Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/49802787-1c5e-4261-b97e-a7ac7d236c12.roa
File:                     49802787-1c5e-4261-b97e-a7ac7d236c12.roa (raw, json)
Hash identifier:          sYpkl43tHIKAtvhp8CWVIAPIq1DcsjnmRVQ3gS894zQ=
Subject key identifier:   32:02:6C:1F:2F:80:5A:80:D4:99:02:BF:48:D9:AA:B1:4B:4F:FC:17
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2FD87E65EC8EE93328C7C6D642192193663172B1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/49802787-1c5e-4261-b97e-a7ac7d236c12.roa
Signing time:             Mon 16 Oct 2023 00:00:00 +0000
ROA not before:           Mon 16 Oct 2023 00:00:00 +0000
ROA not after:            Mon 20 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:d8:7e:65:ec:8e:e9:33:28:c7:c6:d6:42:19:21:93:66:31:72:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 16 00:00:00 2023 GMT
            Not After : Nov 20 23:59:59 2023 GMT
        Subject: serialNumber=484bea16f559d8fc84f8b342983003cda0a34670d8e8b331ba7cb3de2b8df069, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:47:99:2d:9e:75:92:69:d8:47:75:7b:e9:7d:
                    88:57:24:a5:6d:3a:5e:00:73:b0:3b:1b:17:fd:fc:
                    86:fc:cd:96:e7:74:e8:c8:2c:e8:bd:24:d8:f2:e8:
                    d0:66:89:e7:b8:4c:12:c6:b8:4c:c4:8c:f0:76:86:
                    26:0d:4b:af:a8:7c:3e:6b:d1:17:91:f4:f1:8c:c6:
                    7a:a8:2d:97:4f:51:05:95:4a:79:e3:bf:6a:c1:9b:
                    f7:2f:4b:be:97:c7:23:4e:00:53:bd:c7:31:6f:fd:
                    e3:d5:ac:4d:22:a8:37:d3:6f:18:7e:d6:43:d0:67:
                    d9:db:a1:30:c1:ed:30:06:98:5d:fa:78:d9:11:e3:
                    87:47:91:f1:26:96:9d:ea:ca:70:42:ca:77:25:0c:
                    6a:e4:90:2a:98:73:66:58:a1:63:9b:d5:0e:df:6e:
                    d1:5b:85:96:e4:ec:2a:91:1b:c5:87:a4:23:33:64:
                    b8:56:64:3d:bf:ee:2f:56:b1:29:26:d5:93:b4:57:
                    96:6a:91:d6:d8:0c:04:e1:46:b3:6e:af:a0:11:21:
                    17:ce:ad:7a:f0:49:c9:b3:b3:ba:92:ba:5f:97:b7:
                    96:e3:70:50:85:43:aa:6c:bf:d6:c6:bb:aa:a9:cf:
                    b7:42:2b:76:1d:0f:ff:a2:fb:9c:1a:47:8e:29:1e:
                    2e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:02:6C:1F:2F:80:5A:80:D4:99:02:BF:48:D9:AA:B1:4B:4F:FC:17
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/49802787-1c5e-4261-b97e-a7ac7d236c12.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:4f:64:51:09:49:a2:b0:f9:8c:eb:a4:85:1f:1e:4a:06:bb:
         41:40:7e:ef:12:06:a4:f8:93:d7:27:e6:ea:93:98:1d:b9:7a:
         ca:3c:8b:34:86:76:07:86:f6:ee:26:fb:4d:62:3d:9a:f5:d0:
         6b:dd:29:56:fe:dd:62:b3:45:8b:0c:ec:74:6f:8c:e5:b3:ed:
         19:9d:47:d9:1f:b0:1b:5c:46:2f:ad:34:49:0d:91:e6:e8:ae:
         ec:13:e6:bb:a7:08:0a:c4:c8:b5:8b:c7:8a:fc:a8:7e:79:d8:
         65:fa:5a:26:15:3b:53:3b:8a:fc:e5:84:92:14:2b:b8:30:57:
         67:4e:9f:2f:9e:87:2c:e5:36:52:11:bf:ca:db:13:1f:a0:61:
         80:53:31:40:56:9e:d2:6c:0a:a4:1f:ad:9a:af:29:b5:64:b4:
         e7:cb:1d:20:64:c5:9a:f8:10:b6:cd:c6:96:7c:93:1e:5c:dc:
         9d:c8:15:fa:cb:ba:47:08:76:85:fb:d7:86:c6:68:3e:cd:84:
         f9:21:f9:02:10:dd:a2:e7:b7:6f:ad:b7:db:39:9e:77:c3:9c:
         5a:bf:91:f5:ae:42:67:18:3b:b1:ff:bc:06:d5:63:ce:15:6b:
         87:0a:3c:78:75:b1:99:db:44:ad:ae:7d:de:5b:98:cc:28:69:
         7d:a8:0b:1c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL9h+ZeyO6TMox8bWQhkhk2YxcrEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE2MDAwMDAwWhcNMjMxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODRiZWExNmY1NTlkOGZjODRmOGIzNDI5ODMwMDNjZGEw
YTM0NjcwZDhlOGIzMzFiYTdjYjNkZTJiOGRmMDY5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUR5ktnnWSadhHdXvpfYhXJKVtOl4Ac7A7Gxf9/Ib8zZbn
dOjILOi9JNjy6NBmiee4TBLGuEzEjPB2hiYNS6+ofD5r0ReR9PGMxnqoLZdPUQWV
Snnjv2rBm/cvS76XxyNOAFO9xzFv/ePVrE0iqDfTbxh+1kPQZ9nboTDB7TAGmF36
eNkR44dHkfEmlp3qynBCynclDGrkkCqYc2ZYoWOb1Q7fbtFbhZbk7CqRG8WHpCMz
ZLhWZD2/7i9WsSkm1ZO0V5ZqkdbYDAThRrNur6ARIRfOrXrwScmzs7qSul+Xt5bj
cFCFQ6psv9bGu6qpz7dCK3YdD/+i+5waR44pHi4DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMgJsHy+AWoDUmQK/SNmqsUtP/BcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ5ODAyNzg3LTFjNWUtNDI2MS1iOTdlLWE3YWM3ZDIzNmMxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH9PZFEJSaKw+YzrpIUfHkoGu0FA
fu8SBqT4k9cn5uqTmB25eso8izSGdgeG9u4m+01iPZr10GvdKVb+3WKzRYsM7HRv
jOWz7RmdR9kfsBtcRi+tNEkNkeboruwT5runCArEyLWLx4r8qH552GX6WiYVO1M7
ivzlhJIUK7gwV2dOny+ehyzlNlIRv8rbEx+gYYBTMUBWntJsCqQfrZqvKbVktOfL
HSBkxZr4ELbNxpZ8kx5c3J3IFfrLukcIdoX714bGaD7NhPkh+QIQ3aLnt2+tt9s5
nnfDnFq/kfWuQmcYO7H/vAbVY84Va4cKPHh1sZnbRK2ufd5bmMwoaX2oCxw=
-----END CERTIFICATE-----