Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/14714148-be8f-4cd6-8ff9-769271a6ea82.roa
File:                     14714148-be8f-4cd6-8ff9-769271a6ea82.roa (raw, json)
Hash identifier:          6HhwEMwAnyOrKb/ClvoWFd1J9G10Yn/oB14B3vgcJ8o=
Subject key identifier:   73:EF:A3:D7:B1:23:D0:8A:9D:B5:C0:B9:E0:80:67:4C:37:2D:DC:31
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       70C739217C3C27452C882FA77E11EF89DFFA1C53
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/14714148-be8f-4cd6-8ff9-769271a6ea82.roa
Signing time:             Thu 12 Oct 2023 00:00:00 +0000
ROA not before:           Thu 12 Oct 2023 00:00:00 +0000
ROA not after:            Thu 16 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:c7:39:21:7c:3c:27:45:2c:88:2f:a7:7e:11:ef:89:df:fa:1c:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 12 00:00:00 2023 GMT
            Not After : Nov 16 23:59:59 2023 GMT
        Subject: serialNumber=8c400772416046e139013515913be355030ab1daffb2d3f88fb527c14b8782fa, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ca:b6:38:24:be:2f:c8:f4:40:89:7d:1a:dd:
                    b5:2a:2f:28:2a:92:42:9e:f6:e9:8d:b8:85:2a:1c:
                    1e:bc:4e:5d:77:0a:fa:be:99:f1:32:27:ff:1b:8e:
                    1d:0b:4e:16:78:ae:0d:42:b3:d8:82:fc:c6:b8:c2:
                    79:21:85:86:97:80:c0:2f:f7:34:71:59:8d:d2:6d:
                    75:43:3d:f7:7c:7d:be:f3:51:ac:7b:28:8e:ad:16:
                    c0:29:1f:d1:1e:6f:de:e2:6d:44:46:00:88:aa:1b:
                    17:f8:d2:82:1f:08:1c:8e:a8:6d:b0:fb:c4:11:8f:
                    84:08:d0:83:e9:0e:b2:c3:12:25:28:50:83:21:87:
                    35:c4:62:4d:76:36:78:04:c8:0d:85:68:af:db:36:
                    c6:d1:76:20:4f:0a:ba:88:6b:18:f5:5f:13:5d:11:
                    8c:71:92:78:05:63:1f:70:d6:78:b0:98:ca:4b:f4:
                    26:75:23:e2:aa:df:2c:0f:c1:8f:67:8d:ac:d1:c9:
                    15:80:9e:5d:0f:76:d0:44:60:5b:81:8d:ce:5c:a1:
                    7a:36:85:83:83:a4:98:3f:b1:7c:10:eb:4b:f7:c3:
                    cc:c0:34:b0:85:3e:ff:34:d2:44:3f:17:ff:47:24:
                    89:ff:47:8b:48:56:78:32:0b:f8:1d:d5:88:8b:8b:
                    e1:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:EF:A3:D7:B1:23:D0:8A:9D:B5:C0:B9:E0:80:67:4C:37:2D:DC:31
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/14714148-be8f-4cd6-8ff9-769271a6ea82.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:6d:10:f3:24:6a:ef:b8:b9:fc:a3:8a:30:3c:c8:a9:61:9a:
         a1:d3:9c:a5:59:0a:d0:41:25:d1:1e:6f:65:5e:f9:1d:c5:5c:
         1d:29:f0:87:14:8a:e2:6d:5d:7b:51:78:05:27:fa:d4:1e:ed:
         bd:a1:c7:d0:a6:8c:d9:98:22:90:86:25:51:7a:01:3c:93:12:
         ee:94:99:6a:dd:c9:bc:f4:38:f1:6f:e8:76:c2:8a:d5:8a:a8:
         f7:17:22:71:13:32:70:c1:8c:a8:55:85:e8:4c:fc:20:52:16:
         06:e0:46:49:01:b5:dc:42:8a:c9:85:dd:17:fd:22:f0:e1:e8:
         f7:63:9e:c0:4b:08:cd:b6:cc:af:07:85:94:75:6d:8c:07:ed:
         ae:cc:aa:f9:ab:d4:96:2e:62:fc:d7:bf:e4:a0:bb:6a:57:55:
         bf:5d:9f:04:c3:ac:88:1e:6a:9c:86:e6:b1:21:75:ff:38:7b:
         2d:7d:f2:a7:c1:57:d2:9b:aa:29:60:7c:84:5a:25:c3:35:a6:
         e9:cf:14:08:c1:26:5a:90:03:db:01:b4:b9:c6:47:6d:f5:d7:
         15:ff:bc:b8:e6:2d:4c:f8:5c:7f:01:6a:dc:e9:6f:a8:4c:a8:
         ab:94:0b:ae:28:1a:0e:b2:6a:84:04:ec:74:a3:21:0f:39:10:
         cf:00:d1:7e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcMc5IXw8J0UsiC+nfhHvid/6HFMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDEyMDAwMDAwWhcNMjMxMTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzQwMDc3MjQxNjA0NmUxMzkwMTM1MTU5MTNiZTM1NTAz
MGFiMWRhZmZiMmQzZjg4ZmI1MjdjMTRiODc4MmZhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyyrY4JL4vyPRAiX0a3bUqLygqkkKe9umNuIUqHB68Tl13
Cvq+mfEyJ/8bjh0LThZ4rg1Cs9iC/Ma4wnkhhYaXgMAv9zRxWY3SbXVDPfd8fb7z
Uax7KI6tFsApH9Eeb97ibURGAIiqGxf40oIfCByOqG2w+8QRj4QI0IPpDrLDEiUo
UIMhhzXEYk12NngEyA2FaK/bNsbRdiBPCrqIaxj1XxNdEYxxkngFYx9w1niwmMpL
9CZ1I+Kq3ywPwY9njazRyRWAnl0PdtBEYFuBjc5coXo2hYODpJg/sXwQ60v3w8zA
NLCFPv800kQ/F/9HJIn/R4tIVngyC/gd1YiLi+G3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUc++j17Ej0IqdtcC54IBnTDct3DEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE0NzE0MTQ4LWJlOGYtNGNkNi04ZmY5LTc2OTI3MWE2ZWE4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIBtEPMkau+4ufyjijA8yKlhmqHT
nKVZCtBBJdEeb2Ve+R3FXB0p8IcUiuJtXXtReAUn+tQe7b2hx9CmjNmYIpCGJVF6
ATyTEu6UmWrdybz0OPFv6HbCitWKqPcXInETMnDBjKhVhehM/CBSFgbgRkkBtdxC
ismF3Rf9IvDh6PdjnsBLCM22zK8HhZR1bYwH7a7Mqvmr1JYuYvzXv+Sgu2pXVb9d
nwTDrIgeapyG5rEhdf84ey198qfBV9KbqilgfIRaJcM1punPFAjBJlqQA9sBtLnG
R2311xX/vLjmLUz4XH8Batzpb6hMqKuUC64oGg6yaoQE7HSjIQ85EM8A0X4=
-----END CERTIFICATE-----