Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/14eb489d-eec0-43a8-b4d1-fbfc248fdf70.roa
File:                     14eb489d-eec0-43a8-b4d1-fbfc248fdf70.roa (raw, json)
Hash identifier:          /p9osnuNClKJSZtqh8WDjhJTVkKQnAog4plY/BGYkX8=
Subject key identifier:   7E:D4:FE:98:6E:2F:DC:0E:4E:D2:E4:C5:C6:AF:11:0C:74:3C:F9:A8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       493B0C5B009A63A8CB4FF5DB1B66B0ABC634758D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/14eb489d-eec0-43a8-b4d1-fbfc248fdf70.roa
Signing time:             Sat 16 Sep 2023 00:00:00 +0000
ROA not before:           Sat 16 Sep 2023 00:00:00 +0000
ROA not after:            Sat 21 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:3b:0c:5b:00:9a:63:a8:cb:4f:f5:db:1b:66:b0:ab:c6:34:75:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 16 00:00:00 2023 GMT
            Not After : Oct 21 23:59:59 2023 GMT
        Subject: serialNumber=99978ef6d261147c6d225b2f659b42bb3a9994f635729eba8ee2ca49ecb53fa5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:97:5d:2c:e2:dd:fe:2d:6f:c8:a6:68:42:54:
                    57:6b:f3:51:c3:ec:d3:69:0b:9c:1e:5f:d6:2d:3e:
                    51:79:ea:89:66:1a:cb:00:a7:8b:d2:7a:4b:d3:41:
                    fc:95:11:e5:03:10:1a:3c:e3:04:b5:45:6b:81:18:
                    e6:fe:ea:88:bc:4d:14:38:71:92:68:e7:18:03:1e:
                    7e:56:ac:7a:c3:de:f1:e6:4d:4f:85:91:3a:56:fb:
                    19:f1:6a:ae:ff:5d:de:63:a2:ee:00:d5:f3:e4:85:
                    d8:b9:6f:97:9a:b8:6b:e9:09:18:74:38:a1:7e:32:
                    a9:f2:e2:7e:8f:11:27:23:c0:92:59:2c:e9:6c:e6:
                    83:05:2b:10:be:9c:78:ec:48:04:9c:df:24:bb:77:
                    1e:1d:b2:b7:1b:6c:d7:68:7d:3e:e3:2f:05:6f:a4:
                    f9:30:b7:50:d8:c7:57:74:f2:7b:61:24:b4:c9:35:
                    11:de:57:74:a9:a4:66:f1:46:2f:2b:28:48:00:69:
                    61:32:6e:f6:08:fd:76:47:10:9e:6d:bd:73:91:ab:
                    f5:92:43:b1:10:ae:39:67:ad:78:9e:8c:7d:88:c7:
                    be:55:8a:59:15:ca:1e:32:52:e0:0f:df:c7:83:21:
                    d8:76:b4:aa:77:c2:16:56:85:3f:6e:af:40:24:fb:
                    28:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D4:FE:98:6E:2F:DC:0E:4E:D2:E4:C5:C6:AF:11:0C:74:3C:F9:A8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/14eb489d-eec0-43a8-b4d1-fbfc248fdf70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:f6:4f:27:a7:b1:5e:f1:c8:ce:b2:f9:aa:72:79:eb:45:96:
         a5:6d:6a:cb:39:e4:0c:57:45:b4:ce:09:6e:05:40:c8:de:98:
         ca:a6:fe:d4:53:b2:e9:a0:7a:ce:52:91:2a:d7:5b:1b:c7:91:
         34:bd:c3:7d:a3:e2:fb:ce:2e:18:23:a8:10:e4:68:75:af:5d:
         30:79:3c:02:f3:36:10:be:25:00:80:03:ea:cc:2c:a7:f8:e9:
         fb:83:6b:00:9b:f5:b2:9e:50:ac:84:b1:87:75:43:86:93:b2:
         5b:10:6c:2c:b0:f8:d9:1c:f6:2d:1d:ed:bb:24:ee:fc:55:32:
         da:9b:23:b6:2a:81:46:43:98:ab:0f:ff:8b:be:3c:3c:ed:ea:
         80:18:b6:09:96:69:b1:67:5d:82:c0:43:b5:38:67:ea:5b:37:
         39:a5:1d:79:de:ec:12:64:2f:ef:9f:62:2e:b6:68:6d:24:3a:
         11:a8:db:01:70:19:da:f8:69:91:fc:9f:b5:5c:37:2e:0d:a0:
         e8:b1:17:04:a7:52:ac:c6:73:17:ec:07:1b:03:60:4e:54:67:
         c3:d7:cd:3f:ae:0d:c5:cb:21:8b:5d:86:9f:ed:db:cf:94:3d:
         30:b9:75:17:f1:ff:19:84:bf:b3:61:0c:f3:27:c9:80:3a:6f:
         b5:d9:4f:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSTsMWwCaY6jLT/XbG2awq8Y0dY0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE2MDAwMDAwWhcNMjMxMDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5OTk3OGVmNmQyNjExNDdjNmQyMjViMmY2NTliNDJiYjNh
OTk5NGY2MzU3MjllYmE4ZWUyY2E0OWVjYjUzZmE1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvl10s4t3+LW/IpmhCVFdr81HD7NNpC5weX9YtPlF56olm
GssAp4vSekvTQfyVEeUDEBo84wS1RWuBGOb+6oi8TRQ4cZJo5xgDHn5WrHrD3vHm
TU+FkTpW+xnxaq7/Xd5jou4A1fPkhdi5b5eauGvpCRh0OKF+Mqny4n6PEScjwJJZ
LOls5oMFKxC+nHjsSASc3yS7dx4dsrcbbNdofT7jLwVvpPkwt1DYx1d08nthJLTJ
NRHeV3SppGbxRi8rKEgAaWEybvYI/XZHEJ5tvXORq/WSQ7EQrjlnrXiejH2Ix75V
ilkVyh4yUuAP38eDIdh2tKp3whZWhT9ur0Ak+ygDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUftT+mG4v3A5O0uTFxq8RDHQ8+agwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE0ZWI0ODlkLWVlYzAtNDNhOC1iNGQxLWZiZmMyNDhmZGY3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAE72TyensV7xyM6y+apyeetFlqVt
ass55AxXRbTOCW4FQMjemMqm/tRTsumges5SkSrXWxvHkTS9w32j4vvOLhgjqBDk
aHWvXTB5PALzNhC+JQCAA+rMLKf46fuDawCb9bKeUKyEsYd1Q4aTslsQbCyw+Nkc
9i0d7bsk7vxVMtqbI7YqgUZDmKsP/4u+PDzt6oAYtgmWabFnXYLAQ7U4Z+pbNzml
HXne7BJkL++fYi62aG0kOhGo2wFwGdr4aZH8n7VcNy4NoOixFwSnUqzGcxfsBxsD
YE5UZ8PXzT+uDcXLIYtdhp/t28+UPTC5dRfx/xmEv7NhDPMnyYA6b7XZT1Q=
-----END CERTIFICATE-----