Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4105c8d7-301c-48b3-a288-53cebdfed6e7.roa
File:                     4105c8d7-301c-48b3-a288-53cebdfed6e7.roa (raw, json)
Hash identifier:          nlVpJGB09cuwDc6V70RWN61jsWnZNGVVW8Q+GZU4XAw=
Subject key identifier:   80:5D:6E:BB:EF:97:0C:22:F8:9F:0D:C1:38:02:E7:55:D6:22:2F:0C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       61BF61108490322D38C9A0455EFE79361432B8E0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4105c8d7-301c-48b3-a288-53cebdfed6e7.roa
Signing time:             Sat 16 Sep 2023 00:00:00 +0000
ROA not before:           Sat 16 Sep 2023 00:00:00 +0000
ROA not after:            Sat 21 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:bf:61:10:84:90:32:2d:38:c9:a0:45:5e:fe:79:36:14:32:b8:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 16 00:00:00 2023 GMT
            Not After : Oct 21 23:59:59 2023 GMT
        Subject: serialNumber=d52c2c2e4ca870ba180ba50137edcbdd717c1b66740ed591b2b6f0db3a0a4212, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:53:16:78:4f:50:f0:35:62:39:a5:83:ae:97:
                    a0:d4:e6:a9:97:bf:a1:37:b9:b2:f1:ec:19:38:e1:
                    74:50:8c:d3:42:36:fb:99:d9:5a:ac:ca:c2:36:2b:
                    ac:a0:70:d9:8a:e9:2f:39:2a:e8:57:58:08:a3:6a:
                    8f:78:95:36:7d:d5:bb:11:41:89:12:30:ec:7b:82:
                    4d:31:f5:0c:33:8f:01:3b:a9:17:21:f2:44:14:38:
                    4a:22:88:62:d8:be:5f:55:69:86:ab:5e:a6:d9:2d:
                    2a:44:20:30:44:0e:7a:32:51:38:ee:58:b4:03:c8:
                    37:22:23:97:68:07:5d:a2:17:f3:52:de:62:c3:b9:
                    e2:c1:0f:79:ab:87:65:c1:ce:6c:65:c8:e8:1e:e2:
                    d8:7f:e0:61:97:1b:5c:8a:c4:57:99:8b:fd:84:75:
                    b8:9a:73:09:69:af:73:cc:d3:7a:bc:e3:a3:65:d6:
                    25:49:f8:59:01:d4:6d:f8:44:2d:f4:5c:72:84:f5:
                    7a:ea:70:0d:f4:e4:f4:f3:f8:53:fc:a8:83:fe:f6:
                    28:d3:f2:ca:12:9d:2b:99:96:c1:19:5b:6f:18:b2:
                    9b:07:13:4f:7a:30:33:84:a8:db:0f:5a:1d:f6:6d:
                    a6:a1:0b:79:96:30:e5:12:86:84:f4:9e:d7:15:91:
                    82:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:5D:6E:BB:EF:97:0C:22:F8:9F:0D:C1:38:02:E7:55:D6:22:2F:0C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4105c8d7-301c-48b3-a288-53cebdfed6e7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:2f:cf:dc:9f:73:52:08:4f:ae:aa:3e:47:e2:be:e1:c2:53:
         a3:4f:4f:24:da:18:84:75:62:f1:8c:8b:c4:7f:d9:11:ea:c6:
         4b:d8:4d:87:c2:16:79:be:53:41:da:14:89:1e:ad:c5:c5:af:
         e3:92:73:66:ab:58:0a:1d:59:fd:f6:6d:b0:1c:36:09:16:f7:
         8b:94:80:02:b0:a5:bc:76:76:2f:ef:4e:ab:7a:28:66:d3:cd:
         0f:be:76:77:3f:6b:12:be:d3:d9:0a:ba:78:fb:4b:3c:08:6e:
         c6:95:f6:c2:04:63:ad:43:72:8f:9a:b8:53:f6:7a:2b:91:a1:
         7d:9f:46:3c:9c:b0:05:19:14:f1:e3:71:ba:a7:0a:0e:9a:05:
         f0:12:0e:24:53:38:09:98:17:41:70:54:85:f1:d7:ae:09:93:
         4a:b1:46:57:21:8e:e1:58:b9:e6:82:6f:ca:65:37:76:52:a4:
         30:55:26:4e:d9:57:d6:7d:ae:9e:e0:1f:9d:e1:6e:29:d3:d8:
         f2:7e:d6:6c:64:d6:1e:84:75:8f:b4:2c:fe:82:4d:1e:12:ba:
         51:f2:eb:cb:7b:a8:ef:4f:59:4d:09:f3:42:b5:25:34:2e:10:
         c4:3c:3a:d0:de:02:86:4a:89:e6:f1:aa:e0:c7:7c:e0:12:1f:
         52:2b:65:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYb9hEISQMi04yaBFXv55NhQyuOAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE2MDAwMDAwWhcNMjMxMDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTJjMmMyZTRjYTg3MGJhMTgwYmE1MDEzN2VkY2JkZDcx
N2MxYjY2NzQwZWQ1OTFiMmI2ZjBkYjNhMGE0MjEyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbUxZ4T1DwNWI5pYOul6DU5qmXv6E3ubLx7Bk44XRQjNNC
NvuZ2VqsysI2K6ygcNmK6S85KuhXWAijao94lTZ91bsRQYkSMOx7gk0x9QwzjwE7
qRch8kQUOEoiiGLYvl9VaYarXqbZLSpEIDBEDnoyUTjuWLQDyDciI5doB12iF/NS
3mLDueLBD3mrh2XBzmxlyOge4th/4GGXG1yKxFeZi/2Edbiacwlpr3PM03q846Nl
1iVJ+FkB1G34RC30XHKE9XrqcA305PTz+FP8qIP+9ijT8soSnSuZlsEZW28YspsH
E096MDOEqNsPWh32baahC3mWMOUShoT0ntcVkYJDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgF1uu++XDCL4nw3BOALnVdYiLwwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQxMDVjOGQ3LTMwMWMtNDhiMy1hMjg4LTUzY2ViZGZlZDZlNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF0vz9yfc1IIT66qPkfivuHCU6NP
TyTaGIR1YvGMi8R/2RHqxkvYTYfCFnm+U0HaFIkercXFr+OSc2arWAodWf32bbAc
NgkW94uUgAKwpbx2di/vTqt6KGbTzQ++dnc/axK+09kKunj7SzwIbsaV9sIEY61D
co+auFP2eiuRoX2fRjycsAUZFPHjcbqnCg6aBfASDiRTOAmYF0FwVIXx164Jk0qx
RlchjuFYueaCb8plN3ZSpDBVJk7ZV9Z9rp7gH53hbinT2PJ+1mxk1h6EdY+0LP6C
TR4SulHy68t7qO9PWU0J80K1JTQuEMQ8OtDeAoZKiebxquDHfOASH1IrZZA=
-----END CERTIFICATE-----