Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/49fbd2a7-f053-4d54-a11d-57b8a6c719e4.roa
File:                     49fbd2a7-f053-4d54-a11d-57b8a6c719e4.roa (raw, json)
Hash identifier:          fwHyL4EXyTzSuPk6Qxb38TTDvEuqXJvMQxZvIYUOlpE=
Subject key identifier:   32:5C:BE:5D:E8:C3:9B:64:B9:9F:BF:BB:9C:F5:51:ED:0F:C8:ED:6E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       624442D4CF5BE09BFC0B8E63FCE4EEE304A8D0BA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/49fbd2a7-f053-4d54-a11d-57b8a6c719e4.roa
Signing time:             Sat 09 Sep 2023 00:00:00 +0000
ROA not before:           Sat 09 Sep 2023 00:00:00 +0000
ROA not after:            Sat 14 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:44:42:d4:cf:5b:e0:9b:fc:0b:8e:63:fc:e4:ee:e3:04:a8:d0:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  9 00:00:00 2023 GMT
            Not After : Oct 14 23:59:59 2023 GMT
        Subject: serialNumber=1f46e25e2488379f9fb2a08d39f61e45525ac47d12f466ef058e765d3df2cb5a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1b:2b:b4:f0:be:67:6d:d3:58:26:59:7a:1a:
                    41:58:9c:ea:ad:f2:9d:2e:ec:22:00:08:0a:47:70:
                    e6:b9:56:d2:54:3c:7d:dd:ac:77:36:87:98:4f:09:
                    74:d9:e8:5e:a7:24:6f:af:fd:e9:62:32:84:2e:f0:
                    ae:71:08:87:46:65:0d:65:53:80:86:e3:a1:88:55:
                    38:5e:41:e6:d1:b3:b1:22:fb:f9:fd:60:68:99:15:
                    5a:03:ac:a2:ed:91:70:4b:90:1e:8e:1d:f0:81:bb:
                    85:d7:71:f4:6c:40:9b:38:b5:c2:7a:33:c8:b4:79:
                    31:7d:46:c3:4c:18:10:0b:15:68:82:5b:ad:99:21:
                    ec:d7:8b:da:83:dd:48:b6:cc:b1:0a:04:71:34:df:
                    c3:fb:77:1d:1e:3b:14:ae:ee:05:be:b9:ce:5d:2c:
                    15:30:38:4a:83:0b:1a:1c:80:5e:5b:19:1b:77:df:
                    dc:0b:99:9b:a1:50:1d:6f:05:fa:97:1b:0f:18:e5:
                    eb:88:d6:56:f4:33:24:75:4a:18:f5:74:5e:6d:b9:
                    d5:69:a4:cd:ae:b6:0e:34:3f:06:8a:af:f5:04:ea:
                    fc:f2:54:ab:51:c6:e6:b3:9b:33:9e:c7:d2:4e:c5:
                    94:b7:1e:42:78:bc:36:8f:4e:97:55:8b:a1:a4:83:
                    97:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:5C:BE:5D:E8:C3:9B:64:B9:9F:BF:BB:9C:F5:51:ED:0F:C8:ED:6E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/49fbd2a7-f053-4d54-a11d-57b8a6c719e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:0e:23:70:99:00:d0:02:f5:ec:c3:89:d8:a8:0f:4a:1d:29:
         4c:39:2a:81:62:88:b3:2b:fe:7f:d3:e5:ea:48:e3:b0:58:d0:
         32:ca:75:a7:63:57:df:73:c7:42:39:87:a4:e3:e4:48:ae:2c:
         c9:7b:7a:5e:1a:f5:73:f0:4b:70:66:d2:dd:1b:27:94:d3:58:
         89:4a:62:9b:2b:86:35:ac:d5:73:8e:77:ab:44:dc:49:87:f9:
         bb:d2:80:73:27:5a:fc:b2:15:71:83:ad:91:0f:9e:a3:a6:1f:
         2f:62:a3:19:60:e0:b1:2f:d9:a2:0d:a0:5b:f6:14:e1:d9:b0:
         c4:75:35:87:5f:5b:f7:6b:d4:fd:57:a9:12:07:fb:05:d7:79:
         af:f0:83:c5:34:92:43:c4:bf:90:35:4d:d2:73:1c:07:14:59:
         ff:11:90:bc:c6:69:ea:4c:a8:06:1b:0e:bc:a6:28:3e:e8:c7:
         1c:74:1a:bb:49:33:c2:6e:dd:a4:f7:d7:a5:3b:15:c1:a1:31:
         91:60:8c:01:e4:ae:59:cd:08:eb:ea:2b:a3:01:0f:9a:5c:09:
         08:a3:98:58:59:02:77:19:0c:38:91:65:0f:b3:4c:37:5b:ad:
         6f:9d:f9:b3:0c:66:1e:0f:e7:2a:28:bc:97:3a:fa:3a:43:2a:
         71:6f:a6:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYkRC1M9b4Jv8C45j/OTu4wSo0LowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA5MDAwMDAwWhcNMjMxMDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZjQ2ZTI1ZTI0ODgzNzlmOWZiMmEwOGQzOWY2MWU0NTUy
NWFjNDdkMTJmNDY2ZWYwNThlNzY1ZDNkZjJjYjVhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzGyu08L5nbdNYJll6GkFYnOqt8p0u7CIACApHcOa5VtJU
PH3drHc2h5hPCXTZ6F6nJG+v/eliMoQu8K5xCIdGZQ1lU4CG46GIVTheQebRs7Ei
+/n9YGiZFVoDrKLtkXBLkB6OHfCBu4XXcfRsQJs4tcJ6M8i0eTF9RsNMGBALFWiC
W62ZIezXi9qD3Ui2zLEKBHE038P7dx0eOxSu7gW+uc5dLBUwOEqDCxocgF5bGRt3
39wLmZuhUB1vBfqXGw8Y5euI1lb0MyR1Shj1dF5tudVppM2utg40PwaKr/UE6vzy
VKtRxuazmzOex9JOxZS3HkJ4vDaPTpdVi6Gkg5ebAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMly+XejDm2S5n7+7nPVR7Q/I7W4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ5ZmJkMmE3LWYwNTMtNGQ1NC1hMTFkLTU3YjhhNmM3MTllNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFQOI3CZANAC9ezDidioD0odKUw5
KoFiiLMr/n/T5epI47BY0DLKdadjV99zx0I5h6Tj5EiuLMl7el4a9XPwS3Bm0t0b
J5TTWIlKYpsrhjWs1XOOd6tE3EmH+bvSgHMnWvyyFXGDrZEPnqOmHy9ioxlg4LEv
2aINoFv2FOHZsMR1NYdfW/dr1P1XqRIH+wXXea/wg8U0kkPEv5A1TdJzHAcUWf8R
kLzGaepMqAYbDrymKD7oxxx0GrtJM8Ju3aT316U7FcGhMZFgjAHkrlnNCOvqK6MB
D5pcCQijmFhZAncZDDiRZQ+zTDdbrW+d+bMMZh4P5yoovJc6+jpDKnFvpms=
-----END CERTIFICATE-----