Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd6d6cde-6a7c-433d-a769-b788d3470fcd.roa
File:                     fd6d6cde-6a7c-433d-a769-b788d3470fcd.roa (raw, json)
Hash identifier:          cYq23AqPsZGVhOvBSZ7CoP5d9diCJz/4AkkDrLlphnU=
Subject key identifier:   12:32:70:51:5F:0F:AD:7D:39:3D:F1:2C:0B:CD:FD:26:A6:49:90:65
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0E619404EAFFE173A5B548F776994E7D597E78C8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd6d6cde-6a7c-433d-a769-b788d3470fcd.roa
Signing time:             Wed 26 Jul 2023 00:00:00 +0000
ROA not before:           Wed 26 Jul 2023 00:00:00 +0000
ROA not after:            Wed 30 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:61:94:04:ea:ff:e1:73:a5:b5:48:f7:76:99:4e:7d:59:7e:78:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 26 00:00:00 2023 GMT
            Not After : Aug 30 23:59:59 2023 GMT
        Subject: serialNumber=f1a40c2511e5747cb7eaff13ff63ae3742d650688366d03ad9b207fba1a1a1f4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:66:29:ac:92:a3:11:6a:e4:0c:b5:ad:f0:64:
                    69:03:fe:d0:fc:d3:15:07:d2:89:fe:71:b1:6c:8d:
                    8a:56:21:3c:d9:2e:c3:51:9d:ec:7b:f8:be:85:76:
                    fa:00:a2:a2:9b:67:74:9f:02:2e:30:1b:10:b9:a3:
                    1f:e8:ee:2d:10:c1:94:e0:ff:f8:4a:d2:c6:02:ec:
                    a7:3b:90:d2:47:78:a4:85:fe:9a:f6:f9:5c:f3:cd:
                    d4:3c:3d:12:67:3c:3f:ba:4e:09:9e:61:86:06:e1:
                    4f:87:a6:ad:80:22:bf:47:6c:84:4c:94:b5:d8:70:
                    8c:a5:11:a7:61:09:58:a1:51:23:a2:2d:67:ec:2d:
                    af:f0:f7:4f:eb:c7:c5:92:5c:98:c5:67:09:41:ff:
                    6e:87:59:a6:69:a4:ce:a6:26:90:1b:46:40:65:8d:
                    e7:66:19:8e:52:e1:30:4a:f6:5f:68:53:8b:d5:98:
                    f7:13:41:30:f3:77:d3:ec:07:d0:94:a2:dd:f5:08:
                    6f:0f:a0:c0:af:dd:8b:f0:1e:f7:49:93:76:f6:83:
                    3e:6b:62:64:3d:d4:86:ea:bd:73:ee:4a:43:57:7d:
                    c6:9e:ef:dc:2e:06:c0:dd:ee:87:6a:fe:5a:c2:af:
                    a1:ed:ed:ce:08:28:a7:6e:e3:ad:1d:5d:35:29:96:
                    4d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:32:70:51:5F:0F:AD:7D:39:3D:F1:2C:0B:CD:FD:26:A6:49:90:65
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd6d6cde-6a7c-433d-a769-b788d3470fcd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:72:82:61:42:ce:04:a9:5a:e9:58:f4:ed:e3:02:75:c0:47:
         13:21:f2:5f:89:d3:6c:32:f3:c9:a0:d6:db:64:fb:24:7a:60:
         cc:0d:10:a3:a5:31:6c:ed:65:6c:41:cb:57:17:ca:9f:88:c4:
         b4:63:75:73:2c:a7:24:27:91:7f:14:1f:75:ae:6f:b4:23:08:
         01:c1:e1:d4:4c:88:42:07:39:c5:65:a5:84:af:a7:00:85:86:
         7b:a7:90:46:64:34:73:d2:05:4f:0d:56:58:33:0f:3f:6e:fe:
         53:8d:3a:2c:23:00:fc:80:b4:73:cb:80:ad:75:32:a5:27:d2:
         52:d0:19:c2:88:4e:e2:23:d2:23:64:5e:0b:0b:32:53:85:5b:
         7e:a0:8b:69:ea:a2:ed:28:1c:d2:1b:41:85:ff:85:e8:00:af:
         fe:4c:14:33:27:e8:14:dd:a5:b2:d4:ce:69:0f:43:6e:0b:a5:
         70:b8:01:42:d0:e7:74:cf:41:7a:cd:cc:13:d4:77:4e:82:b0:
         ac:50:cd:96:34:46:ee:82:f2:86:fb:df:f6:06:e7:db:1f:cc:
         2f:d9:84:b0:72:fc:eb:ff:c5:6e:88:84:5c:18:c5:5d:a2:fe:
         dd:e8:1d:2b:5c:05:f9:18:1e:a8:4f:98:fa:1c:fe:c6:87:e9:
         92:2b:2b:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDmGUBOr/4XOltUj3dplOfVl+eMgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzI2MDAwMDAwWhcNMjMwODMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMWE0MGMyNTExZTU3NDdjYjdlYWZmMTNmZjYzYWUzNzQy
ZDY1MDY4ODM2NmQwM2FkOWIyMDdmYmExYTFhMWY0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD1ZimskqMRauQMta3wZGkD/tD80xUH0on+cbFsjYpWITzZ
LsNRnex7+L6FdvoAoqKbZ3SfAi4wGxC5ox/o7i0QwZTg//hK0sYC7Kc7kNJHeKSF
/pr2+VzzzdQ8PRJnPD+6TgmeYYYG4U+Hpq2AIr9HbIRMlLXYcIylEadhCVihUSOi
LWfsLa/w90/rx8WSXJjFZwlB/26HWaZppM6mJpAbRkBljedmGY5S4TBK9l9oU4vV
mPcTQTDzd9PsB9CUot31CG8PoMCv3YvwHvdJk3b2gz5rYmQ91IbqvXPuSkNXfcae
79wuBsDd7odq/lrCr6Ht7c4IKKdu460dXTUplk2zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEjJwUV8PrX05PfEsC839JqZJkGUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZkNmQ2Y2RlLTZhN2MtNDMzZC1hNzY5LWI3ODhkMzQ3MGZjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEFygmFCzgSpWulY9O3jAnXARxMh
8l+J02wy88mg1ttk+yR6YMwNEKOlMWztZWxBy1cXyp+IxLRjdXMspyQnkX8UH3Wu
b7QjCAHB4dRMiEIHOcVlpYSvpwCFhnunkEZkNHPSBU8NVlgzDz9u/lONOiwjAPyA
tHPLgK11MqUn0lLQGcKITuIj0iNkXgsLMlOFW36gi2nqou0oHNIbQYX/hegAr/5M
FDMn6BTdpbLUzmkPQ24LpXC4AULQ53TPQXrNzBPUd06CsKxQzZY0Ru6C8ob73/YG
59sfzC/ZhLBy/Ov/xW6IhFwYxV2i/t3oHStcBfkYHqhPmPoc/saH6ZIrK2s=
-----END CERTIFICATE-----