Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1f734b7b-0054-4b65-9299-351974c50ebf.roa
File:                     1f734b7b-0054-4b65-9299-351974c50ebf.roa (raw, json)
Hash identifier:          wnkzrwEUcCUU0hCgbhuwBBp4nBSg8pM06ielK5PFvWM=
Subject key identifier:   46:86:1D:F4:2D:D6:8F:44:4B:8C:0F:43:C1:EA:A8:A2:4F:A3:59:B6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3F2BAB4A1F6956193A45C2931BA480FA641C4D12
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1f734b7b-0054-4b65-9299-351974c50ebf.roa
Signing time:             Fri 29 Sep 2023 00:00:00 +0000
ROA not before:           Fri 29 Sep 2023 00:00:00 +0000
ROA not after:            Fri 03 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:2b:ab:4a:1f:69:56:19:3a:45:c2:93:1b:a4:80:fa:64:1c:4d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 29 00:00:00 2023 GMT
            Not After : Nov  3 23:59:59 2023 GMT
        Subject: serialNumber=cad49c71b6114bb75a9276c30a21c3d9e1fc3de3f0dfe45799544056de74cb2b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d4:7b:b6:6c:29:67:62:f3:05:69:34:71:82:
                    b1:20:73:b9:b1:1d:3b:de:36:09:00:6b:17:6b:71:
                    6b:17:7f:fd:cd:ab:6b:01:e1:5e:9e:d0:d4:44:d2:
                    66:4e:26:09:14:ec:41:ac:08:a1:dd:d3:de:91:6c:
                    9d:5e:c2:b5:04:e2:12:f6:f6:4d:69:4a:06:6a:fc:
                    b7:fb:8b:45:f5:d6:b8:7d:ec:2e:45:28:c3:e0:9f:
                    f5:f1:a9:2a:07:f8:5f:53:3b:ed:63:30:d4:53:6b:
                    b1:a4:fc:e1:5b:b7:e6:d8:39:21:2f:4a:1d:39:6d:
                    c8:51:4e:94:30:30:31:55:f5:9b:3e:87:13:e8:d8:
                    14:f0:c3:16:23:74:44:2c:e0:5c:e4:51:f0:4b:82:
                    4a:dd:79:d6:10:97:8b:91:8b:6f:b3:8c:ae:ee:bb:
                    cd:02:91:fc:b0:52:e8:8e:44:ba:8d:74:3b:b5:54:
                    99:58:43:3c:e1:e9:66:56:06:29:81:c2:59:8f:20:
                    a6:d1:86:dc:a3:6b:d9:64:4c:68:02:04:9a:2e:bf:
                    72:a9:13:d1:ae:2a:63:53:ea:eb:66:db:54:77:b9:
                    36:c9:bb:33:0d:25:0c:67:d3:83:fb:d9:0b:28:9c:
                    43:ba:48:0d:3f:25:f0:5f:d4:3a:12:e2:bf:71:f1:
                    e7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:86:1D:F4:2D:D6:8F:44:4B:8C:0F:43:C1:EA:A8:A2:4F:A3:59:B6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1f734b7b-0054-4b65-9299-351974c50ebf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:1b:90:73:d6:da:99:8e:42:08:0d:51:64:5a:7e:a8:52:4b:
         f4:c7:b9:2c:21:d8:8a:ad:ba:ff:76:c6:0b:44:20:b0:e2:5a:
         c4:c7:91:cb:fe:83:61:ee:0e:fd:96:0e:c2:fb:b9:a8:1a:71:
         92:87:1d:b6:51:81:4c:36:b9:bd:d7:7b:3c:9a:9b:65:99:9b:
         48:9b:24:51:33:eb:5e:e3:e2:c3:78:67:db:e7:38:15:ae:08:
         4a:2a:84:1d:20:76:d6:0e:cd:9e:8f:9e:e3:cb:5a:56:f4:d6:
         66:8f:f2:d2:7a:e2:34:06:ff:52:da:3d:dd:da:c1:80:f8:1a:
         8a:00:51:20:de:bf:96:6d:58:64:66:66:99:30:b8:21:52:a2:
         5c:f3:d0:64:d3:3f:2c:4f:18:2a:01:cf:b5:55:b1:e7:ff:09:
         45:41:fc:13:9c:46:18:54:28:aa:fb:6e:18:3c:ca:a2:1d:65:
         ba:97:17:82:0c:ea:c1:f2:e2:04:07:80:eb:33:60:35:9e:89:
         0f:b9:86:f5:c4:bd:8c:a1:13:ae:3a:f1:40:d7:7e:17:b3:27:
         53:3d:9b:82:fb:5b:3a:85:7d:de:54:7c:64:10:19:eb:66:7c:
         c2:40:35:9e:f1:e5:93:be:99:40:e5:c5:00:56:00:30:69:d2:
         b4:41:c9:80
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPyurSh9pVhk6RcKTG6SA+mQcTRIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI5MDAwMDAwWhcNMjMxMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYWQ0OWM3MWI2MTE0YmI3NWE5Mjc2YzMwYTIxYzNkOWUx
ZmMzZGUzZjBkZmU0NTc5OTU0NDA1NmRlNzRjYjJiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCx1Hu2bClnYvMFaTRxgrEgc7mxHTveNgkAaxdrcWsXf/3N
q2sB4V6e0NRE0mZOJgkU7EGsCKHd096RbJ1ewrUE4hL29k1pSgZq/Lf7i0X11rh9
7C5FKMPgn/XxqSoH+F9TO+1jMNRTa7Gk/OFbt+bYOSEvSh05bchRTpQwMDFV9Zs+
hxPo2BTwwxYjdEQs4FzkUfBLgkrdedYQl4uRi2+zjK7uu80CkfywUuiORLqNdDu1
VJlYQzzh6WZWBimBwlmPIKbRhtyja9lkTGgCBJouv3KpE9GuKmNT6utm21R3uTbJ
uzMNJQxn04P72QsonEO6SA0/JfBf1DoS4r9x8ed/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURoYd9C3Wj0RLjA9Dweqook+jWbYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFmNzM0YjdiLTAwNTQtNGI2NS05Mjk5LTM1MTk3NGM1MGViZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFQbkHPW2pmOQggNUWRafqhSS/TH
uSwh2Iqtuv92xgtEILDiWsTHkcv+g2HuDv2WDsL7uagacZKHHbZRgUw2ub3Xezya
m2WZm0ibJFEz617j4sN4Z9vnOBWuCEoqhB0gdtYOzZ6PnuPLWlb01maP8tJ64jQG
/1LaPd3awYD4GooAUSDev5ZtWGRmZpkwuCFSolzz0GTTPyxPGCoBz7VVsef/CUVB
/BOcRhhUKKr7bhg8yqIdZbqXF4IM6sHy4gQHgOszYDWeiQ+5hvXEvYyhE6468UDX
fhezJ1M9m4L7WzqFfd5UfGQQGetmfMJANZ7x5ZO+mUDlxQBWADBp0rRByYA=
-----END CERTIFICATE-----