Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/55e9d8b8-37e0-4abd-b864-af1c6e5816f8.roa
File:                     55e9d8b8-37e0-4abd-b864-af1c6e5816f8.roa (raw, json)
Hash identifier:          L5ZN/efKzYL2oYaZcjhARBYjb6Ge0mIqXPQH6v+hO/A=
Subject key identifier:   83:59:33:90:08:49:71:67:4A:73:57:63:30:E3:01:EE:AD:51:09:A8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5E8F2541D5BC3A5D095BA1F0B2219914DC3E8DC6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/55e9d8b8-37e0-4abd-b864-af1c6e5816f8.roa
Signing time:             Thu 31 Aug 2023 00:00:00 +0000
ROA not before:           Thu 31 Aug 2023 00:00:00 +0000
ROA not after:            Thu 05 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:8f:25:41:d5:bc:3a:5d:09:5b:a1:f0:b2:21:99:14:dc:3e:8d:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 31 00:00:00 2023 GMT
            Not After : Oct  5 23:59:59 2023 GMT
        Subject: serialNumber=f94f73f1cea05ebd59bbd42515ff2fb775b5fa157bb47f86b8c8a883b46cf644, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:c8:25:68:4f:55:3d:88:cd:af:93:59:7c:45:
                    b0:5e:85:16:a5:48:e5:28:eb:ee:d7:82:86:41:a7:
                    f0:89:29:4e:91:af:2f:4f:32:db:12:3b:3a:19:e6:
                    a7:bc:d4:60:e6:6d:f4:da:b2:d8:a2:2e:18:10:b1:
                    9f:bf:c2:19:f0:f8:a6:5e:5a:8f:a0:d1:4c:59:f8:
                    78:e0:f1:27:62:6e:2c:86:4a:d7:83:4c:44:c0:40:
                    de:d1:05:c8:61:a6:09:a2:d4:8d:93:75:9c:b8:eb:
                    14:39:41:10:7d:10:50:92:e7:c3:2e:26:b6:ad:cf:
                    3a:e8:77:b8:df:cf:a0:ae:4a:08:23:b2:ca:e0:44:
                    c5:ef:8f:d9:23:05:86:48:31:f8:ac:0a:94:a4:53:
                    f7:0d:f0:ac:3d:a7:f1:a5:1e:4a:63:a3:c4:e8:f4:
                    49:d0:38:77:eb:4d:4a:d4:ab:34:72:e0:8c:23:a6:
                    ae:db:98:aa:98:76:b6:25:84:2d:91:9c:8c:a5:f2:
                    15:95:37:e5:06:72:65:57:42:71:31:ae:04:3d:bb:
                    44:2b:37:3b:c6:55:e4:e8:34:3b:79:d6:b6:8a:bd:
                    08:46:25:27:bf:b3:e9:79:8d:c9:49:77:28:57:81:
                    8b:1a:56:94:8d:a4:50:1f:03:dc:c9:96:e7:54:76:
                    c6:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:59:33:90:08:49:71:67:4A:73:57:63:30:E3:01:EE:AD:51:09:A8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/55e9d8b8-37e0-4abd-b864-af1c6e5816f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:69:95:71:f2:1c:9c:80:28:e6:a5:9c:81:25:f3:04:69:de:
         41:b5:a1:a1:82:26:ef:aa:eb:33:42:e0:65:87:f8:8f:11:f1:
         d2:d1:72:ed:5b:e0:17:1b:ef:5f:60:3c:cc:72:f9:34:ad:7f:
         00:37:a4:42:24:e8:55:0f:c4:37:1b:94:4f:51:d5:ca:fb:1f:
         e3:29:8e:8d:ab:5d:c6:c5:3f:5f:d0:31:fa:b4:9d:91:dc:b9:
         8c:2c:70:b0:fb:18:5e:b8:b0:37:6d:19:fa:d2:5d:c3:00:25:
         2d:69:af:5b:c9:5d:8f:d1:a4:0a:94:77:d8:24:b0:0a:cd:e7:
         cf:e2:d3:b2:66:17:ac:57:1e:3e:49:db:6e:7c:43:58:e2:0f:
         b9:55:25:43:c2:b3:b9:38:73:49:dd:00:16:1d:a7:e5:fa:ca:
         de:9c:03:3d:c6:5d:36:43:d4:36:0e:b2:d4:6a:74:5e:9c:46:
         61:66:8e:5c:b8:18:4f:c9:8b:47:e6:91:9e:2a:a2:ed:db:f2:
         ed:84:31:70:d1:cd:89:ec:e7:88:1e:36:79:2a:1a:aa:b2:92:
         45:6d:2b:c5:ed:57:f5:77:c5:9d:46:e6:ef:7d:35:0e:b0:32:
         94:72:ae:a6:0e:70:62:17:3e:fb:b8:d8:83:c8:01:c0:2a:c1:
         d7:e2:03:36
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXo8lQdW8Ol0JW6HwsiGZFNw+jcYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODMxMDAwMDAwWhcNMjMxMDA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmOTRmNzNmMWNlYTA1ZWJkNTliYmQ0MjUxNWZmMmZiNzc1
YjVmYTE1N2JiNDdmODZiOGM4YTg4M2I0NmNmNjQ0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpyCVoT1U9iM2vk1l8RbBehRalSOUo6+7XgoZBp/CJKU6R
ry9PMtsSOzoZ5qe81GDmbfTastiiLhgQsZ+/whnw+KZeWo+g0UxZ+Hjg8SdibiyG
SteDTETAQN7RBchhpgmi1I2TdZy46xQ5QRB9EFCS58MuJratzzrod7jfz6CuSggj
ssrgRMXvj9kjBYZIMfisCpSkU/cN8Kw9p/GlHkpjo8To9EnQOHfrTUrUqzRy4Iwj
pq7bmKqYdrYlhC2RnIyl8hWVN+UGcmVXQnExrgQ9u0QrNzvGVeToNDt51raKvQhG
JSe/s+l5jclJdyhXgYsaVpSNpFAfA9zJludUdsYzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUg1kzkAhJcWdKc1djMOMB7q1RCagwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU1ZTlkOGI4LTM3ZTAtNGFiZC1iODY0LWFmMWM2ZTU4MTZmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIBplXHyHJyAKOalnIEl8wRp3kG1
oaGCJu+q6zNC4GWH+I8R8dLRcu1b4Bcb719gPMxy+TStfwA3pEIk6FUPxDcblE9R
1cr7H+Mpjo2rXcbFP1/QMfq0nZHcuYwscLD7GF64sDdtGfrSXcMAJS1pr1vJXY/R
pAqUd9gksArN58/i07JmF6xXHj5J2258Q1jiD7lVJUPCs7k4c0ndABYdp+X6yt6c
Az3GXTZD1DYOstRqdF6cRmFmjly4GE/Ji0fmkZ4qou3b8u2EMXDRzYns54geNnkq
GqqykkVtK8XtV/V3xZ1G5u99NQ6wMpRyrqYOcGIXPvu42IPIAcAqwdfiAzY=
-----END CERTIFICATE-----