Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1b528e40-5f4d-4dc1-ad58-33ae469effec.roa
File:                     1b528e40-5f4d-4dc1-ad58-33ae469effec.roa (raw, json)
Hash identifier:          2YFNzVwur2Stl03GuHWU5qf3RL+w2+cevU2yCfLmX/Q=
Subject key identifier:   4B:AC:9B:EE:C3:DE:A2:80:25:90:A5:6A:E2:F3:7A:2D:3F:08:B3:08
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7AFC31AFE59689DF80C337D075434187C50FEC10
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1b528e40-5f4d-4dc1-ad58-33ae469effec.roa
Signing time:             Mon 16 Oct 2023 00:00:00 +0000
ROA not before:           Mon 16 Oct 2023 00:00:00 +0000
ROA not after:            Mon 20 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:fc:31:af:e5:96:89:df:80:c3:37:d0:75:43:41:87:c5:0f:ec:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 16 00:00:00 2023 GMT
            Not After : Nov 20 23:59:59 2023 GMT
        Subject: serialNumber=20f48d05c08888047ead190673289cc4e1769b9c88ac4ff86acc8774d2a6cfff, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:da:47:50:b5:85:c6:79:2c:43:5e:2c:09:88:
                    4f:5a:08:2a:2d:93:dd:4d:eb:e5:d5:aa:35:ed:9f:
                    65:29:b1:0c:8d:ee:7a:16:42:c2:83:83:62:ef:48:
                    89:42:28:a3:3e:7f:82:c2:84:50:07:fe:a7:5f:2c:
                    a3:f7:b1:29:38:92:87:64:98:32:1e:30:ee:46:59:
                    81:9d:aa:17:16:59:c6:ac:7c:da:b6:67:f5:81:cb:
                    73:fd:9a:5c:2c:7c:96:6c:3e:f5:86:03:52:ae:95:
                    10:89:54:b4:37:40:0e:fd:e3:c5:f4:0a:ca:46:9e:
                    03:da:86:20:65:43:a5:7a:8f:a4:31:20:24:09:ad:
                    fa:1f:64:55:59:da:24:1c:62:05:82:97:49:a5:d0:
                    7b:62:05:b5:91:02:6c:3e:11:aa:67:65:ba:0f:3e:
                    b4:db:35:03:92:0b:07:cf:8d:39:05:bf:f5:e4:c0:
                    64:36:66:48:57:5b:ab:a8:28:44:5e:61:f4:58:ad:
                    24:0d:87:ee:a8:fa:69:d2:ce:3f:ca:a2:6f:68:e6:
                    75:ba:7c:ba:f4:36:ba:65:4a:06:cd:c8:30:27:96:
                    3f:4d:20:8b:5c:ff:14:db:a3:66:36:3b:c9:92:34:
                    f5:02:90:50:ff:8e:b6:7c:58:75:9f:10:8e:b3:cd:
                    72:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:AC:9B:EE:C3:DE:A2:80:25:90:A5:6A:E2:F3:7A:2D:3F:08:B3:08
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1b528e40-5f4d-4dc1-ad58-33ae469effec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:de:ec:52:be:4e:35:8e:97:80:76:cc:ec:86:62:2f:41:d9:
         f0:21:f6:f2:e4:da:ee:a5:2e:1b:41:cb:09:d4:0f:30:c3:2e:
         1e:68:fe:c3:30:60:7d:11:2f:36:10:85:ad:5e:c4:f2:4f:af:
         dd:83:c5:0e:68:b4:e6:d6:a8:6a:22:f4:c5:67:63:05:b5:82:
         00:ae:5a:52:90:fa:0d:22:52:9d:e4:d0:1e:9e:45:a1:d6:67:
         e2:c3:72:a2:2a:c9:fc:9c:a7:09:87:bf:53:cd:32:60:32:7a:
         fc:b4:6e:f6:af:23:55:c7:2a:5f:64:88:b7:97:41:df:b2:c6:
         7f:17:a9:38:0c:0e:95:59:db:02:53:1d:01:19:8f:57:aa:30:
         16:f4:44:17:07:9a:2a:ef:df:f2:d0:a2:5a:0c:40:98:0a:f3:
         90:b4:9c:93:46:66:a7:f7:9f:5d:5a:54:69:44:40:67:96:26:
         af:9f:0e:b5:aa:df:5e:50:bb:16:59:97:df:7e:bb:b7:85:90:
         1c:36:5c:f8:03:16:28:67:c9:35:51:b3:e4:1c:ca:07:85:9d:
         09:74:5a:8d:f1:a6:1b:bc:44:a5:ee:63:ce:43:4d:9f:2e:5e:
         27:8e:ef:2e:1a:3b:3c:86:ed:4f:e8:fb:45:34:a4:dd:39:f5:
         b1:7f:43:81
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUevwxr+WWid+AwzfQdUNBh8UP7BAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE2MDAwMDAwWhcNMjMxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMGY0OGQwNWMwODg4ODA0N2VhZDE5MDY3MzI4OWNjNGUx
NzY5YjljODhhYzRmZjg2YWNjODc3NGQyYTZjZmZmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDl2kdQtYXGeSxDXiwJiE9aCCotk91N6+XVqjXtn2UpsQyN
7noWQsKDg2LvSIlCKKM+f4LChFAH/qdfLKP3sSk4kodkmDIeMO5GWYGdqhcWWcas
fNq2Z/WBy3P9mlwsfJZsPvWGA1KulRCJVLQ3QA7948X0CspGngPahiBlQ6V6j6Qx
ICQJrfofZFVZ2iQcYgWCl0ml0HtiBbWRAmw+EapnZboPPrTbNQOSCwfPjTkFv/Xk
wGQ2ZkhXW6uoKEReYfRYrSQNh+6o+mnSzj/Kom9o5nW6fLr0NrplSgbNyDAnlj9N
IItc/xTbo2Y2O8mSNPUCkFD/jrZ8WHWfEI6zzXLTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUS6yb7sPeooAlkKVq4vN6LT8IswgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFiNTI4ZTQwLTVmNGQtNGRjMS1hZDU4LTMzYWU0NjllZmZlYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEHe7FK+TjWOl4B2zOyGYi9B2fAh
9vLk2u6lLhtBywnUDzDDLh5o/sMwYH0RLzYQha1exPJPr92DxQ5otObWqGoi9MVn
YwW1ggCuWlKQ+g0iUp3k0B6eRaHWZ+LDcqIqyfycpwmHv1PNMmAyevy0bvavI1XH
Kl9kiLeXQd+yxn8XqTgMDpVZ2wJTHQEZj1eqMBb0RBcHmirv3/LQoloMQJgK85C0
nJNGZqf3n11aVGlEQGeWJq+fDrWq315QuxZZl99+u7eFkBw2XPgDFihnyTVRs+Qc
ygeFnQl0Wo3xphu8RKXuY85DTZ8uXieO7y4aOzyG7U/o+0U0pN059bF/Q4E=
-----END CERTIFICATE-----