Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54948488-b912-45ed-baec-36147f21e383.roa
File:                     54948488-b912-45ed-baec-36147f21e383.roa (raw, json)
Hash identifier:          wXEJdh8kXJh3poBTtyF/zyJrnDT/+H52helu/prGltQ=
Subject key identifier:   B8:F7:EF:C2:85:C6:4B:26:BE:29:0F:28:2B:C3:82:56:1A:71:CA:3E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5CED16C8AAC8DB76FD5DC2BEF24C17AA3D90D0C4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54948488-b912-45ed-baec-36147f21e383.roa
Signing time:             Wed 20 Sep 2023 00:00:00 +0000
ROA not before:           Wed 20 Sep 2023 00:00:00 +0000
ROA not after:            Wed 25 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:ed:16:c8:aa:c8:db:76:fd:5d:c2:be:f2:4c:17:aa:3d:90:d0:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 20 00:00:00 2023 GMT
            Not After : Oct 25 23:59:59 2023 GMT
        Subject: serialNumber=1f63c44c9c6fe910f54facb3b8b7cc4e33a59736a0a08121eddbf0a1f6d88097, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7a:be:e8:04:1d:bc:67:1d:77:0a:a7:bf:43:
                    ce:c7:1b:10:3f:10:34:41:eb:2a:c0:bd:36:7a:f9:
                    57:d8:15:8e:b0:ad:97:fa:98:9c:2f:5d:34:83:1e:
                    2b:32:5e:52:c8:9a:6b:97:b6:0b:d4:30:f3:e4:68:
                    dc:0b:c2:ac:d7:19:c5:20:07:b9:6c:22:69:41:ae:
                    2f:8b:a6:19:0a:a6:94:60:88:af:ef:58:ab:f8:39:
                    45:5c:c3:35:72:1e:00:f3:8b:c0:e4:a1:b1:33:38:
                    34:d0:53:60:54:91:96:a4:ee:70:bf:ed:3b:b3:4d:
                    aa:21:eb:82:6b:86:9f:86:e5:aa:18:5f:c6:cc:2f:
                    96:6d:08:75:42:16:7e:c4:9e:1f:d3:5b:0c:b0:29:
                    17:20:06:86:ac:5b:73:be:73:00:f0:37:f0:0c:18:
                    84:99:52:96:9a:79:a2:aa:6b:a2:a9:42:b8:f6:ab:
                    bb:7d:51:36:61:fc:a9:89:5d:e3:4d:e3:9d:d4:00:
                    bd:42:e3:28:ff:89:d5:32:3b:29:a5:42:a2:7e:8a:
                    6f:ce:18:be:bf:7a:c6:0f:c7:9b:2e:61:83:5b:64:
                    97:2c:58:08:d1:64:86:e2:73:e3:40:01:41:74:45:
                    32:07:f6:f6:04:99:44:3e:fe:85:27:a6:24:eb:92:
                    6a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:F7:EF:C2:85:C6:4B:26:BE:29:0F:28:2B:C3:82:56:1A:71:CA:3E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54948488-b912-45ed-baec-36147f21e383.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:b3:a4:53:50:76:31:56:2a:89:9a:c3:ed:34:41:55:0d:e7:
         8c:98:d7:43:8b:9b:0a:d0:bc:54:b1:67:9d:41:90:ad:9a:f3:
         cc:54:48:dd:68:ba:75:f0:c4:95:72:9a:c2:17:b7:e2:a1:29:
         e6:e3:d0:05:55:4f:45:70:f8:26:ce:64:36:a9:04:cf:5c:ef:
         9c:6b:0f:49:b0:db:de:51:32:b3:ca:13:26:80:e6:6a:53:85:
         1b:4a:12:7a:b9:ba:bc:dd:5b:cd:ea:24:3a:72:77:4b:9f:e2:
         ee:70:b1:23:2e:c6:9d:21:dd:40:31:3a:59:c0:4a:c6:93:bd:
         08:2a:a0:75:aa:d8:07:75:79:61:70:56:48:18:4c:41:30:7c:
         32:8a:dd:90:e9:44:6d:da:0e:be:09:54:a4:e5:c7:08:9d:91:
         ce:9b:e5:a1:5e:1a:1e:51:1c:80:83:93:7f:c0:bb:14:58:1c:
         46:a4:ad:2b:72:f9:a2:db:20:f6:28:0c:d6:46:a5:79:fb:28:
         84:dc:68:50:35:1e:b3:30:ca:4e:14:af:60:c1:69:58:49:d9:
         dc:79:03:54:11:f4:bf:cf:eb:bc:75:4d:dc:8a:f5:51:98:d0:
         18:92:8a:b7:8c:0b:49:26:34:62:ec:97:c4:7f:31:79:a7:60:
         0f:1d:06:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXO0WyKrI23b9XcK+8kwXqj2Q0MQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIwMDAwMDAwWhcNMjMxMDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZjYzYzQ0YzljNmZlOTEwZjU0ZmFjYjNiOGI3Y2M0ZTMz
YTU5NzM2YTBhMDgxMjFlZGRiZjBhMWY2ZDg4MDk3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSer7oBB28Zx13Cqe/Q87HGxA/EDRB6yrAvTZ6+VfYFY6w
rZf6mJwvXTSDHisyXlLImmuXtgvUMPPkaNwLwqzXGcUgB7lsImlBri+LphkKppRg
iK/vWKv4OUVcwzVyHgDzi8DkobEzODTQU2BUkZak7nC/7TuzTaoh64Jrhp+G5aoY
X8bML5ZtCHVCFn7Enh/TWwywKRcgBoasW3O+cwDwN/AMGISZUpaaeaKqa6KpQrj2
q7t9UTZh/KmJXeNN453UAL1C4yj/idUyOymlQqJ+im/OGL6/esYPx5suYYNbZJcs
WAjRZIbic+NAAUF0RTIH9vYEmUQ+/oUnpiTrkmpbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuPfvwoXGSya+KQ8oK8OCVhpxyj4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU0OTQ4NDg4LWI5MTItNDVlZC1iYWVjLTM2MTQ3ZjIxZTM4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAqzpFNQdjFWKomaw+00QVUN54yY
10OLmwrQvFSxZ51BkK2a88xUSN1ounXwxJVymsIXt+KhKebj0AVVT0Vw+CbOZDap
BM9c75xrD0mw295RMrPKEyaA5mpThRtKEnq5urzdW83qJDpyd0uf4u5wsSMuxp0h
3UAxOlnASsaTvQgqoHWq2Ad1eWFwVkgYTEEwfDKK3ZDpRG3aDr4JVKTlxwidkc6b
5aFeGh5RHICDk3/AuxRYHEakrSty+aLbIPYoDNZGpXn7KITcaFA1HrMwyk4Ur2DB
aVhJ2dx5A1QR9L/P67x1TdyK9VGY0BiSireMC0kmNGLsl8R/MXmnYA8dBgg=
-----END CERTIFICATE-----