Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3651c14c-53f9-4d8f-ab50-6f43d824844d.roa
File:                     3651c14c-53f9-4d8f-ab50-6f43d824844d.roa (raw, json)
Hash identifier:          G2IJGSerP2ttwLcsC4SdYRGpMxdVM1aSEyR2GUXBmJ4=
Subject key identifier:   DB:D6:FD:35:9C:0F:FD:11:35:86:AA:A8:AC:66:CF:CD:11:BC:D8:AC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       11B0D6C140ACCBB38E4AB36D532CEFA104FD6C25
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3651c14c-53f9-4d8f-ab50-6f43d824844d.roa
Signing time:             Mon 09 Oct 2023 00:00:00 +0000
ROA not before:           Mon 09 Oct 2023 00:00:00 +0000
ROA not after:            Mon 13 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:b0:d6:c1:40:ac:cb:b3:8e:4a:b3:6d:53:2c:ef:a1:04:fd:6c:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  9 00:00:00 2023 GMT
            Not After : Nov 13 23:59:59 2023 GMT
        Subject: serialNumber=f9768b382f13c26e9b1bbaa9a1696f3720503f3f308460f8caee07a43abf31f6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f4:9c:62:14:7d:d8:a7:e2:72:2c:85:b6:be:
                    b9:55:a3:9e:fa:e8:4d:11:32:d2:9d:56:66:69:eb:
                    02:44:60:f9:9b:fc:d2:bc:f1:e2:2f:01:75:5f:ce:
                    a9:1a:1d:f4:33:e6:5f:6e:f1:36:d5:f5:a0:4f:1c:
                    20:97:ef:b5:74:2d:99:0f:da:ea:44:be:b8:2b:09:
                    a4:23:7c:91:22:3b:c9:e9:8f:67:3d:29:f8:bf:18:
                    6c:a8:7c:71:89:78:af:c7:f4:f2:46:1b:13:d2:cb:
                    00:3d:0a:fe:f6:82:0d:a6:23:5b:78:f8:8d:91:56:
                    02:2f:1a:74:0e:e1:dd:58:02:39:5e:5f:c4:f1:18:
                    89:b5:7a:68:ba:c5:a9:d2:26:38:81:90:e4:44:71:
                    ab:92:7e:04:4b:f4:24:73:17:8c:bd:53:d8:42:42:
                    19:ac:ee:ea:a0:83:46:51:ba:e5:93:54:80:ea:5d:
                    74:50:2a:7c:b0:3b:d1:e5:c7:45:75:d3:84:f9:98:
                    0d:77:c8:84:1f:c2:5d:f6:4c:80:fe:6c:5e:3b:e8:
                    f5:ed:7f:88:0d:7b:ca:e8:27:74:94:aa:1d:80:1e:
                    74:c4:98:89:09:65:62:4f:bd:05:61:a9:bb:c9:c8:
                    c0:19:ab:92:0e:37:e6:a1:ca:1f:6a:a5:99:2a:70:
                    1e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D6:FD:35:9C:0F:FD:11:35:86:AA:A8:AC:66:CF:CD:11:BC:D8:AC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3651c14c-53f9-4d8f-ab50-6f43d824844d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:89:71:61:c8:bd:a6:75:a7:7c:5b:d4:24:2c:64:bf:ae:0a:
         8e:28:07:af:3b:d2:79:ed:6f:b8:d0:39:8f:19:c6:90:2d:4c:
         e9:a9:27:70:12:46:36:96:d4:69:10:2e:8e:40:ab:60:23:46:
         e4:fb:96:fd:22:54:dd:41:99:29:e1:61:ce:df:fb:9a:6b:f0:
         57:e1:d7:ae:ba:26:4f:7f:dc:f1:99:5f:29:0f:ee:46:97:47:
         64:3c:26:84:e9:98:ff:0c:d8:52:ce:63:d0:46:17:5c:8e:66:
         de:93:11:5f:3c:ec:80:18:3a:50:1c:6e:24:98:90:89:ac:93:
         73:77:6d:6f:51:04:c6:70:61:7c:99:8e:05:57:bb:e5:67:77:
         c3:d0:3e:81:fe:06:0a:26:30:18:d5:2b:9d:a5:d6:17:35:85:
         15:8b:7a:ea:76:82:15:6d:af:f1:52:80:f9:58:5b:59:7c:32:
         fa:63:05:93:c8:c0:b9:9d:e3:ed:92:d5:f6:43:02:46:b6:f9:
         cf:5c:4a:c2:db:e4:5b:80:e7:54:ee:5a:2f:dc:c8:25:92:c8:
         22:90:1e:7d:55:4b:93:9b:96:f1:90:2c:32:72:57:40:26:d4:
         1d:8d:5b:ef:38:6d:bd:b2:ec:ba:f8:53:ce:a5:0e:54:4e:98:
         bb:f6:b4:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEbDWwUCsy7OOSrNtUyzvoQT9bCUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDA5MDAwMDAwWhcNMjMxMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmOTc2OGIzODJmMTNjMjZlOWIxYmJhYTlhMTY5NmYzNzIw
NTAzZjNmMzA4NDYwZjhjYWVlMDdhNDNhYmYzMWY2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs9JxiFH3Yp+JyLIW2vrlVo5766E0RMtKdVmZp6wJEYPmb
/NK88eIvAXVfzqkaHfQz5l9u8TbV9aBPHCCX77V0LZkP2upEvrgrCaQjfJEiO8np
j2c9Kfi/GGyofHGJeK/H9PJGGxPSywA9Cv72gg2mI1t4+I2RVgIvGnQO4d1YAjle
X8TxGIm1emi6xanSJjiBkOREcauSfgRL9CRzF4y9U9hCQhms7uqgg0ZRuuWTVIDq
XXRQKnywO9Hlx0V104T5mA13yIQfwl32TID+bF476PXtf4gNe8roJ3SUqh2AHnTE
mIkJZWJPvQVhqbvJyMAZq5ION+ahyh9qpZkqcB7FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU29b9NZwP/RE1hqqorGbPzRG82KwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM2NTFjMTRjLTUzZjktNGQ4Zi1hYjUwLTZmNDNkODI0ODQ0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFCJcWHIvaZ1p3xb1CQsZL+uCo4o
B6870nntb7jQOY8ZxpAtTOmpJ3ASRjaW1GkQLo5Aq2AjRuT7lv0iVN1BmSnhYc7f
+5pr8Ffh1666Jk9/3PGZXykP7kaXR2Q8JoTpmP8M2FLOY9BGF1yOZt6TEV887IAY
OlAcbiSYkImsk3N3bW9RBMZwYXyZjgVXu+Vnd8PQPoH+BgomMBjVK52l1hc1hRWL
eup2ghVtr/FSgPlYW1l8MvpjBZPIwLmd4+2S1fZDAka2+c9cSsLb5FuA51TuWi/c
yCWSyCKQHn1VS5OblvGQLDJyV0Am1B2NW+84bb2y7Lr4U86lDlROmLv2tJg=
-----END CERTIFICATE-----