Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4a9e55cb-9c2b-4197-b136-77e3cbc1981c.roa
File:                     4a9e55cb-9c2b-4197-b136-77e3cbc1981c.roa (raw, json)
Hash identifier:          9kN186IgchUJWT4FZXU5z3BkSL9o44NGidOm96D7aEM=
Subject key identifier:   2E:68:78:B0:95:D0:06:B1:AA:FE:AD:55:CB:37:F2:2D:AF:97:2F:C3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3D6F7285AD8C113B92B5FCA0A4C365C6CCEB3BB6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4a9e55cb-9c2b-4197-b136-77e3cbc1981c.roa
Signing time:             Mon 16 Oct 2023 00:00:00 +0000
ROA not before:           Mon 16 Oct 2023 00:00:00 +0000
ROA not after:            Mon 20 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:6f:72:85:ad:8c:11:3b:92:b5:fc:a0:a4:c3:65:c6:cc:eb:3b:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 16 00:00:00 2023 GMT
            Not After : Nov 20 23:59:59 2023 GMT
        Subject: serialNumber=6014cfc75cfd3d0d0528517394d4b03b8b277e60409ae1f35f3531c71f3fe566, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f7:f8:fa:0f:60:7b:35:29:cc:d8:9f:d8:90:
                    6f:ce:9b:56:c4:bb:0c:28:b9:66:08:83:ca:57:20:
                    c7:a3:1a:03:65:3a:b3:40:f3:10:3a:de:fc:2f:34:
                    75:33:33:55:a5:9e:4f:cf:54:c9:61:fd:3c:3b:55:
                    61:27:7e:79:9a:ab:4a:9d:19:4a:12:9a:99:40:64:
                    ed:17:cd:db:21:db:a9:a9:8b:f8:10:fd:81:57:63:
                    0f:5f:aa:20:e3:40:f8:88:33:d5:4b:76:cb:76:73:
                    c8:6e:84:3e:f3:98:05:31:f4:4a:18:79:49:61:95:
                    fd:c4:dd:19:89:b8:21:8f:9d:84:fe:ec:b1:7f:a3:
                    2e:4b:e1:25:2c:ac:62:6e:92:51:1a:4e:91:83:20:
                    5f:d3:ac:89:47:68:83:da:96:60:dd:7c:62:0c:a6:
                    6b:e4:09:e0:4f:37:91:74:40:58:73:2c:a6:06:2f:
                    fd:1f:46:15:1d:f3:e1:81:90:0e:73:0d:c6:d8:0f:
                    83:f2:df:c4:08:b2:44:f8:fb:7e:3a:53:70:a5:61:
                    75:97:c4:8e:23:69:f4:d7:80:61:15:93:71:08:c1:
                    55:bb:c3:87:07:17:69:00:ad:fb:e4:09:af:03:fe:
                    6b:ec:12:6a:64:8a:85:bf:36:fd:24:9f:60:bd:ee:
                    ce:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:68:78:B0:95:D0:06:B1:AA:FE:AD:55:CB:37:F2:2D:AF:97:2F:C3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4a9e55cb-9c2b-4197-b136-77e3cbc1981c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:b3:ed:bc:73:64:27:b4:87:e9:46:d9:2e:30:b0:ae:06:45:
         40:75:c0:c6:1d:4d:1c:54:cf:d3:6b:10:0f:fd:39:b0:78:ed:
         9f:f7:45:c3:dc:73:5d:ed:97:8e:28:34:28:9f:c3:ca:23:49:
         2e:3f:27:b3:d2:03:0c:45:08:6b:fd:d7:b9:21:66:58:ca:a4:
         e0:b4:1a:28:5a:92:80:e8:4d:9a:df:54:5f:5d:8f:7d:b0:e4:
         95:de:71:f3:e7:fb:e7:c1:fc:68:13:52:49:0c:a0:f3:d5:ba:
         55:2d:62:7b:79:6e:ad:e0:e5:fa:6c:7a:f7:3f:1c:c1:0b:98:
         b2:40:8b:f2:17:8e:75:b5:6f:f9:b7:38:eb:e3:32:e0:c3:8d:
         68:c4:cd:dc:a0:e3:6d:cc:24:0d:0b:a5:61:3a:8f:52:8f:5f:
         51:fb:55:21:a1:36:6c:a3:39:b7:0b:ae:ae:8d:d1:af:a7:87:
         f7:25:17:3f:d7:d6:49:c8:9d:9d:72:7a:78:2b:eb:aa:0a:94:
         0a:12:1d:cd:dd:a2:11:36:e3:63:50:fd:31:60:21:9d:fc:35:
         f7:ab:44:ea:cb:c5:d1:b4:15:8b:3b:76:6b:5a:52:21:82:03:
         bb:89:99:a2:cd:95:48:65:8f:36:e9:40:9a:a8:8f:cb:47:3a:
         e6:72:0b:8b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPW9yha2METuStfygpMNlxszrO7YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE2MDAwMDAwWhcNMjMxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDE0Y2ZjNzVjZmQzZDBkMDUyODUxNzM5NGQ0YjAzYjhi
Mjc3ZTYwNDA5YWUxZjM1ZjM1MzFjNzFmM2ZlNTY2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCU9/j6D2B7NSnM2J/YkG/Om1bEuwwouWYIg8pXIMejGgNl
OrNA8xA63vwvNHUzM1Wlnk/PVMlh/Tw7VWEnfnmaq0qdGUoSmplAZO0Xzdsh26mp
i/gQ/YFXYw9fqiDjQPiIM9VLdst2c8huhD7zmAUx9EoYeUlhlf3E3RmJuCGPnYT+
7LF/oy5L4SUsrGJuklEaTpGDIF/TrIlHaIPalmDdfGIMpmvkCeBPN5F0QFhzLKYG
L/0fRhUd8+GBkA5zDcbYD4Py38QIskT4+346U3ClYXWXxI4jafTXgGEVk3EIwVW7
w4cHF2kArfvkCa8D/mvsEmpkioW/Nv0kn2C97s6TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULmh4sJXQBrGq/q1VyzfyLa+XL8MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRhOWU1NWNiLTljMmItNDE5Ny1iMTM2LTc3ZTNjYmMxOTgxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHOz7bxzZCe0h+lG2S4wsK4GRUB1
wMYdTRxUz9NrEA/9ObB47Z/3RcPcc13tl44oNCifw8ojSS4/J7PSAwxFCGv917kh
ZljKpOC0GihakoDoTZrfVF9dj32w5JXecfPn++fB/GgTUkkMoPPVulUtYnt5bq3g
5fpsevc/HMELmLJAi/IXjnW1b/m3OOvjMuDDjWjEzdyg423MJA0LpWE6j1KPX1H7
VSGhNmyjObcLrq6N0a+nh/clFz/X1knInZ1yengr66oKlAoSHc3dohE242NQ/TFg
IZ38NferROrLxdG0FYs7dmtaUiGCA7uJmaLNlUhljzbpQJqoj8tHOuZyC4s=
-----END CERTIFICATE-----