d:87:e9:50:de:71:27:ba:41:0d:7d:b5:30:7c:
         2f:63:cf:49:a1:b6:a8:a5:69:5c:81:ad:1d:c9:b2:31:05:a3:
         bc:ec:6c:b4:de:cd:bb:b0:29:cc:48:dd:a3:92:d3:28:3f:df:
         c4:22:3c:8f:48:19:42:62:59:b9:25:9a:c6:1f:b2:f0:70:90:
         a5:6a:50:9d:1a:d2:eb:9d:f4:3b:fc:0a:93:e8:89:b0:6e:3c:
         81:55:d3:8c:b8:04:2a:29:5d:68:35:42:5e:9c:07:43:eb:96:
         75:b9:96:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQahNaQz5uLfW/in5YPvs9JDEmIswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE5MDAwMDAwWhcNMjMwODIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZGM0NzM1ODZjMGExNTFjOTVmZGI2MWQ2YjFiM2RhMWI5
YWNlNzFiNDE3MjIwYTBjNDczZGI5NzM0Y2YwYmIzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKG5jfMGTSy0+oWxSxwcVUgN4zq3z6k6V9QCTdgyJ3hHI0
0JYMgbRnfrD3+m1tWVis9WkGlwATFTtHYL1oe58e62urG3u2rXeBDUVgo174Att6
bD/440dU//Kk4W7X31LHPnyIb5C8xFCH/ZeT8pGTOaTEESYJrJpfs4sSzpjt/xtC
Oc+xB9FimHAXphQB5Mm21BdT+QZtJkIfnXEod3zpJ92sYk1arPQ5nsZY1LKmBwlf
JtT2NOJ6gdAVXCg7oDx0xfm6LFy5o4B8NhPhyJtBaTr4FOd4FajIhknhpFxdxNC5
NhrFhQO5rEwKDEEf0Ad4KtQATPF2hRNm1Qv/A5VnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUU6I8iDHcjcMOwDkCSIv3oEnD0VgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q4YTdmM2YzLWQ0NjMtNDI0Ni04NzcyLTdmYjZlMGM3ZWJmNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABR1cJAhT6xgGCrRe7aLOHsFS96n
i1Xfqo1R0Is/6FgbCwHtllCJIBeHDcC3KqoU94NoNLyizpnP01bj/mjL2QkqY3hr
4ukoBPmaHysk/XIJI4OKMqAcD/d7ayZMDzfXXjMIqtyuRXz/yJYmeKYx7liO3OtW
3WENaaUkBD/kIjic+yWbsXDnEXguc3yvVjc2/8rYD0Vth+lQ3nEnukENfbUwfC9j
z0mhtqilaVyBrR3JsjEFo7zsbLTezbuwKcxI3aOS0yg/38QiPI9IGUJiWbklmsYf
svBwkKVqUJ0a0uud9Dv8CpPoibBuPIFV04y4BCopXWg1Ql6cB0PrlnW5ln8=
-----END CERTIFICATE-----