Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2dadd48a-5315-45ae-91e0-e39bed9a43b0.roa
File:                     2dadd48a-5315-45ae-91e0-e39bed9a43b0.roa (raw, json)
Hash identifier:          RpSujSnLhGuFhBWJh0btJlL4BQ3oI1D4uZWm+K62i+0=
Subject key identifier:   F3:57:A6:98:89:8A:5F:44:44:A3:C9:E0:AC:BD:A0:76:30:32:29:D0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7716458D9F10EAA3A0C4A3163514AB815310E9E4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2dadd48a-5315-45ae-91e0-e39bed9a43b0.roa
Signing time:             Tue 17 Oct 2023 00:00:00 +0000
ROA not before:           Tue 17 Oct 2023 00:00:00 +0000
ROA not after:            Tue 21 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:16:45:8d:9f:10:ea:a3:a0:c4:a3:16:35:14:ab:81:53:10:e9:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 17 00:00:00 2023 GMT
            Not After : Nov 21 23:59:59 2023 GMT
        Subject: serialNumber=2650834a6ef1841f90b66f0b23c1e81f0782681958240e3b9d4e024964f7b040, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:cf:2e:0f:37:ea:21:92:89:b6:29:ac:73:a8:
                    f8:bb:21:b1:12:41:74:ec:49:82:04:ed:d2:c7:85:
                    35:b5:3e:04:8b:9e:24:18:d5:e0:cc:6c:7d:37:c8:
                    11:ac:70:8d:80:a2:0b:63:cc:32:8f:d6:5b:42:40:
                    3c:44:75:18:45:34:4f:c6:34:80:4b:ab:84:ad:62:
                    05:93:29:ea:5c:43:73:67:5a:62:e8:fa:7e:fd:d1:
                    e9:6a:82:c9:0e:be:d0:28:b8:a0:c3:6f:21:52:d4:
                    f5:6b:c6:05:d9:e2:db:e1:e6:d2:48:eb:39:8d:c0:
                    cc:12:2a:37:5a:8a:52:91:f2:66:f7:f8:7c:81:c9:
                    e2:ec:fc:70:92:aa:29:1e:06:1d:80:ee:49:c1:da:
                    25:f2:cb:b6:87:e9:04:90:3b:6d:30:47:d8:bc:d3:
                    5b:4c:fa:0c:72:f4:fd:43:a1:38:b8:44:ab:d8:65:
                    26:d7:20:02:2c:e2:43:37:61:a8:ac:12:2a:d1:3d:
                    31:a9:f4:69:b1:72:ad:65:e0:9a:95:ba:36:56:16:
                    b1:16:e2:66:32:19:3d:1c:46:42:c9:38:08:98:72:
                    c7:8a:e2:cc:1c:9c:5f:65:ef:93:59:8c:04:44:36:
                    ad:7f:35:d0:d1:e1:ad:c1:3d:8b:2b:9b:2d:12:45:
                    bf:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:57:A6:98:89:8A:5F:44:44:A3:C9:E0:AC:BD:A0:76:30:32:29:D0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2dadd48a-5315-45ae-91e0-e39bed9a43b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:85:c1:c0:94:2c:b6:1d:aa:0a:fa:e1:44:1d:26:d5:e4:dd:
         d2:84:6c:89:3f:41:00:62:3b:f6:71:90:d3:05:ca:9c:f5:01:
         2f:d8:a4:88:5e:1c:63:69:23:e3:b9:46:ae:c5:3f:e5:c8:b5:
         7b:f3:1c:97:e7:c4:ef:41:31:fb:30:71:58:4b:4e:77:ca:71:
         ad:83:28:8d:6e:13:1f:54:6d:2c:da:fc:c1:23:84:a3:d1:94:
         df:74:24:7e:57:a5:20:1d:82:3e:a0:60:f5:ed:b0:ed:1f:d5:
         11:71:b1:f0:59:00:99:e5:93:76:38:62:4d:78:2c:1f:e6:b7:
         67:c4:9b:21:cd:ad:e0:83:96:7e:dd:fa:e5:03:9a:51:1d:fb:
         e7:f6:30:56:ca:68:dc:6c:bd:76:bc:11:94:01:44:d4:4a:1a:
         ee:7b:dd:54:b2:31:65:a4:c5:5a:6c:90:ce:5e:e3:89:0e:ec:
         02:c2:07:ed:dd:4b:57:87:da:f0:32:33:05:4d:7f:ec:61:cf:
         25:22:19:a7:6c:bf:f2:55:8b:78:c1:57:0b:01:33:d7:21:ee:
         d9:43:6a:aa:77:21:5e:ae:9d:5e:d2:d2:f6:50:5e:f8:00:c2:
         e2:47:39:19:a3:ca:cd:f0:1d:b2:0f:8a:ad:97:67:c4:90:7a:
         8c:a0:ac:51
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdxZFjZ8Q6qOgxKMWNRSrgVMQ6eQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE3MDAwMDAwWhcNMjMxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNjUwODM0YTZlZjE4NDFmOTBiNjZmMGIyM2MxZTgxZjA3
ODI2ODE5NTgyNDBlM2I5ZDRlMDI0OTY0ZjdiMDQwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCezy4PN+ohkom2KaxzqPi7IbESQXTsSYIE7dLHhTW1PgSL
niQY1eDMbH03yBGscI2AogtjzDKP1ltCQDxEdRhFNE/GNIBLq4StYgWTKepcQ3Nn
WmLo+n790elqgskOvtAouKDDbyFS1PVrxgXZ4tvh5tJI6zmNwMwSKjdailKR8mb3
+HyByeLs/HCSqikeBh2A7knB2iXyy7aH6QSQO20wR9i801tM+gxy9P1DoTi4RKvY
ZSbXIAIs4kM3YaisEirRPTGp9Gmxcq1l4JqVujZWFrEW4mYyGT0cRkLJOAiYcseK
4swcnF9l75NZjARENq1/NdDR4a3BPYsrmy0SRb/zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU81emmImKX0REo8ngrL2gdjAyKdAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJkYWRkNDhhLTUzMTUtNDVhZS05MWUwLWUzOWJlZDlhNDNiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA2FwcCULLYdqgr64UQdJtXk3dKE
bIk/QQBiO/ZxkNMFypz1AS/YpIheHGNpI+O5Rq7FP+XItXvzHJfnxO9BMfswcVhL
TnfKca2DKI1uEx9UbSza/MEjhKPRlN90JH5XpSAdgj6gYPXtsO0f1RFxsfBZAJnl
k3Y4Yk14LB/mt2fEmyHNreCDln7d+uUDmlEd++f2MFbKaNxsvXa8EZQBRNRKGu57
3VSyMWWkxVpskM5e44kO7ALCB+3dS1eH2vAyMwVNf+xhzyUiGadsv/JVi3jBVwsB
M9ch7tlDaqp3IV6unV7S0vZQXvgAwuJHORmjys3wHbIPiq2XZ8SQeoygrFE=
-----END CERTIFICATE-----