Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/31d09207-79d0-4415-ab1a-daa2f33c83b5.roa
File:                     31d09207-79d0-4415-ab1a-daa2f33c83b5.roa (raw, json)
Hash identifier:          1btfx92+XV75O/Bh8nonEP8ZUndBJLJJtJjVPoEFIlc=
Subject key identifier:   A4:FB:BF:81:44:EC:80:C8:86:3D:BD:D0:3B:F1:AD:9E:3A:15:02:36
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5081D61F8CF47AD15C9D8901C7BDB9B51EC2A7F6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/31d09207-79d0-4415-ab1a-daa2f33c83b5.roa
Signing time:             Fri 15 Sep 2023 00:00:00 +0000
ROA not before:           Fri 15 Sep 2023 00:00:00 +0000
ROA not after:            Fri 20 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:81:d6:1f:8c:f4:7a:d1:5c:9d:89:01:c7:bd:b9:b5:1e:c2:a7:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 15 00:00:00 2023 GMT
            Not After : Oct 20 23:59:59 2023 GMT
        Subject: serialNumber=7d7b51dd8a9c1580ad3bbae6c310b42a1597c944afafbdf7761c414e6fe9bf23, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e2:97:4f:59:7b:83:9e:02:c4:9e:0a:c3:a8:
                    3e:58:53:d8:77:6d:ec:52:ea:80:82:cd:39:5a:dc:
                    0d:9f:74:97:0a:89:d3:9c:10:13:40:74:e4:dc:6d:
                    db:63:29:2e:b9:20:dd:7a:3e:0f:26:0f:97:f8:66:
                    9a:fb:a6:81:be:a3:30:75:97:b9:31:18:25:36:b5:
                    3d:5b:f1:19:89:36:b9:82:76:30:0b:4b:2c:4c:cb:
                    05:23:09:1a:a0:41:e7:76:4e:dd:ad:24:d2:56:9e:
                    f9:6c:cd:0c:25:97:12:ef:72:36:39:86:f6:35:74:
                    02:3c:08:bb:22:1f:dd:a9:f2:a5:a7:54:da:a9:25:
                    ff:9c:19:2a:de:8f:a0:f6:70:63:85:ce:21:f9:fb:
                    48:ee:15:3d:12:84:3b:74:85:95:73:fc:29:4d:73:
                    3d:79:70:64:53:76:44:d1:4c:b3:6c:e6:1e:7f:2d:
                    fc:10:79:96:a2:29:a6:11:93:1c:94:b8:4f:48:43:
                    3e:86:d9:cf:66:39:eb:b0:31:1a:58:6b:00:bc:be:
                    cd:45:e5:a8:a2:af:41:a6:04:de:c3:9e:34:2e:3f:
                    fc:19:8b:6d:13:2b:53:8b:08:53:28:b1:54:2a:21:
                    77:0a:68:74:1f:93:e8:65:11:42:4b:51:a4:22:59:
                    a0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:FB:BF:81:44:EC:80:C8:86:3D:BD:D0:3B:F1:AD:9E:3A:15:02:36
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/31d09207-79d0-4415-ab1a-daa2f33c83b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:8b:a9:04:e4:3e:23:24:2c:82:f8:b7:f9:36:9c:7c:f9:04:
         c3:74:ae:fb:a3:ba:bd:0f:01:f3:36:f0:03:9f:90:d0:39:d2:
         58:91:88:d7:2b:3c:09:4b:09:c4:cd:6c:48:6e:d6:3d:3d:cd:
         01:a6:54:02:45:86:49:c4:24:ab:f3:e0:ab:17:c7:1f:43:93:
         2e:88:86:09:5c:3c:81:cf:34:bd:c6:7b:d5:9e:28:de:63:dd:
         15:80:fc:12:0b:e2:6a:e9:ed:36:b9:b0:20:82:b2:81:08:a5:
         d8:f5:27:d4:5a:94:1e:1b:94:90:01:a5:3c:44:17:f2:31:ae:
         f0:af:74:f7:4c:c4:1a:ee:6d:25:e5:1b:6e:6a:39:55:17:99:
         76:24:e6:70:59:59:d1:2a:cb:38:d6:2a:fb:26:c3:8d:74:5b:
         4f:77:d3:14:a7:17:73:0c:a6:c5:62:63:9b:8d:f6:d4:3b:49:
         13:f9:6b:20:61:50:87:62:54:3e:22:28:13:44:3b:1a:ba:e7:
         d0:e6:68:70:f7:46:c2:f3:bb:ac:62:64:df:76:97:81:80:56:
         97:9a:06:54:fa:09:84:ea:da:af:c8:67:9a:28:64:fd:21:7a:
         04:28:21:dd:3b:66:3c:bf:15:67:3a:cb:9f:1a:aa:90:66:88:
         2f:00:b0:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUIHWH4z0etFcnYkBx725tR7Cp/YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE1MDAwMDAwWhcNMjMxMDIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDdiNTFkZDhhOWMxNTgwYWQzYmJhZTZjMzEwYjQyYTE1
OTdjOTQ0YWZhZmJkZjc3NjFjNDE0ZTZmZTliZjIzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd4pdPWXuDngLEngrDqD5YU9h3bexS6oCCzTla3A2fdJcK
idOcEBNAdOTcbdtjKS65IN16Pg8mD5f4Zpr7poG+ozB1l7kxGCU2tT1b8RmJNrmC
djALSyxMywUjCRqgQed2Tt2tJNJWnvlszQwllxLvcjY5hvY1dAI8CLsiH92p8qWn
VNqpJf+cGSrej6D2cGOFziH5+0juFT0ShDt0hZVz/ClNcz15cGRTdkTRTLNs5h5/
LfwQeZaiKaYRkxyUuE9IQz6G2c9mOeuwMRpYawC8vs1F5aiir0GmBN7DnjQuP/wZ
i20TK1OLCFMosVQqIXcKaHQfk+hlEUJLUaQiWaCFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpPu/gUTsgMiGPb3QO/GtnjoVAjYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMxZDA5MjA3LTc5ZDAtNDQxNS1hYjFhLWRhYTJmMzNjODNiNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALOLqQTkPiMkLIL4t/k2nHz5BMN0
rvujur0PAfM28AOfkNA50liRiNcrPAlLCcTNbEhu1j09zQGmVAJFhknEJKvz4KsX
xx9Dky6IhglcPIHPNL3Ge9WeKN5j3RWA/BIL4mrp7Ta5sCCCsoEIpdj1J9RalB4b
lJABpTxEF/IxrvCvdPdMxBrubSXlG25qOVUXmXYk5nBZWdEqyzjWKvsmw410W093
0xSnF3MMpsViY5uN9tQ7SRP5ayBhUIdiVD4iKBNEOxq659DmaHD3RsLzu6xiZN92
l4GAVpeaBlT6CYTq2q/IZ5ooZP0hegQoId07Zjy/FWc6y58aqpBmiC8AsCY=
-----END CERTIFICATE-----