Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb4fe37a-f8ae-47f2-a546-9d338e805d38.roa
File:                     fb4fe37a-f8ae-47f2-a546-9d338e805d38.roa (raw, json)
Hash identifier:          Sv7vJ0TBduVuDCgWyc604eSzDyMA1ZkzKkoe+oAOBL8=
Subject key identifier:   8B:F7:FD:71:D9:FD:F6:FE:59:6F:D6:04:88:74:54:94:76:FA:91:3B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       43D1931B75DEA37DEE269C7517F4155478FDFF9D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb4fe37a-f8ae-47f2-a546-9d338e805d38.roa
Signing time:             Wed 19 Jul 2023 00:00:00 +0000
ROA not before:           Wed 19 Jul 2023 00:00:00 +0000
ROA not after:            Wed 23 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:d1:93:1b:75:de:a3:7d:ee:26:9c:75:17:f4:15:54:78:fd:ff:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 19 00:00:00 2023 GMT
            Not After : Aug 23 23:59:59 2023 GMT
        Subject: serialNumber=9caba24b78086e309b4012578dfd8a9f7f581c5b06e21c7fdfc5f0f895c722a1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:93:3a:24:03:6d:db:18:a5:46:0a:ff:50:5a:
                    56:ca:91:62:c4:58:54:a0:b8:6d:45:8c:5b:d9:09:
                    d4:19:7b:c3:0d:45:f1:4b:72:d2:0d:d2:4a:a2:74:
                    54:93:ee:bf:5e:f5:39:45:03:a2:60:b3:24:38:fb:
                    2e:65:26:f0:c7:39:b7:1e:59:c9:ef:30:9c:10:5d:
                    71:21:70:a9:26:8b:6b:cc:e1:b0:8e:f5:c3:41:4d:
                    d8:d0:8b:c7:31:32:16:68:08:39:bc:21:4c:d0:62:
                    cc:7b:e6:1f:bd:5f:c9:f0:5d:45:0e:7f:0b:6e:25:
                    de:96:b1:0c:52:2b:0c:fc:ad:17:7a:65:c0:7c:b2:
                    68:39:f5:86:b2:e6:33:f7:d4:f1:39:bc:9a:de:ee:
                    d3:fa:a9:fe:41:31:76:13:b6:1a:70:45:7d:1a:ac:
                    97:51:60:25:60:64:99:5d:ec:a6:b2:35:b1:81:d4:
                    07:89:be:5b:fa:56:e7:39:f6:c3:2e:06:79:58:39:
                    cd:e4:8a:f1:90:5f:7a:44:7f:72:ad:3c:01:6d:07:
                    9a:74:65:27:db:e5:71:51:dc:7f:3f:e6:8a:4d:10:
                    c1:f7:5e:9a:08:ba:09:8a:04:6f:8a:96:2f:98:46:
                    fd:9e:03:1e:3b:45:6c:1d:ec:03:31:b6:92:d6:95:
                    c5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F7:FD:71:D9:FD:F6:FE:59:6F:D6:04:88:74:54:94:76:FA:91:3B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb4fe37a-f8ae-47f2-a546-9d338e805d38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:31:b9:30:cf:97:1e:ab:83:72:3b:fe:c1:55:74:82:c2:a4:
         0e:83:ab:ab:18:ac:d4:b4:3b:13:96:3d:0c:ad:ca:e1:d8:13:
         ee:9f:66:8e:fb:a2:ed:7f:64:bf:d3:fe:f2:f7:ee:8f:62:87:
         6f:3d:51:9f:ae:2e:af:00:13:2f:70:5e:0b:1a:4f:c7:50:d3:
         a9:5c:ab:80:f1:cf:fb:e8:ba:d4:83:0a:e2:29:a0:d6:5f:4b:
         b3:57:37:7f:e6:71:a8:98:5e:ac:37:4b:04:f9:e8:b5:5a:dd:
         90:43:6a:6c:7b:f7:94:f4:23:f1:d6:ba:cc:79:ae:98:c8:50:
         45:00:98:d6:d7:72:00:6c:a7:0c:77:3a:12:76:fa:dd:d4:18:
         9a:12:85:e6:1e:ec:2d:e5:28:58:7c:a8:34:14:b9:48:c7:7e:
         f4:b8:51:5b:52:91:ca:d4:9f:a9:f2:6b:14:07:90:1a:87:07:
         9f:fa:0d:b3:a6:6c:cb:d0:a7:e1:b4:f7:1f:e5:9a:9d:80:9c:
         74:08:b1:d1:e8:c9:e1:a5:f4:3a:59:69:60:09:6b:7b:43:c1:
         e1:54:aa:49:83:e8:06:cc:f1:d3:79:f0:5b:d6:08:b6:fb:5f:
         bf:cf:96:e6:a5:3f:68:29:c7:50:e7:e4:9b:1a:28:d7:c6:c3:
         4f:84:65:c6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ9GTG3Xeo33uJpx1F/QVVHj9/50wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE5MDAwMDAwWhcNMjMwODIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5Y2FiYTI0Yjc4MDg2ZTMwOWI0MDEyNTc4ZGZkOGE5Zjdm
NTgxYzViMDZlMjFjN2ZkZmM1ZjBmODk1YzcyMmExMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBkzokA23bGKVGCv9QWlbKkWLEWFSguG1FjFvZCdQZe8MN
RfFLctIN0kqidFST7r9e9TlFA6JgsyQ4+y5lJvDHObceWcnvMJwQXXEhcKkmi2vM
4bCO9cNBTdjQi8cxMhZoCDm8IUzQYsx75h+9X8nwXUUOfwtuJd6WsQxSKwz8rRd6
ZcB8smg59Yay5jP31PE5vJre7tP6qf5BMXYTthpwRX0arJdRYCVgZJld7KayNbGB
1AeJvlv6Vuc59sMuBnlYOc3kivGQX3pEf3KtPAFtB5p0ZSfb5XFR3H8/5opNEMH3
XpoIugmKBG+Kli+YRv2eAx47RWwd7AMxtpLWlcUpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUi/f9cdn99v5Zb9YEiHRUlHb6kTswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZiNGZlMzdhLWY4YWUtNDdmMi1hNTQ2LTlkMzM4ZTgwNWQzOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACsxuTDPlx6rg3I7/sFVdILCpA6D
q6sYrNS0OxOWPQytyuHYE+6fZo77ou1/ZL/T/vL37o9ih289UZ+uLq8AEy9wXgsa
T8dQ06lcq4Dxz/voutSDCuIpoNZfS7NXN3/mcaiYXqw3SwT56LVa3ZBDamx795T0
I/HWusx5rpjIUEUAmNbXcgBspwx3OhJ2+t3UGJoSheYe7C3lKFh8qDQUuUjHfvS4
UVtSkcrUn6nyaxQHkBqHB5/6DbOmbMvQp+G09x/lmp2AnHQIsdHoyeGl9DpZaWAJ
a3tDweFUqkmD6AbM8dN58FvWCLb7X7/PlualP2gpx1Dn5JsaKNfGw0+EZcY=
-----END CERTIFICATE-----