Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4462d21a-6ae8-4baa-ac21-ebbc2f3aaf58.roa
File:                     4462d21a-6ae8-4baa-ac21-ebbc2f3aaf58.roa (raw, json)
Hash identifier:          8Zs9J6/dBr/qtasm8yOWhQVRkNFbMxAWFrZTg1bzMYU=
Subject key identifier:   99:37:00:86:2B:36:86:26:95:F2:5A:74:DC:49:B8:D2:37:47:06:2D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       466E98F5C16D102F792796FA2ED9DFBA455C2F01
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4462d21a-6ae8-4baa-ac21-ebbc2f3aaf58.roa
Signing time:             Mon 02 Oct 2023 00:00:00 +0000
ROA not before:           Mon 02 Oct 2023 00:00:00 +0000
ROA not after:            Mon 06 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:6e:98:f5:c1:6d:10:2f:79:27:96:fa:2e:d9:df:ba:45:5c:2f:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  2 00:00:00 2023 GMT
            Not After : Nov  6 23:59:59 2023 GMT
        Subject: serialNumber=5af098bc2c9d400681ae43dc2883cc34739db2d113db044a9b431c60bb204580, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ea:4a:60:1a:16:55:48:0b:80:bf:12:d8:4a:
                    eb:93:90:46:ec:60:37:69:75:db:8a:43:3c:64:90:
                    41:31:6b:e6:dd:5d:d4:2f:36:ba:de:91:cc:ba:08:
                    c9:54:21:fb:f6:8b:ab:0d:c5:01:aa:c7:46:3c:fc:
                    8b:4b:6b:25:06:f6:d6:6e:44:ca:63:f3:ee:b8:93:
                    dc:f6:d5:d9:fe:d0:81:bf:cd:7e:97:51:82:60:cb:
                    27:e6:f0:81:75:17:20:db:ee:51:e3:54:7b:e3:da:
                    36:8c:7d:a8:4c:0e:4c:77:e6:e7:da:81:6a:2b:29:
                    4d:ad:45:2a:88:ad:54:13:88:1f:83:ed:62:92:f3:
                    2d:f9:50:b4:c2:33:0d:cd:9d:7f:af:96:10:d1:79:
                    f5:e9:71:a5:9d:3d:78:6f:52:80:79:97:cd:6f:3c:
                    aa:9a:2d:0a:e5:43:b2:40:5c:0a:d5:ca:ba:e0:5f:
                    5a:d7:8f:12:27:66:6e:b1:35:bf:80:c4:4b:1e:ba:
                    9b:15:00:84:9b:f3:2f:54:9a:9e:b7:a1:90:e4:ba:
                    3e:38:ee:95:ad:f8:31:c6:33:36:17:9a:05:c5:e9:
                    98:11:96:e8:d6:a6:3a:4f:0b:2f:51:57:3d:ba:09:
                    17:b2:22:fa:ee:9d:5e:e1:a4:c6:13:19:b3:26:96:
                    7e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:37:00:86:2B:36:86:26:95:F2:5A:74:DC:49:B8:D2:37:47:06:2D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4462d21a-6ae8-4baa-ac21-ebbc2f3aaf58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:fd:8e:4b:b2:30:db:12:a0:48:95:8f:2f:a0:80:7d:90:48:
         0b:fe:b2:bf:88:44:1b:fe:81:0d:b6:ef:4f:4f:16:16:c1:1f:
         43:5c:0d:3e:e3:b3:73:ad:8a:8d:58:7d:eb:a2:04:1a:82:82:
         3f:dd:36:a0:59:e6:7a:93:9d:67:bf:19:ba:9a:ec:cc:3e:40:
         00:c4:9b:97:a2:61:27:27:5e:ca:7f:a4:cd:f9:8d:7c:db:2e:
         3a:ce:ba:82:22:ec:e8:34:fa:e5:d2:7c:f4:3a:79:c3:ee:78:
         b6:5a:68:f2:90:98:b8:05:d6:d2:7f:2b:88:fe:4f:1a:31:c4:
         cd:21:50:d7:e7:73:60:f2:06:89:80:c0:e2:8f:bf:7b:d5:23:
         b7:e0:91:3f:0d:a4:c9:2c:b9:6f:a3:f4:8c:6b:7a:1f:53:89:
         c3:ab:a7:79:c8:89:ca:d8:a8:e0:9c:da:b2:10:61:c6:bc:a0:
         57:be:8b:4a:ca:b9:bd:f3:6d:d3:49:13:b2:5b:e9:bc:6c:56:
         e4:e9:61:8c:4d:4f:c6:78:0e:01:2c:b0:82:61:59:7c:fc:c7:
         f7:d7:a5:38:42:70:1c:17:f0:45:37:f9:58:cd:88:96:11:46:
         26:52:54:6d:80:32:b9:58:1a:c5:40:77:92:88:c9:03:46:4d:
         81:15:c2:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURm6Y9cFtEC95J5b6LtnfukVcLwEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDAyMDAwMDAwWhcNMjMxMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YWYwOThiYzJjOWQ0MDA2ODFhZTQzZGMyODgzY2MzNDcz
OWRiMmQxMTNkYjA0NGE5YjQzMWM2MGJiMjA0NTgwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQ6kpgGhZVSAuAvxLYSuuTkEbsYDdpdduKQzxkkEExa+bd
XdQvNrrekcy6CMlUIfv2i6sNxQGqx0Y8/ItLayUG9tZuRMpj8+64k9z21dn+0IG/
zX6XUYJgyyfm8IF1FyDb7lHjVHvj2jaMfahMDkx35ufagWorKU2tRSqIrVQTiB+D
7WKS8y35ULTCMw3NnX+vlhDRefXpcaWdPXhvUoB5l81vPKqaLQrlQ7JAXArVyrrg
X1rXjxInZm6xNb+AxEseupsVAISb8y9Ump63oZDkuj447pWt+DHGMzYXmgXF6ZgR
lujWpjpPCy9RVz26CReyIvrunV7hpMYTGbMmln53AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmTcAhis2hiaV8lp03Em40jdHBi0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ0NjJkMjFhLTZhZTgtNGJhYS1hYzIxLWViYmMyZjNhYWY1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACr9jkuyMNsSoEiVjy+ggH2QSAv+
sr+IRBv+gQ22709PFhbBH0NcDT7js3Otio1YfeuiBBqCgj/dNqBZ5nqTnWe/Gbqa
7Mw+QADEm5eiYScnXsp/pM35jXzbLjrOuoIi7Og0+uXSfPQ6ecPueLZaaPKQmLgF
1tJ/K4j+TxoxxM0hUNfnc2DyBomAwOKPv3vVI7fgkT8NpMksuW+j9Ixreh9TicOr
p3nIicrYqOCc2rIQYca8oFe+i0rKub3zbdNJE7Jb6bxsVuTpYYxNT8Z4DgEssIJh
WXz8x/fXpThCcBwX8EU3+VjNiJYRRiZSVG2AMrlYGsVAd5KIyQNGTYEVwkc=
-----END CERTIFICATE-----