Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1043978a-2fc9-4463-b667-de3542a45b70.roa
File:                     1043978a-2fc9-4463-b667-de3542a45b70.roa (raw, json)
Hash identifier:          zhCm7YdTbElXURwqfHR47POwCVtgvq1tFNQHGcw3WAs=
Subject key identifier:   D9:97:CD:E3:C9:D0:9A:9A:C6:51:68:A8:CB:54:CC:DD:1F:03:C0:9B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       499E30994CB00F531D800F74D9DDD8C808A62CB7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1043978a-2fc9-4463-b667-de3542a45b70.roa
Signing time:             Sat 28 Oct 2023 00:00:00 +0000
ROA not before:           Sat 28 Oct 2023 00:00:00 +0000
ROA not after:            Sat 02 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:9e:30:99:4c:b0:0f:53:1d:80:0f:74:d9:dd:d8:c8:08:a6:2c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 28 00:00:00 2023 GMT
            Not After : Dec  2 23:59:59 2023 GMT
        Subject: serialNumber=25fc614a0201f22e438dad56388b393b3b8314f77651a0c0ca1bcf2c91dc52aa, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f0:f1:8f:d1:8e:ce:c5:da:a3:bc:34:3a:89:
                    c9:11:f1:09:36:9f:fe:2b:19:0a:e6:34:00:0a:0d:
                    d5:68:4a:c6:1d:7d:e4:41:82:1a:cf:21:fe:82:f6:
                    05:8c:08:36:73:1f:9a:e6:a0:c8:92:4a:90:2f:f5:
                    b7:e1:de:10:45:4e:45:9b:c3:11:a1:59:5d:79:9b:
                    10:30:89:45:7f:1c:64:4f:21:39:7b:d5:99:f8:a4:
                    40:c4:d7:fc:87:66:96:2c:53:db:6f:80:0c:a9:d9:
                    b6:c8:2b:eb:0e:b0:ec:9d:e0:80:bf:53:92:e4:45:
                    3a:4a:6e:f9:2c:7b:64:77:65:80:19:a0:65:6e:07:
                    d2:00:10:6f:3e:43:e3:5f:30:a8:69:8a:b9:80:86:
                    1b:0f:d0:e5:2f:a8:5e:b6:59:0e:a7:be:38:91:df:
                    c2:f4:63:d7:ae:78:42:e5:5e:cc:e8:1e:63:49:4c:
                    62:17:21:a5:88:3c:18:15:b2:31:39:4d:cc:a7:46:
                    2c:f7:d7:fb:c9:67:b0:63:aa:66:46:83:0a:e6:de:
                    64:9c:dc:05:63:69:fd:7a:7e:91:3c:6d:4a:c4:43:
                    cb:3c:cd:68:40:04:ba:33:8f:56:75:87:3b:00:b9:
                    9c:70:d0:3e:64:ab:3f:c7:e4:90:fa:8d:6a:2b:56:
                    be:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:97:CD:E3:C9:D0:9A:9A:C6:51:68:A8:CB:54:CC:DD:1F:03:C0:9B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1043978a-2fc9-4463-b667-de3542a45b70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:35:4d:db:a1:38:f5:d5:60:0c:20:f6:84:40:94:aa:91:1b:
         08:ca:ff:b4:39:11:63:8a:34:36:78:bc:84:ce:ce:35:59:42:
         1d:d8:4c:84:46:52:45:5a:4d:27:db:10:2f:27:e0:27:ff:75:
         d2:7c:8d:f3:a9:ff:59:96:0a:c1:ab:a7:d0:4b:92:bc:f3:0a:
         9d:30:9b:ef:88:8f:d4:fd:6f:c5:a1:91:4f:2a:d4:33:fc:c2:
         ec:d7:d6:24:80:07:f2:55:84:c2:36:11:ce:df:53:2d:ea:43:
         24:fb:77:94:c9:c2:ce:08:c7:87:7c:4d:50:7b:0e:84:b4:54:
         a0:6d:67:85:1a:f4:6d:19:8c:2a:73:56:13:01:8f:72:c1:c4:
         26:00:ee:98:82:7e:5c:31:93:ec:68:6d:72:a5:37:45:cb:bb:
         02:d6:a7:47:cc:79:b0:0d:77:63:51:ec:52:99:c1:2d:09:6c:
         58:1e:86:d2:3f:3b:36:d6:0d:b1:fc:12:10:e6:ba:99:b8:84:
         f4:4b:94:5b:94:98:f3:7f:9e:a9:7d:43:a5:bd:63:36:84:5c:
         04:95:c2:09:03:bf:4a:93:cc:5b:4f:41:af:84:71:88:63:04:
         b3:fb:18:ab:9f:4c:4b:01:8c:1d:6c:a0:51:95:f5:73:2b:f5:
         92:ec:a7:0a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSZ4wmUywD1MdgA902d3YyAimLLcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI4MDAwMDAwWhcNMjMxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNWZjNjE0YTAyMDFmMjJlNDM4ZGFkNTYzODhiMzkzYjNi
ODMxNGY3NzY1MWEwYzBjYTFiY2YyYzkxZGM1MmFhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDl8PGP0Y7OxdqjvDQ6ickR8Qk2n/4rGQrmNAAKDdVoSsYd
feRBghrPIf6C9gWMCDZzH5rmoMiSSpAv9bfh3hBFTkWbwxGhWV15mxAwiUV/HGRP
ITl71Zn4pEDE1/yHZpYsU9tvgAyp2bbIK+sOsOyd4IC/U5LkRTpKbvkse2R3ZYAZ
oGVuB9IAEG8+Q+NfMKhpirmAhhsP0OUvqF62WQ6nvjiR38L0Y9eueELlXszoHmNJ
TGIXIaWIPBgVsjE5TcynRiz31/vJZ7BjqmZGgwrm3mSc3AVjaf16fpE8bUrEQ8s8
zWhABLozj1Z1hzsAuZxw0D5kqz/H5JD6jWorVr75AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2ZfN48nQmprGUWioy1TM3R8DwJswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzEwNDM5NzhhLTJmYzktNDQ2My1iNjY3LWRlMzU0MmE0NWI3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAQ1TduhOPXVYAwg9oRAlKqRGwjK
/7Q5EWOKNDZ4vITOzjVZQh3YTIRGUkVaTSfbEC8n4Cf/ddJ8jfOp/1mWCsGrp9BL
krzzCp0wm++Ij9T9b8WhkU8q1DP8wuzX1iSAB/JVhMI2Ec7fUy3qQyT7d5TJws4I
x4d8TVB7DoS0VKBtZ4Ua9G0ZjCpzVhMBj3LBxCYA7piCflwxk+xobXKlN0XLuwLW
p0fMebANd2NR7FKZwS0JbFgehtI/OzbWDbH8EhDmupm4hPRLlFuUmPN/nql9Q6W9
YzaEXASVwgkDv0qTzFtPQa+EcYhjBLP7GKufTEsBjB1soFGV9XMr9ZLspwo=
-----END CERTIFICATE-----