Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/10522f0c-99b6-425a-befb-4971f632746b.roa
File:                     10522f0c-99b6-425a-befb-4971f632746b.roa (raw, json)
Hash identifier:          5/hsiBVdDxFkneC8q5r1w+c9B1GvZjx1DUGfqdtEURk=
Subject key identifier:   DD:D4:6B:E7:87:AD:0D:D2:E0:4E:66:0D:04:1F:BD:9C:8B:CF:90:35
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6EA365D714C31CBA05185ACC9FF63C0FC3606056
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/10522f0c-99b6-425a-befb-4971f632746b.roa
Signing time:             Tue 19 Sep 2023 00:00:00 +0000
ROA not before:           Tue 19 Sep 2023 00:00:00 +0000
ROA not after:            Tue 24 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:a3:65:d7:14:c3:1c:ba:05:18:5a:cc:9f:f6:3c:0f:c3:60:60:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 19 00:00:00 2023 GMT
            Not After : Oct 24 23:59:59 2023 GMT
        Subject: serialNumber=c0c886c8eb67874b2c0c95c7875582be45bb0fe7e2997a2c557dd19d19b24868, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9a:10:3b:e9:71:48:91:e6:82:94:0e:6d:ef:
                    07:6e:e1:c0:6c:b9:fb:f2:9b:ac:2a:c2:cd:10:37:
                    9a:71:a1:8c:d0:48:fd:5e:f5:51:17:41:37:02:cf:
                    dc:8b:2a:b5:43:b0:f8:80:2d:93:b4:1d:14:d9:aa:
                    8d:d6:3c:ef:db:33:68:a7:d0:0d:60:9a:2f:0b:60:
                    3f:8a:6a:2a:62:2e:e6:fe:b0:6f:30:db:58:9b:fc:
                    30:c1:60:64:88:98:1c:83:23:73:88:f1:32:24:80:
                    2e:19:23:43:01:9d:ac:ee:ac:83:1f:1d:5a:97:b4:
                    1d:68:e2:08:d0:d4:a3:20:3a:39:7e:71:71:ba:7e:
                    84:49:ff:e9:84:12:ce:99:c1:7a:2e:78:dd:d6:1c:
                    ed:31:d2:2d:ee:4c:c0:d3:1c:f9:72:35:90:82:af:
                    cd:cd:fc:10:ab:ba:6e:97:74:5d:3f:5d:67:cc:ac:
                    cb:84:5f:a4:f1:17:71:a5:60:17:57:95:47:44:f3:
                    6e:ae:90:c4:4d:68:3b:5b:85:5b:2c:59:db:f6:e3:
                    1c:db:f0:7f:44:63:bb:28:6f:fc:79:cb:5a:ce:d6:
                    cc:f7:68:1a:28:03:f9:96:6d:10:16:f9:2e:fc:8e:
                    4c:d2:22:c8:db:6a:7b:80:94:e4:2a:a3:84:84:e2:
                    30:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D4:6B:E7:87:AD:0D:D2:E0:4E:66:0D:04:1F:BD:9C:8B:CF:90:35
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/10522f0c-99b6-425a-befb-4971f632746b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:89:d7:f1:8e:be:79:1e:ec:94:74:1d:32:6e:00:e5:24:97:
         06:e6:2e:cc:ea:1f:8a:97:70:41:49:09:4d:30:5c:a2:64:5c:
         4f:d6:67:83:a9:f1:c5:e1:f7:00:1a:df:8a:e2:e4:10:34:14:
         98:79:e8:2b:e5:91:58:48:e5:e6:71:35:5a:94:6e:43:25:2e:
         2b:f4:3e:c3:39:5b:47:d0:8a:fc:65:cd:03:eb:df:de:91:75:
         1e:d3:73:53:e5:c7:33:58:44:da:f0:d2:65:08:1e:77:5a:2c:
         97:23:a4:d3:84:f8:ca:f1:9f:fc:13:54:8c:f2:36:03:67:86:
         c0:4a:98:93:68:3b:79:6c:26:f0:44:a3:44:ad:9f:44:40:06:
         d4:2e:04:57:f2:4b:35:90:5f:a8:2a:e0:e1:6d:00:6c:05:af:
         0b:60:6d:d0:62:c5:f3:8e:b9:32:de:63:6f:64:ea:2c:64:c7:
         bb:23:d8:6b:72:0f:5e:38:02:eb:c7:9e:b5:c1:63:80:eb:ce:
         54:7e:a3:38:49:35:8f:6f:8d:99:a3:83:8a:91:f0:2d:29:f6:
         34:68:e9:c3:1e:f3:6c:30:09:98:4d:eb:1e:6c:d8:80:86:03:
         0e:22:d4:52:8f:03:b6:3c:cf:c4:d3:c8:fa:df:ad:68:f4:a8:
         65:b9:84:8e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbqNl1xTDHLoFGFrMn/Y8D8NgYFYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE5MDAwMDAwWhcNMjMxMDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMGM4ODZjOGViNjc4NzRiMmMwYzk1Yzc4NzU1ODJiZTQ1
YmIwZmU3ZTI5OTdhMmM1NTdkZDE5ZDE5YjI0ODY4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMmhA76XFIkeaClA5t7wdu4cBsufvym6wqws0QN5pxoYzQ
SP1e9VEXQTcCz9yLKrVDsPiALZO0HRTZqo3WPO/bM2in0A1gmi8LYD+KaipiLub+
sG8w21ib/DDBYGSImByDI3OI8TIkgC4ZI0MBnazurIMfHVqXtB1o4gjQ1KMgOjl+
cXG6foRJ/+mEEs6ZwXoueN3WHO0x0i3uTMDTHPlyNZCCr83N/BCrum6XdF0/XWfM
rMuEX6TxF3GlYBdXlUdE826ukMRNaDtbhVssWdv24xzb8H9EY7sob/x5y1rO1sz3
aBooA/mWbRAW+S78jkzSIsjbanuAlOQqo4SE4jCzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3dRr54etDdLgTmYNBB+9nIvPkDUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzEwNTIyZjBjLTk5YjYtNDI1YS1iZWZiLTQ5NzFmNjMyNzQ2Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALWJ1/GOvnke7JR0HTJuAOUklwbm
LszqH4qXcEFJCU0wXKJkXE/WZ4Op8cXh9wAa34ri5BA0FJh56CvlkVhI5eZxNVqU
bkMlLiv0PsM5W0fQivxlzQPr396RdR7Tc1PlxzNYRNrw0mUIHndaLJcjpNOE+Mrx
n/wTVIzyNgNnhsBKmJNoO3lsJvBEo0Stn0RABtQuBFfySzWQX6gq4OFtAGwFrwtg
bdBixfOOuTLeY29k6ixkx7sj2GtyD144AuvHnrXBY4DrzlR+ozhJNY9vjZmjg4qR
8C0p9jRo6cMe82wwCZhN6x5s2ICGAw4i1FKPA7Y8z8TTyPrfrWj0qGW5hI4=
-----END CERTIFICATE-----