Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0060f336-d016-4979-a8a7-47b3a8155540.roa
File:                     0060f336-d016-4979-a8a7-47b3a8155540.roa (raw, json)
Hash identifier:          wRAoUWpnK3O2dCRgu/asSll8IXnr3ccIPRPoWA+gGtQ=
Subject key identifier:   F6:40:6D:AD:5A:D2:B4:99:6A:9B:A8:E7:80:24:5F:63:23:C7:AD:08
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1EF2BB024A3CAD0EE31F378B87FEBD7306751C16
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0060f336-d016-4979-a8a7-47b3a8155540.roa
Signing time:             Thu 14 Sep 2023 00:00:00 +0000
ROA not before:           Thu 14 Sep 2023 00:00:00 +0000
ROA not after:            Thu 19 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:f2:bb:02:4a:3c:ad:0e:e3:1f:37:8b:87:fe:bd:73:06:75:1c:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 14 00:00:00 2023 GMT
            Not After : Oct 19 23:59:59 2023 GMT
        Subject: serialNumber=f27a12975d4d19e80fd18b28f78b66593f6eef4f7eb113833b0772d4e710a176, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:9b:74:8e:71:62:ed:11:b7:1a:01:93:dd:4b:
                    26:49:88:b4:7c:8c:42:ac:3d:29:be:b5:cd:ee:36:
                    57:d5:78:2f:4b:84:73:3c:93:37:51:62:de:63:ba:
                    f0:74:19:c8:52:8f:fe:9a:78:4c:01:56:57:9c:96:
                    e1:4d:19:5e:62:cd:8a:cd:c7:56:b7:ef:37:9e:95:
                    7e:bd:3c:ea:62:b9:22:56:64:3e:65:50:7e:11:0e:
                    ed:ec:95:ed:04:d8:87:33:d9:6b:5c:be:8f:00:c8:
                    05:a1:c6:05:49:46:b1:f4:e7:d6:45:8b:09:43:53:
                    45:ec:3c:1c:75:9a:f5:dc:d7:13:ba:86:3a:e2:31:
                    a9:85:1f:60:c7:50:98:47:66:dd:83:79:c4:1f:e2:
                    08:0c:d0:af:56:a5:83:a0:23:31:90:e0:50:f8:b4:
                    17:a2:9f:71:c8:dc:e7:2f:d8:c9:af:91:a2:e7:b8:
                    ce:6b:5d:22:6a:88:55:e4:69:a8:10:51:e5:9e:b2:
                    94:15:0d:ac:42:7d:ef:dc:e6:3d:a0:08:54:65:5e:
                    d4:b1:62:7c:e1:09:d6:e4:0a:30:b2:fa:03:f4:0d:
                    12:92:ff:86:e1:f1:7a:69:a1:03:0e:18:5e:32:11:
                    aa:05:a9:32:46:62:26:d6:4d:0c:93:e7:32:2c:c3:
                    20:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:40:6D:AD:5A:D2:B4:99:6A:9B:A8:E7:80:24:5F:63:23:C7:AD:08
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0060f336-d016-4979-a8a7-47b3a8155540.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:4a:6b:bc:87:96:82:c4:e5:3b:51:f3:04:2e:ed:cc:00:1b:
         b2:9f:fe:87:91:46:ee:ad:29:27:e2:dc:fe:d1:41:bf:c0:a5:
         23:b7:bf:9e:d9:59:c3:a3:db:91:b2:00:38:ad:ee:d2:7f:8e:
         2f:58:0d:b6:f3:e3:19:48:48:01:f8:66:16:68:fa:27:8c:f0:
         e5:93:1a:56:01:99:ed:c5:a7:10:8c:68:9d:d4:77:9b:3d:9c:
         cc:64:9c:3e:bc:5b:21:f2:7f:27:48:64:53:db:6c:02:63:45:
         d4:3d:ec:6e:38:10:bb:13:13:f5:93:ca:5a:b1:46:5a:e1:e7:
         17:4c:68:9d:ac:f5:31:5e:ea:89:cf:c4:1e:19:64:5b:a0:68:
         6e:18:8e:10:b9:be:a8:ff:89:c4:8a:0b:fb:0b:1e:40:22:91:
         15:3c:1a:8e:42:94:33:9d:31:39:39:18:13:99:d3:6b:ec:6e:
         3d:56:96:55:a2:2f:d7:d7:b1:be:a2:41:a5:ac:84:a2:51:02:
         70:82:0f:1a:89:d9:11:4c:89:cc:e3:c6:8a:46:3e:4d:a4:d6:
         d2:46:c7:10:73:80:d7:cf:b4:a4:97:e7:ed:65:71:33:ab:0e:
         f9:e1:9d:54:97:42:f3:4f:49:a1:89:7e:15:71:0d:66:ba:aa:
         8e:a4:e6:b0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHvK7Ako8rQ7jHzeLh/69cwZ1HBYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE0MDAwMDAwWhcNMjMxMDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMjdhMTI5NzVkNGQxOWU4MGZkMThiMjhmNzhiNjY1OTNm
NmVlZjRmN2ViMTEzODMzYjA3NzJkNGU3MTBhMTc2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDem3SOcWLtEbcaAZPdSyZJiLR8jEKsPSm+tc3uNlfVeC9L
hHM8kzdRYt5juvB0GchSj/6aeEwBVlecluFNGV5izYrNx1a37zeelX69POpiuSJW
ZD5lUH4RDu3sle0E2Icz2Wtcvo8AyAWhxgVJRrH059ZFiwlDU0XsPBx1mvXc1xO6
hjriMamFH2DHUJhHZt2DecQf4ggM0K9WpYOgIzGQ4FD4tBein3HI3Ocv2MmvkaLn
uM5rXSJqiFXkaagQUeWespQVDaxCfe/c5j2gCFRlXtSxYnzhCdbkCjCy+gP0DRKS
/4bh8XppoQMOGF4yEaoFqTJGYibWTQyT5zIswyBHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9kBtrVrStJlqm6jngCRfYyPHrQgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzAwNjBmMzM2LWQwMTYtNDk3OS1hOGE3LTQ3YjNhODE1NTU0MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADtKa7yHloLE5TtR8wQu7cwAG7Kf
/oeRRu6tKSfi3P7RQb/ApSO3v57ZWcOj25GyADit7tJ/ji9YDbbz4xlISAH4ZhZo
+ieM8OWTGlYBme3FpxCMaJ3Ud5s9nMxknD68WyHyfydIZFPbbAJjRdQ97G44ELsT
E/WTylqxRlrh5xdMaJ2s9TFe6onPxB4ZZFugaG4YjhC5vqj/icSKC/sLHkAikRU8
Go5ClDOdMTk5GBOZ02vsbj1WllWiL9fXsb6iQaWshKJRAnCCDxqJ2RFMiczjxopG
Pk2k1tJGxxBzgNfPtKSX5+1lcTOrDvnhnVSXQvNPSaGJfhVxDWa6qo6k5rA=
-----END CERTIFICATE-----