Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/15e1a45d-a523-4a35-83ac-ef832f5c9ce5.roa
File:                     15e1a45d-a523-4a35-83ac-ef832f5c9ce5.roa (raw, json)
Hash identifier:          exFGzrjpbTvCc5rd3DrMy6qHllloOTzB/zbvzrteNOU=
Subject key identifier:   22:F1:40:1F:39:F4:FF:2D:26:B9:AF:C9:84:29:E0:00:28:92:8D:70
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4B83F7E12FE6FE3D2A51A5726B8E9BF7B48A90B7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/15e1a45d-a523-4a35-83ac-ef832f5c9ce5.roa
Signing time:             Sun 15 Oct 2023 00:00:00 +0000
ROA not before:           Sun 15 Oct 2023 00:00:00 +0000
ROA not after:            Sun 19 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:83:f7:e1:2f:e6:fe:3d:2a:51:a5:72:6b:8e:9b:f7:b4:8a:90:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 15 00:00:00 2023 GMT
            Not After : Nov 19 23:59:59 2023 GMT
        Subject: serialNumber=8d84d16448d2ee674cd266a3f0476d151848d6ad5301036865ffd8db5fb0dda2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:77:17:d1:8d:22:63:6b:80:ae:4e:e0:f2:1f:
                    4f:fe:23:06:df:a9:67:da:78:58:c6:19:91:67:0b:
                    fa:05:8c:6f:60:32:c9:4f:c3:a7:e1:90:8d:7f:ae:
                    f1:03:3c:9d:b7:7c:aa:1d:65:26:c5:bf:97:80:53:
                    68:ad:d4:3f:a2:55:35:49:b1:3e:17:83:d1:69:14:
                    fb:47:fb:12:6e:45:73:d7:ca:cd:a5:89:08:e3:90:
                    3c:8d:88:8f:21:fb:0d:b6:fb:10:f3:40:d9:d4:3d:
                    d8:a5:8f:d7:f8:45:c1:08:43:df:8c:c8:b5:1e:38:
                    c2:ff:eb:e7:27:fc:38:ca:d3:0d:25:c3:34:07:cf:
                    45:66:fa:f8:b5:c0:ef:bc:d8:1c:41:86:f8:23:49:
                    2a:a5:13:3f:c9:c5:e1:39:3c:8c:99:9b:24:d0:a0:
                    1b:8e:fd:9e:a7:76:84:04:20:b5:e6:79:8a:3f:44:
                    78:f8:97:e3:a6:11:82:a9:35:f1:90:cf:3c:f4:e9:
                    e2:54:e7:c7:a2:a1:30:be:16:39:83:61:39:6a:fe:
                    18:45:4b:cc:59:e3:3d:33:de:68:ec:43:b8:28:6a:
                    b1:d2:ea:19:6c:fe:0b:d8:85:58:b0:07:2c:b8:87:
                    3a:a9:26:7e:0c:e4:7f:af:31:79:8b:dd:ec:6b:de:
                    4e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F1:40:1F:39:F4:FF:2D:26:B9:AF:C9:84:29:E0:00:28:92:8D:70
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/15e1a45d-a523-4a35-83ac-ef832f5c9ce5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:c0:75:97:9a:96:c8:23:21:c5:36:f8:ba:ed:68:28:66:4f:
         d6:31:51:cb:54:fa:20:9b:b7:55:b1:2e:d1:9e:25:ad:f4:51:
         39:bd:54:05:e5:be:43:8b:34:8f:6a:1b:47:5e:40:9c:c7:3f:
         d1:af:51:7b:da:5f:d8:87:d5:b0:5e:97:b9:df:af:2c:02:8a:
         20:51:d6:bf:90:cb:c0:da:34:d2:5d:e3:0d:f5:68:1c:f5:88:
         d1:cc:01:dc:fa:ca:1e:9a:f3:cc:da:85:83:bc:a0:45:ce:15:
         31:8e:ca:c5:0f:4e:62:7d:49:aa:7a:da:26:12:27:7e:93:dc:
         01:c2:47:14:a3:b4:b3:bd:09:cb:e5:ca:12:45:65:2d:83:7c:
         92:e0:e1:5b:ea:90:46:db:39:de:50:61:d3:4e:17:b0:8e:12:
         eb:14:f4:ea:70:c3:df:df:d2:6d:a3:cc:53:45:06:ff:c4:ad:
         c9:db:72:79:e1:11:6f:d0:69:f6:55:49:17:98:c0:24:e0:c3:
         a6:81:89:01:8d:73:f8:9b:46:f6:d9:11:88:ec:ac:4d:61:c9:
         f0:55:53:9b:4d:6e:b7:3a:c9:48:6c:a1:8a:d8:f8:70:f4:73:
         16:c6:9d:e2:16:f3:d9:b1:45:40:f2:cf:98:cd:51:7f:79:8b:
         5c:10:5c:35
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUS4P34S/m/j0qUaVya46b97SKkLcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE1MDAwMDAwWhcNMjMxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZDg0ZDE2NDQ4ZDJlZTY3NGNkMjY2YTNmMDQ3NmQxNTE4
NDhkNmFkNTMwMTAzNjg2NWZmZDhkYjVmYjBkZGEyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvdxfRjSJja4CuTuDyH0/+IwbfqWfaeFjGGZFnC/oFjG9g
MslPw6fhkI1/rvEDPJ23fKodZSbFv5eAU2it1D+iVTVJsT4Xg9FpFPtH+xJuRXPX
ys2liQjjkDyNiI8h+w22+xDzQNnUPdilj9f4RcEIQ9+MyLUeOML/6+cn/DjK0w0l
wzQHz0Vm+vi1wO+82BxBhvgjSSqlEz/JxeE5PIyZmyTQoBuO/Z6ndoQEILXmeYo/
RHj4l+OmEYKpNfGQzzz06eJU58eioTC+FjmDYTlq/hhFS8xZ4z0z3mjsQ7goarHS
6hls/gvYhViwByy4hzqpJn4M5H+vMXmL3exr3k6tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIvFAHzn0/y0mua/JhCngACiSjXAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE1ZTFhNDVkLWE1MjMtNGEzNS04M2FjLWVmODMyZjVjOWNlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABTAdZealsgjIcU2+LrtaChmT9Yx
UctU+iCbt1WxLtGeJa30UTm9VAXlvkOLNI9qG0deQJzHP9GvUXvaX9iH1bBel7nf
rywCiiBR1r+Qy8DaNNJd4w31aBz1iNHMAdz6yh6a88zahYO8oEXOFTGOysUPTmJ9
Sap62iYSJ36T3AHCRxSjtLO9CcvlyhJFZS2DfJLg4VvqkEbbOd5QYdNOF7COEusU
9Opww9/f0m2jzFNFBv/ErcnbcnnhEW/QafZVSReYwCTgw6aBiQGNc/ibRvbZEYjs
rE1hyfBVU5tNbrc6yUhsoYrY+HD0cxbGneIW89mxRUDyz5jNUX95i1wQXDU=
-----END CERTIFICATE-----