Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/42793aa1-4aef-48f9-8d05-fc9b69368321.roa
File:                     42793aa1-4aef-48f9-8d05-fc9b69368321.roa (raw, json)
Hash identifier:          rQVJjZ2YZWNJv4t+PHxD5igQBFL9C2VVPTrvsjMvOZU=
Subject key identifier:   48:8E:5E:1F:64:96:DF:C2:A5:DB:25:8D:22:85:DD:E4:44:24:BA:7E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       38B80D4AB4B28133DDBDDF96E8D9315044DEA192
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/42793aa1-4aef-48f9-8d05-fc9b69368321.roa
Signing time:             Tue 24 Oct 2023 00:00:00 +0000
ROA not before:           Tue 24 Oct 2023 00:00:00 +0000
ROA not after:            Tue 28 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:b8:0d:4a:b4:b2:81:33:dd:bd:df:96:e8:d9:31:50:44:de:a1:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 24 00:00:00 2023 GMT
            Not After : Nov 28 23:59:59 2023 GMT
        Subject: serialNumber=01a7d010deec05bdf07de1b07a434ed2f646db42c124d9e69c3099a76d8d3e0c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e6:28:42:21:62:dc:85:0d:bd:39:23:44:82:
                    e0:fe:4b:b9:2a:0a:58:6a:d3:dd:f2:03:e0:db:39:
                    f0:70:0a:82:73:78:8f:f6:ad:41:0f:e3:7d:97:c4:
                    fc:03:9d:06:2d:bd:3a:2b:d9:af:d0:91:d1:55:53:
                    a8:db:7b:34:1a:02:26:a0:60:d2:bc:af:b1:f9:b1:
                    9c:be:c0:5e:fd:42:16:c1:4e:eb:f7:27:a7:67:c2:
                    fd:c2:71:a9:bb:44:4b:e0:d0:13:5c:55:ce:7c:50:
                    d3:6c:7c:16:9d:61:3c:f1:df:bc:56:0b:8f:51:3c:
                    8c:b1:04:df:49:a1:3e:38:16:7d:e0:f1:b1:c7:98:
                    81:ac:10:57:8c:41:59:5e:c2:e6:73:56:0c:38:30:
                    26:c3:2c:08:ba:a2:6b:66:81:ad:b1:cd:6f:d9:6f:
                    4c:75:08:1c:b3:e6:54:ff:b2:94:0c:90:59:82:27:
                    6e:53:ed:b9:ae:f4:18:bf:24:51:e1:b0:04:56:e2:
                    66:3c:9a:6a:e2:06:f3:b2:72:69:c6:1c:eb:a0:f4:
                    bd:db:b0:43:14:1f:47:8a:70:de:27:4f:48:13:cf:
                    85:55:57:5f:2b:3a:c7:14:21:f5:74:7e:4f:b6:73:
                    fb:a6:98:38:c6:91:07:50:f3:58:ad:35:76:4e:54:
                    f7:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:8E:5E:1F:64:96:DF:C2:A5:DB:25:8D:22:85:DD:E4:44:24:BA:7E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/42793aa1-4aef-48f9-8d05-fc9b69368321.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:8e:77:68:ba:21:54:3b:14:84:16:4b:0f:ae:d2:2f:9f:5d:
         25:ad:29:45:00:18:cc:c9:17:8f:60:24:67:9c:31:14:42:a5:
         66:d3:fe:64:23:3d:58:09:93:d2:4d:67:55:df:22:b2:93:e7:
         51:cf:a9:1f:a8:a8:05:90:23:1e:ca:53:7b:01:48:5e:be:c1:
         93:43:2e:0b:7c:66:61:f8:0a:85:be:d5:86:a7:18:05:7f:43:
         ec:f2:43:a3:64:3a:5b:b5:2d:98:87:28:38:57:bb:90:a3:88:
         58:d5:8b:47:8e:88:36:47:18:b8:16:2d:b0:86:7e:22:93:30:
         0a:a1:f2:21:de:78:92:c5:a4:b0:1a:cf:a8:12:e5:d5:01:1f:
         24:eb:88:0d:c6:14:73:f5:81:e9:4a:0d:f2:5b:58:1b:7d:ed:
         c5:13:8d:58:5e:1d:89:40:6c:17:10:58:70:64:4f:c4:50:0f:
         08:9e:74:b3:7b:f4:26:7b:46:84:06:df:b9:1b:75:5a:67:4d:
         6f:d3:46:c4:ad:35:43:b8:f8:70:d3:0b:dd:88:a3:88:de:54:
         73:ac:81:f1:33:7a:01:9d:b8:79:fa:0a:69:24:ef:8d:c2:75:
         54:97:d8:42:c0:81:f1:d9:ab:4c:6a:f2:3f:32:4f:57:e8:2d:
         60:0a:b4:d4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOLgNSrSygTPdvd+W6NkxUETeoZIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI0MDAwMDAwWhcNMjMxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMWE3ZDAxMGRlZWMwNWJkZjA3ZGUxYjA3YTQzNGVkMmY2
NDZkYjQyYzEyNGQ5ZTY5YzMwOTlhNzZkOGQzZTBjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCV5ihCIWLchQ29OSNEguD+S7kqClhq093yA+DbOfBwCoJz
eI/2rUEP432XxPwDnQYtvTor2a/QkdFVU6jbezQaAiagYNK8r7H5sZy+wF79QhbB
Tuv3J6dnwv3Ccam7REvg0BNcVc58UNNsfBadYTzx37xWC49RPIyxBN9JoT44Fn3g
8bHHmIGsEFeMQVlewuZzVgw4MCbDLAi6omtmga2xzW/Zb0x1CByz5lT/spQMkFmC
J25T7bmu9Bi/JFHhsARW4mY8mmriBvOycmnGHOug9L3bsEMUH0eKcN4nT0gTz4VV
V18rOscUIfV0fk+2c/ummDjGkQdQ81itNXZOVPfDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSI5eH2SW38Kl2yWNIoXd5EQkun4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQyNzkzYWExLTRhZWYtNDhmOS04ZDA1LWZjOWI2OTM2ODMyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKCOd2i6IVQ7FIQWSw+u0i+fXSWt
KUUAGMzJF49gJGecMRRCpWbT/mQjPVgJk9JNZ1XfIrKT51HPqR+oqAWQIx7KU3sB
SF6+wZNDLgt8ZmH4CoW+1YanGAV/Q+zyQ6NkOlu1LZiHKDhXu5CjiFjVi0eOiDZH
GLgWLbCGfiKTMAqh8iHeeJLFpLAaz6gS5dUBHyTriA3GFHP1gelKDfJbWBt97cUT
jVheHYlAbBcQWHBkT8RQDwiedLN79CZ7RoQG37kbdVpnTW/TRsStNUO4+HDTC92I
o4jeVHOsgfEzegGduHn6Cmkk743CdVSX2ELAgfHZq0xq8j8yT1foLWAKtNQ=
-----END CERTIFICATE-----