Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dccf4bfb-f798-4ecf-b368-f9f28a1efaf3.roa
File:                     dccf4bfb-f798-4ecf-b368-f9f28a1efaf3.roa (raw, json)
Hash identifier:          GzHaXk6Ovle7ZFLbcOyhDgZ1bcautgyX0XRsuJxM6Ew=
Subject key identifier:   32:93:69:23:EC:C1:AA:22:A2:93:18:55:0A:FB:94:04:3B:B2:17:D9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7B2CEFB2CE15859859AB50685EFED449BA04AA96
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dccf4bfb-f798-4ecf-b368-f9f28a1efaf3.roa
Signing time:             Thu 10 Aug 2023 00:00:00 +0000
ROA not before:           Thu 10 Aug 2023 00:00:00 +0000
ROA not after:            Thu 14 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:2c:ef:b2:ce:15:85:98:59:ab:50:68:5e:fe:d4:49:ba:04:aa:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 10 00:00:00 2023 GMT
            Not After : Sep 14 23:59:59 2023 GMT
        Subject: serialNumber=aa1530620581671c446e831769ac0f6fe2511cd57f875ddd679070bce968d76b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c2:23:0a:c5:59:13:77:41:0f:10:22:04:9e:
                    34:b5:5d:a7:52:2d:0f:e1:c3:5e:c3:0e:c9:4b:07:
                    8e:43:66:31:e1:06:77:93:3f:cc:d0:0b:54:94:ca:
                    5a:62:4c:df:71:a8:52:24:1d:9c:32:6a:fb:49:23:
                    bf:27:b8:9c:2c:46:ca:1d:be:e2:0e:65:00:ad:87:
                    95:7c:6f:c3:a3:ca:a2:fa:93:33:64:36:9e:9e:45:
                    3f:d5:95:9d:19:07:82:2c:48:33:b9:68:94:ce:a2:
                    73:5c:ce:a4:a0:0f:81:b7:1a:9e:48:96:4e:bd:37:
                    dc:e4:92:de:ab:ce:99:ec:d1:dd:28:41:90:ae:7e:
                    85:c7:26:ce:4f:e4:8c:ab:f5:29:05:ed:3f:3f:12:
                    b8:c1:bb:ab:97:a3:34:1e:c9:9a:69:ad:52:7c:a5:
                    d3:a0:27:17:6f:1b:ad:23:c3:19:59:1c:ce:a3:33:
                    6d:93:4f:29:89:e6:0d:55:3f:35:c6:31:22:f1:70:
                    5f:82:86:2c:a1:e1:02:62:07:02:a0:02:06:57:88:
                    12:54:8f:75:56:77:22:6d:56:1a:54:23:6c:88:ea:
                    83:5c:6d:fe:ac:ba:d3:1b:49:84:94:dd:44:55:18:
                    0c:5c:30:46:77:da:22:c6:49:36:19:0a:d7:06:34:
                    f3:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:93:69:23:EC:C1:AA:22:A2:93:18:55:0A:FB:94:04:3B:B2:17:D9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dccf4bfb-f798-4ecf-b368-f9f28a1efaf3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:23:7b:4e:cb:a6:17:69:76:ab:d0:14:28:d6:6e:5a:7c:59:
         1d:68:de:40:d5:18:68:c9:e8:a0:15:58:c9:11:3a:3c:11:e1:
         a8:6b:d9:8a:fe:52:4e:bc:2d:60:9a:b8:74:ce:6d:de:47:4d:
         e7:ee:a3:1f:59:cf:8a:66:8f:df:c9:c1:ff:b6:9c:45:49:f2:
         7b:67:b4:91:5a:d9:4a:9b:3f:7e:d5:63:3e:ab:7d:37:64:d9:
         eb:9c:40:84:e1:43:5d:10:df:9c:83:ab:7c:41:e1:7c:75:09:
         f8:e2:61:49:80:c6:29:02:ab:93:7c:14:d1:4f:a4:74:6f:b6:
         dc:2e:b9:1a:28:68:82:94:94:68:d3:69:26:69:cb:95:9f:35:
         a7:91:06:6d:6e:2b:87:3d:74:e6:66:8c:49:b1:00:d4:f9:df:
         1b:10:d7:64:08:16:39:c3:d2:0b:bf:0e:be:d2:0a:5c:d1:eb:
         f9:9a:49:f8:41:c6:19:5a:21:29:c4:e4:a1:e6:23:a8:15:79:
         2a:f9:90:e8:e3:9a:32:ef:66:2d:d4:d1:fe:38:b6:08:f8:cf:
         72:46:35:a4:9d:ed:06:92:bf:c3:2a:a9:b7:92:95:99:d9:f3:
         9c:3f:28:5e:ef:ff:e4:69:1a:21:62:28:fb:52:fe:a9:6e:af:
         56:39:7a:84
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeyzvss4VhZhZq1BoXv7USboEqpYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODEwMDAwMDAwWhcNMjMwOTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTE1MzA2MjA1ODE2NzFjNDQ2ZTgzMTc2OWFjMGY2ZmUy
NTExY2Q1N2Y4NzVkZGQ2NzkwNzBiY2U5NjhkNzZiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcwiMKxVkTd0EPECIEnjS1XadSLQ/hw17DDslLB45DZjHh
BneTP8zQC1SUylpiTN9xqFIkHZwyavtJI78nuJwsRsodvuIOZQCth5V8b8OjyqL6
kzNkNp6eRT/VlZ0ZB4IsSDO5aJTOonNczqSgD4G3Gp5Ilk69N9zkkt6rzpns0d0o
QZCufoXHJs5P5Iyr9SkF7T8/ErjBu6uXozQeyZpprVJ8pdOgJxdvG60jwxlZHM6j
M22TTymJ5g1VPzXGMSLxcF+Chiyh4QJiBwKgAgZXiBJUj3VWdyJtVhpUI2yI6oNc
bf6sutMbSYSU3URVGAxcMEZ32iLGSTYZCtcGNPPbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMpNpI+zBqiKikxhVCvuUBDuyF9kwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RjY2Y0YmZiLWY3OTgtNGVjZi1iMzY4LWY5ZjI4YTFlZmFmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABkje07LphdpdqvQFCjWblp8WR1o
3kDVGGjJ6KAVWMkROjwR4ahr2Yr+Uk68LWCauHTObd5HTefuox9Zz4pmj9/Jwf+2
nEVJ8ntntJFa2UqbP37VYz6rfTdk2eucQIThQ10Q35yDq3xB4Xx1CfjiYUmAxikC
q5N8FNFPpHRvttwuuRooaIKUlGjTaSZpy5WfNaeRBm1uK4c9dOZmjEmxANT53xsQ
12QIFjnD0gu/Dr7SClzR6/maSfhBxhlaISnE5KHmI6gVeSr5kOjjmjLvZi3U0f44
tgj4z3JGNaSd7QaSv8MqqbeSlZnZ85w/KF7v/+RpGiFiKPtS/qlur1Y5eoQ=
-----END CERTIFICATE-----