Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/21ce4652-930d-4fa4-b78b-6a591266d851.roa
File:                     21ce4652-930d-4fa4-b78b-6a591266d851.roa (raw, json)
Hash identifier:          aL3cDvev6bNXLvFljPX4PEtHT00GVQkqlxHSpUIHarw=
Subject key identifier:   EE:1D:BE:A6:A3:CE:09:F5:64:5A:D8:DA:60:1D:AF:AD:87:48:91:1F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       15ED1D09B4E05D2B4EB097A86D2261A6981590DD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/21ce4652-930d-4fa4-b78b-6a591266d851.roa
Signing time:             Sat 07 Oct 2023 00:00:00 +0000
ROA not before:           Sat 07 Oct 2023 00:00:00 +0000
ROA not after:            Sat 11 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:ed:1d:09:b4:e0:5d:2b:4e:b0:97:a8:6d:22:61:a6:98:15:90:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  7 00:00:00 2023 GMT
            Not After : Nov 11 23:59:59 2023 GMT
        Subject: serialNumber=608227efd2e1695c1c34bec564028e40c4e97ba4a1cedef1f58be7a13a33a894, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:bc:ef:80:68:04:9e:ab:ce:29:ad:81:67:6a:
                    15:92:54:8a:4e:eb:86:08:66:8c:bf:b6:4c:98:09:
                    59:93:b8:87:b5:04:f5:8f:91:eb:9e:6f:e8:93:65:
                    25:40:87:16:ac:ca:d8:43:e3:42:81:f3:1d:ff:15:
                    64:fe:f8:7c:6b:00:2e:7f:76:6f:ca:ad:a8:65:b6:
                    9a:31:76:09:4f:df:c3:12:7b:51:5f:e9:6e:23:47:
                    1f:51:64:a4:91:8b:c9:66:15:83:d0:03:66:36:bb:
                    3b:26:c8:c7:5e:5e:70:d0:82:70:41:11:78:3f:2d:
                    4e:ab:26:55:90:e6:5a:12:ff:8e:53:d2:a8:3d:1b:
                    bd:b8:6d:c1:22:e1:79:98:af:84:50:16:97:53:60:
                    6d:66:4a:57:46:30:9b:10:4d:ad:31:56:d5:39:41:
                    d4:78:a4:44:5a:a9:93:79:03:67:fc:d5:c4:e1:0b:
                    ec:31:c6:68:d0:2e:18:ad:9e:24:1b:d4:1b:c8:e1:
                    65:3b:1f:8e:e1:d0:ae:0f:14:4a:38:1a:fe:38:25:
                    ca:1e:54:b9:8d:36:ad:c7:d5:89:1e:5e:f1:60:04:
                    0f:a7:87:16:72:ec:db:bf:fe:d0:be:a4:75:8e:af:
                    e9:b9:6c:a3:c5:f0:3d:e7:bb:ce:91:be:5e:5a:5e:
                    b4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:1D:BE:A6:A3:CE:09:F5:64:5A:D8:DA:60:1D:AF:AD:87:48:91:1F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/21ce4652-930d-4fa4-b78b-6a591266d851.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:b7:61:a3:c4:8a:9b:9f:fe:ab:9f:71:c8:96:a6:b4:4d:1f:
         c8:9f:10:f5:8a:58:41:0b:e5:9b:51:90:47:e7:9b:70:e1:88:
         e3:5b:22:f9:2a:10:fa:f6:1c:8b:8a:e4:b9:77:e9:13:a1:df:
         b4:e6:68:6e:24:35:ed:8a:26:4c:65:bb:68:84:87:49:39:01:
         df:03:59:27:d5:1e:58:9b:b8:6c:eb:98:82:ca:6f:ce:34:63:
         7e:bc:6d:b3:6e:8e:9b:40:52:29:ce:f8:5b:cf:74:da:0f:0b:
         dc:f2:59:86:41:90:5f:26:43:38:9e:44:57:e2:1d:85:da:71:
         96:43:ef:8b:de:d8:56:2a:04:10:0b:b5:55:29:d1:05:81:25:
         d9:6b:d0:9f:1c:02:77:7d:28:b1:5f:17:a6:da:3d:1f:99:88:
         26:13:c9:da:d6:48:0d:11:49:15:78:b9:58:7d:d4:d6:3c:31:
         68:cc:dd:db:84:9a:01:bd:9b:51:8d:9e:e0:e3:03:42:d1:bb:
         f9:77:02:ed:a1:e0:00:a2:67:fe:6e:e4:14:a0:32:fb:f5:cd:
         97:cb:f3:0d:5a:1b:ac:b1:6a:2a:59:3e:6d:1c:0e:53:41:9a:
         8e:2c:28:ba:72:8b:1f:51:09:a7:da:88:be:b5:90:f2:7a:b4:
         7f:5d:4f:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFe0dCbTgXStOsJeobSJhppgVkN0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDA3MDAwMDAwWhcNMjMxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDgyMjdlZmQyZTE2OTVjMWMzNGJlYzU2NDAyOGU0MGM0
ZTk3YmE0YTFjZWRlZjFmNThiZTdhMTNhMzNhODk0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkvO+AaASeq84prYFnahWSVIpO64YIZoy/tkyYCVmTuIe1
BPWPkeueb+iTZSVAhxasythD40KB8x3/FWT++HxrAC5/dm/KrahltpoxdglP38MS
e1Ff6W4jRx9RZKSRi8lmFYPQA2Y2uzsmyMdeXnDQgnBBEXg/LU6rJlWQ5loS/45T
0qg9G724bcEi4XmYr4RQFpdTYG1mSldGMJsQTa0xVtU5QdR4pERaqZN5A2f81cTh
C+wxxmjQLhitniQb1BvI4WU7H47h0K4PFEo4Gv44JcoeVLmNNq3H1YkeXvFgBA+n
hxZy7Nu//tC+pHWOr+m5bKPF8D3nu86Rvl5aXrSlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7h2+pqPOCfVkWtjaYB2vrYdIkR8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIxY2U0NjUyLTkzMGQtNGZhNC1iNzhiLTZhNTkxMjY2ZDg1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHe3YaPEipuf/qufcciWprRNH8if
EPWKWEEL5ZtRkEfnm3DhiONbIvkqEPr2HIuK5Ll36ROh37TmaG4kNe2KJkxlu2iE
h0k5Ad8DWSfVHlibuGzrmILKb840Y368bbNujptAUinO+FvPdNoPC9zyWYZBkF8m
QzieRFfiHYXacZZD74ve2FYqBBALtVUp0QWBJdlr0J8cAnd9KLFfF6baPR+ZiCYT
ydrWSA0RSRV4uVh91NY8MWjM3duEmgG9m1GNnuDjA0LRu/l3Au2h4ACiZ/5u5BSg
Mvv1zZfL8w1aG6yxaipZPm0cDlNBmo4sKLpyix9RCafaiL61kPJ6tH9dT/g=
-----END CERTIFICATE-----