Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fba3f473-70ec-4d68-ba9c-bc7b35097576.roa
File:                     fba3f473-70ec-4d68-ba9c-bc7b35097576.roa (raw, json)
Hash identifier:          urQzqBTKndkth+1BaJZSqu2lmungOpEzKDOibsKrT6Q=
Subject key identifier:   E3:41:82:5F:21:A5:3F:38:6E:97:3A:B4:3C:1A:EF:8E:ED:5F:13:6C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2A65AA2F475C1FC66251501149E77F413584FD0C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fba3f473-70ec-4d68-ba9c-bc7b35097576.roa
Signing time:             Tue 18 Jul 2023 00:00:00 +0000
ROA not before:           Tue 18 Jul 2023 00:00:00 +0000
ROA not after:            Tue 22 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:65:aa:2f:47:5c:1f:c6:62:51:50:11:49:e7:7f:41:35:84:fd:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 18 00:00:00 2023 GMT
            Not After : Aug 22 23:59:59 2023 GMT
        Subject: serialNumber=db357737705cf05736e556ac43d0124735580ff93a4aa2bb8dbe091881df3ef3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ec:1a:d2:72:ed:0d:2a:2c:36:b5:36:a1:db:
                    53:2a:32:ef:7e:64:33:99:68:d7:4b:79:fd:68:37:
                    5e:08:af:fb:e5:be:54:c0:63:4a:33:02:f1:19:e7:
                    8e:99:3f:de:d4:29:31:11:ae:b6:8f:66:23:fa:75:
                    5f:67:b1:da:6c:3a:be:9b:d8:eb:cc:e2:4f:40:82:
                    c7:29:56:3b:66:66:48:52:77:92:e2:7e:2c:b9:b8:
                    54:c0:ec:ba:88:03:b3:fa:79:21:20:2d:e6:be:77:
                    ef:32:8d:1f:a2:34:41:60:d5:43:e7:7f:a6:a3:89:
                    90:36:a5:3f:06:4b:93:b3:38:3d:f8:a8:fe:04:1c:
                    31:f3:9a:a7:9e:d4:6f:87:a9:56:f1:b3:48:0d:53:
                    6f:b1:91:a7:a4:cb:a2:b2:31:95:7c:3d:d5:70:19:
                    af:f0:8d:59:c8:d3:b3:88:86:5a:01:33:db:30:f6:
                    d4:e5:4e:74:f9:f0:61:c4:ea:d2:e9:50:84:63:01:
                    7e:e8:af:86:49:ed:17:68:bd:73:e2:a7:f3:e1:ad:
                    76:b3:94:95:5e:f0:64:41:d6:2f:9d:ff:28:6d:1d:
                    20:54:7a:ed:0f:93:36:79:5e:c5:06:51:8e:ef:f5:
                    ea:14:83:6f:6b:56:b0:08:79:fe:68:d0:3c:b2:03:
                    5f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:41:82:5F:21:A5:3F:38:6E:97:3A:B4:3C:1A:EF:8E:ED:5F:13:6C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fba3f473-70ec-4d68-ba9c-bc7b35097576.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:a7:11:01:66:02:fb:78:34:e2:aa:47:08:19:fc:bd:fd:3a:
         a7:77:ac:33:6e:9d:c4:df:bc:56:c7:05:f5:aa:01:6b:02:1e:
         53:12:63:69:f9:60:51:78:d4:de:1b:ca:b7:89:fe:55:73:a4:
         dc:2d:52:9f:c9:60:d1:b5:cb:74:4f:9a:39:b6:25:be:8d:12:
         ac:8c:97:01:40:45:df:88:69:6e:e5:2b:11:bc:23:f5:c5:d0:
         11:20:70:0e:18:43:1a:34:e3:e3:81:7e:19:b4:36:e2:c4:bc:
         01:66:c3:f6:25:ec:5a:25:cd:53:91:df:17:09:fb:3b:9d:23:
         57:39:de:9d:4c:03:1a:46:b9:6d:97:39:7d:49:99:70:52:ed:
         8b:84:2d:2d:bb:74:c5:f9:1b:f4:4c:1c:a7:47:25:3e:08:fa:
         6f:ca:54:d8:50:d5:5a:df:b8:e6:c0:a5:b4:20:93:83:a8:39:
         36:f9:6f:79:b2:70:d7:50:09:61:9a:5f:0e:5a:4e:28:7b:ce:
         d0:20:ec:d9:27:f8:3f:20:c0:3d:ac:60:a0:d4:96:60:05:9e:
         0b:20:05:b0:8e:42:e2:fb:8f:94:e7:c0:2e:9d:09:97:88:f5:
         b2:d3:95:8d:1e:d6:b8:94:92:de:06:50:c3:76:72:03:40:48:
         f9:61:e6:65
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKmWqL0dcH8ZiUVARSed/QTWE/QwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE4MDAwMDAwWhcNMjMwODIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjM1NzczNzcwNWNmMDU3MzZlNTU2YWM0M2QwMTI0NzM1
NTgwZmY5M2E0YWEyYmI4ZGJlMDkxODgxZGYzZWYzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDU7BrScu0NKiw2tTah21MqMu9+ZDOZaNdLef1oN14Ir/vl
vlTAY0ozAvEZ546ZP97UKTERrraPZiP6dV9nsdpsOr6b2OvM4k9AgscpVjtmZkhS
d5Lifiy5uFTA7LqIA7P6eSEgLea+d+8yjR+iNEFg1UPnf6ajiZA2pT8GS5OzOD34
qP4EHDHzmqee1G+HqVbxs0gNU2+xkaeky6KyMZV8PdVwGa/wjVnI07OIhloBM9sw
9tTlTnT58GHE6tLpUIRjAX7or4ZJ7RdovXPip/PhrXazlJVe8GRB1i+d/yhtHSBU
eu0PkzZ5XsUGUY7v9eoUg29rVrAIef5o0DyyA1/dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU40GCXyGlPzhulzq0PBrvju1fE2wwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZiYTNmNDczLTcwZWMtNGQ2OC1iYTljLWJjN2IzNTA5NzU3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABinEQFmAvt4NOKqRwgZ/L39Oqd3
rDNuncTfvFbHBfWqAWsCHlMSY2n5YFF41N4byreJ/lVzpNwtUp/JYNG1y3RPmjm2
Jb6NEqyMlwFARd+IaW7lKxG8I/XF0BEgcA4YQxo04+OBfhm0NuLEvAFmw/Yl7Fol
zVOR3xcJ+zudI1c53p1MAxpGuW2XOX1JmXBS7YuELS27dMX5G/RMHKdHJT4I+m/K
VNhQ1VrfuObApbQgk4OoOTb5b3mycNdQCWGaXw5aTih7ztAg7Nkn+D8gwD2sYKDU
lmAFngsgBbCOQuL7j5TnwC6dCZeI9bLTlY0e1riUkt4GUMN2cgNASPlh5mU=
-----END CERTIFICATE-----