Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e427ede3-07de-493c-9389-c14d1840ec99.roa
File:                     e427ede3-07de-493c-9389-c14d1840ec99.roa (raw, json)
Hash identifier:          +SikH4hM82+/6g2dhNLaeNpvC0Ta+AaUlbwACbGgXlI=
Subject key identifier:   65:E9:45:20:8C:39:54:21:3C:7E:83:72:50:83:77:BB:D0:9E:BE:C3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5B852163DB07104BB640F2FDD520CCBE37D75562
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e427ede3-07de-493c-9389-c14d1840ec99.roa
Signing time:             Tue 18 Jul 2023 00:00:00 +0000
ROA not before:           Tue 18 Jul 2023 00:00:00 +0000
ROA not after:            Tue 22 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:85:21:63:db:07:10:4b:b6:40:f2:fd:d5:20:cc:be:37:d7:55:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 18 00:00:00 2023 GMT
            Not After : Aug 22 23:59:59 2023 GMT
        Subject: serialNumber=3d3c7ba8a1956c9bf1320e36016e0921f48bccd8efbb29a6f778327b8dc65900, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:85:ca:5a:73:8b:ff:cb:3a:b7:2b:15:de:07:
                    b7:0f:12:e0:c7:18:cf:ed:13:e6:42:3d:e3:29:19:
                    1b:0e:31:d2:02:c2:c6:ca:e2:0d:78:78:4a:b2:08:
                    db:b5:c3:84:a6:58:24:04:57:39:b2:7e:af:ea:35:
                    08:c4:75:81:c6:10:d3:93:4b:e5:87:82:0e:cd:5e:
                    be:e8:b6:8e:55:24:e6:14:1f:68:bb:ef:01:b2:88:
                    31:dc:df:4d:e1:f9:82:9c:4a:3c:74:e3:b6:5f:20:
                    c8:09:35:a7:92:d4:2d:df:e4:7f:c2:03:7a:67:55:
                    80:11:6a:e5:8d:14:1a:07:66:28:f5:63:10:2a:85:
                    aa:cc:81:83:9e:56:68:83:d7:b9:79:6e:2e:c1:4d:
                    87:54:3f:a9:11:ea:b7:a4:ac:ec:b1:5c:09:87:db:
                    d6:7c:cd:d5:38:96:dc:2d:56:2c:b4:84:1d:50:c9:
                    8d:2f:fc:39:04:76:98:5f:d3:8f:5e:12:07:26:bd:
                    ff:af:1f:5c:1a:0d:77:37:93:8a:09:d3:c4:42:ab:
                    06:58:27:d3:5d:58:3c:0a:d4:2c:82:57:18:d7:a9:
                    0b:13:a0:79:d2:af:30:f2:78:23:96:b7:ab:57:81:
                    c5:2f:0e:a9:03:16:74:0d:10:c7:15:b6:30:75:63:
                    c5:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:E9:45:20:8C:39:54:21:3C:7E:83:72:50:83:77:BB:D0:9E:BE:C3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e427ede3-07de-493c-9389-c14d1840ec99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:56:95:b2:11:dc:17:1c:f9:52:1d:d9:08:ed:4e:f5:cf:cb:
         8f:be:0b:50:c9:6d:10:d6:4e:14:02:5f:6b:d0:c5:c9:f8:0b:
         94:1a:69:17:7c:0e:2d:b7:19:0b:09:7e:10:17:95:e4:62:1d:
         66:10:b2:43:80:16:b4:ba:cb:95:d5:47:64:20:66:f1:54:9e:
         81:ae:77:20:90:95:0a:cb:de:85:26:9a:eb:6f:02:e9:f0:95:
         f5:0c:9d:21:e4:83:38:a7:71:3e:e3:31:5d:c6:a3:80:80:1e:
         21:c0:ac:27:c5:7c:ab:31:81:a1:f9:b4:b2:4e:9f:0a:49:8f:
         ee:73:00:cb:d5:f8:45:97:35:9d:c9:25:53:bb:01:4e:6f:b3:
         89:f8:a5:e9:5a:0a:2d:3d:1a:0a:fb:9b:dc:44:f2:bd:b8:f4:
         4f:a5:18:04:53:37:4b:d8:5b:35:e9:f9:95:2b:53:9f:aa:dc:
         8a:04:95:38:96:9b:9f:5e:47:c7:51:6b:68:19:8c:2b:50:60:
         96:d4:cb:ff:ad:6f:1d:21:5c:ac:7c:22:e6:ec:81:a4:d0:f8:
         32:cd:e1:09:c2:7e:21:57:a2:bc:5e:69:96:c9:a8:c4:d5:ec:
         e3:f1:d2:a1:3d:8b:bb:c4:c4:72:ed:ec:a4:3c:5b:72:4a:42:
         91:f2:84:d5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW4UhY9sHEEu2QPL91SDMvjfXVWIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE4MDAwMDAwWhcNMjMwODIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZDNjN2JhOGExOTU2YzliZjEzMjBlMzYwMTZlMDkyMWY0
OGJjY2Q4ZWZiYjI5YTZmNzc4MzI3YjhkYzY1OTAwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1hcpac4v/yzq3KxXeB7cPEuDHGM/tE+ZCPeMpGRsOMdIC
wsbK4g14eEqyCNu1w4SmWCQEVzmyfq/qNQjEdYHGENOTS+WHgg7NXr7oto5VJOYU
H2i77wGyiDHc303h+YKcSjx047ZfIMgJNaeS1C3f5H/CA3pnVYARauWNFBoHZij1
YxAqharMgYOeVmiD17l5bi7BTYdUP6kR6rekrOyxXAmH29Z8zdU4ltwtViy0hB1Q
yY0v/DkEdphf049eEgcmvf+vH1waDXc3k4oJ08RCqwZYJ9NdWDwK1CyCVxjXqQsT
oHnSrzDyeCOWt6tXgcUvDqkDFnQNEMcVtjB1Y8VzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZelFIIw5VCE8foNyUIN3u9CevsMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U0MjdlZGUzLTA3ZGUtNDkzYy05Mzg5LWMxNGQxODQwZWM5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEhWlbIR3Bcc+VId2QjtTvXPy4++
C1DJbRDWThQCX2vQxcn4C5QaaRd8Di23GQsJfhAXleRiHWYQskOAFrS6y5XVR2Qg
ZvFUnoGudyCQlQrL3oUmmutvAunwlfUMnSHkgzincT7jMV3Go4CAHiHArCfFfKsx
gaH5tLJOnwpJj+5zAMvV+EWXNZ3JJVO7AU5vs4n4pelaCi09Ggr7m9xE8r249E+l
GARTN0vYWzXp+ZUrU5+q3IoElTiWm59eR8dRa2gZjCtQYJbUy/+tbx0hXKx8Iubs
gaTQ+DLN4QnCfiFXorxeaZbJqMTV7OPx0qE9i7vExHLt7KQ8W3JKQpHyhNU=
-----END CERTIFICATE-----