Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf8143bf620182113eea490d33/1/3230392e3230302e3233332e302f32342d3234203d3e203630373231.roa
File:                     3230392e3230302e3233332e302f32342d3234203d3e203630373231.roa (raw, json)
Hash identifier:          g/iaS6u97Z8VOSbcQc8qo5uxrNQCZ4dIuYbBN6kbgVs=
Subject key identifier:   B6:6D:6C:86:46:CF:B4:30:D0:21:10:A4:DD:80:90:63:F0:BE:1E:0B
Certificate issuer:       /CN=44da5d103277c937c53dce305bd9d79c2ba79425357bb56eed
Certificate serial:       1DC231B744E39D6FCE45C5896D1F2D75E8536728
Authority key identifier: 5B:40:D3:73:D6:71:7C:70:4C:48:3C:A0:65:8C:FB:52:57:C4:E9:3C
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/2bd0fac6-1a46-40b5-be66-9e0f7b54df77/44da5d103277c937c53dce305bd9d79c2ba79425357bb56eed.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf8143bf620182113eea490d33/1/3230392e3230302e3233332e302f32342d3234203d3e203630373231.roa
Signing time:             Mon 28 Nov 2022 11:21:58 +0000
ROA not before:           Mon 28 Nov 2022 11:16:58 +0000
ROA not after:            Mon 27 Nov 2023 11:21:58 +0000
asID:                     60721
IP address blocks:        209.200.233.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:c2:31:b7:44:e3:9d:6f:ce:45:c5:89:6d:1f:2d:75:e8:53:67:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44da5d103277c937c53dce305bd9d79c2ba79425357bb56eed
        Validity
            Not Before: Nov 28 11:16:58 2022 GMT
            Not After : Nov 27 11:21:58 2023 GMT
        Subject: CN=B66D6C8646CFB430D02110A4DD809063F0BE1E0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5d:c3:22:13:b8:c2:16:5a:f5:bd:1f:d1:36:
                    3a:71:77:ad:a7:9f:aa:32:c9:44:d5:19:18:c8:74:
                    cb:52:8a:bb:ea:a4:8d:ce:15:4d:df:fc:9a:92:10:
                    0b:e6:f1:a4:7f:2a:97:43:32:16:62:b8:4b:78:c0:
                    1a:17:6a:b3:00:73:cd:aa:49:85:3a:ae:23:d0:8d:
                    88:94:ab:36:0d:7c:11:8f:22:cf:37:a2:b1:86:54:
                    d4:f9:ab:73:64:91:b2:83:85:73:be:ae:13:f6:7e:
                    ff:45:90:ed:7d:53:77:3b:47:03:75:82:f5:6e:0e:
                    53:59:32:0f:5d:93:7a:0a:c6:ba:f5:bf:77:be:25:
                    4a:8d:2a:f1:33:8a:65:74:76:a8:92:73:dc:94:50:
                    30:2a:5f:89:31:32:ce:ba:12:f0:c1:2b:4b:93:f5:
                    a2:03:d9:6a:c1:96:69:03:2b:d6:a8:30:a3:22:57:
                    bb:0d:6e:12:6a:74:3a:b6:f3:a9:03:b1:58:32:b4:
                    94:27:13:e2:31:b6:95:64:21:81:5b:cf:e0:f8:e7:
                    fc:30:f4:e9:8f:aa:26:dc:7e:cf:3b:d5:09:ac:78:
                    f8:66:41:56:58:e2:3c:be:c6:07:27:0c:f5:a1:d1:
                    31:71:01:e7:87:a4:15:7a:13:ca:9e:cb:af:bd:57:
                    cb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:6D:6C:86:46:CF:B4:30:D0:21:10:A4:DD:80:90:63:F0:BE:1E:0B
            X509v3 Authority Key Identifier:
                keyid:5B:40:D3:73:D6:71:7C:70:4C:48:3C:A0:65:8C:FB:52:57:C4:E9:3C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf8143bf620182113eea490d33/1/5B40D373D6717C704C483CA0658CFB5257C4E93C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/2bd0fac6-1a46-40b5-be66-9e0f7b54df77/44da5d103277c937c53dce305bd9d79c2ba79425357bb56eed.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf8143bf620182113eea490d33/1/3230392e3230302e3233332e302f32342d3234203d3e203630373231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.200.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:93:d4:3d:a7:a1:0f:e2:76:a8:d5:70:5d:6f:ce:14:d2:bf:
         80:2b:1a:cc:33:d8:7c:e5:38:e6:63:93:cd:57:ab:f8:5c:56:
         5d:69:aa:02:4b:a9:bf:6c:aa:e7:09:c3:0b:cd:f3:1d:d4:75:
         59:91:9c:a8:6e:24:28:6b:cd:68:4e:1f:0e:0a:5c:13:1d:4c:
         cd:ed:17:bc:dd:52:5e:05:7f:7a:ff:07:6e:95:70:07:dc:df:
         a2:38:bc:17:b6:42:4b:e3:65:99:de:92:5f:b2:02:69:2c:40:
         57:b5:5c:1d:88:c5:77:9f:dd:4f:00:11:c0:a0:08:a3:18:fb:
         d3:eb:f8:7e:58:c6:06:66:2f:4b:ea:c2:42:54:93:77:1b:95:
         8a:3c:70:ed:04:9e:43:f4:19:c2:b5:a4:16:50:0a:37:8a:db:
         55:ff:c4:6f:9e:70:76:d9:37:0f:f2:42:df:16:5a:3e:ac:4c:
         c5:dc:0e:59:c2:f4:02:3d:35:09:7a:6f:fe:a8:fe:ae:ad:35:
         dc:e9:06:a2:5c:d9:a4:c2:e8:a3:ba:6c:fb:02:80:65:47:41:
         27:19:de:7e:79:96:5c:71:92:8d:65:81:e7:c7:b3:e6:ce:07:
         fd:c7:71:30:ef:e0:bd:1e:e7:66:35:39:5a:1a:07:50:c0:ab:
         3b:6e:46:36
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIUHcIxt0TjnW/ORcWJbR8tdehTZygwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNDRkYTVkMTAzMjc3YzkzN2M1M2RjZTMwNWJkOWQ3OWMy
YmE3OTQyNTM1N2JiNTZlZWQwHhcNMjIxMTI4MTExNjU4WhcNMjMxMTI3MTEyMTU4
WjAzMTEwLwYDVQQDEyhCNjZENkM4NjQ2Q0ZCNDMwRDAyMTEwQTRERDgwOTA2M0Yw
QkUxRTBCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul3DIhO4whZa
9b0f0TY6cXetp5+qMslE1RkYyHTLUoq76qSNzhVN3/yakhAL5vGkfyqXQzIWYrhL
eMAaF2qzAHPNqkmFOq4j0I2IlKs2DXwRjyLPN6KxhlTU+atzZJGyg4Vzvq4T9n7/
RZDtfVN3O0cDdYL1bg5TWTIPXZN6Csa69b93viVKjSrxM4pldHaoknPclFAwKl+J
MTLOuhLwwStLk/WiA9lqwZZpAyvWqDCjIle7DW4SanQ6tvOpA7FYMrSUJxPiMbaV
ZCGBW8/g+Of8MPTpj6om3H7PO9UJrHj4ZkFWWOI8vsYHJwz1odExcQHnh6QVehPK
nsuvvVfLUwIDAQABo4ICtDCCArAwHQYDVR0OBBYEFLZtbIZGz7Qw0CEQpN2AkGPw
vh4LMB8GA1UdIwQYMBaAFFtA03PWcXxwTEg8oGWM+1JXxOk8MA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRmODE0M2JmNjIwMTgyMTEzZWVhNDkwZDMzLzEv
NUI0MEQzNzNENjcxN0M3MDRDNDgzQ0EwNjU4Q0ZCNTI1N0M0RTkzQy5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvZjYwYzlmMzItYTg3Yy00MzM5LWEyZjMtNjI5OWEz
YjAyZTI5LzJiZDBmYWM2LTFhNDYtNDBiNS1iZTY2LTllMGY3YjU0ZGY3Ny80NGRh
NWQxMDMyNzdjOTM3YzUzZGNlMzA1YmQ5ZDc5YzJiYTc5NDI1MzU3YmI1NmVlZC5j
ZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5jOi8vcnBr
aS1ycHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjgxNDNiZjYyMDE4MjEx
M2VlYTQ5MGQzMy8xLzMyMzAzOTJlMzIzMDMwMmUzMjMzMzMyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzNjMwMzczMjMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0cjpMA0GCSqGSIb3DQEB
CwUAA4IBAQAJk9Q9p6EP4nao1XBdb84U0r+AKxrMM9h85TjmY5PNV6v4XFZdaaoC
S6m/bKrnCcMLzfMd1HVZkZyobiQoa81oTh8OClwTHUzN7Re83VJeBX96/wdulXAH
3N+iOLwXtkJL42WZ3pJfsgJpLEBXtVwdiMV3n91PABHAoAijGPvT6/h+WMYGZi9L
6sJCVJN3G5WKPHDtBJ5D9BnCtaQWUAo3ittV/8RvnnB22TcP8kLfFlo+rEzF3A5Z
wvQCPTUJem/+qP6urTXc6QaiXNmkwuijumz7AoBlR0EnGd5+eZZccZKNZYHnx7Pm
zgf9x3Ew7+C9HudmNTlaGgdQwKs7bkY2
-----END CERTIFICATE-----