Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5b6b8587-5e1d-4bef-939b-a0463b7f3e6e.roa
File:                     5b6b8587-5e1d-4bef-939b-a0463b7f3e6e.roa (raw, json)
Hash identifier:          basf/MWFy4d2W4IshF2cA5iZaR3q0kayM47KhkzTC78=
Subject key identifier:   AC:17:69:BD:F0:E7:49:1E:41:75:1E:D8:5F:9D:F8:BC:45:76:F3:6B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3377385D3460F44FD99427E1F052850E7DD6D735
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5b6b8587-5e1d-4bef-939b-a0463b7f3e6e.roa
Signing time:             Sun 15 Oct 2023 00:00:00 +0000
ROA not before:           Sun 15 Oct 2023 00:00:00 +0000
ROA not after:            Sun 19 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:77:38:5d:34:60:f4:4f:d9:94:27:e1:f0:52:85:0e:7d:d6:d7:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 15 00:00:00 2023 GMT
            Not After : Nov 19 23:59:59 2023 GMT
        Subject: serialNumber=b5b1e0180d0fd83cb0e07829c2343cdb59e24c8e4e89827fd0d1b6d9738ee439, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:27:ab:78:86:a1:79:b7:fd:37:9a:c6:91:18:
                    5b:87:f4:1d:fe:90:e7:60:4f:c4:85:57:5c:30:76:
                    4f:b5:cb:0f:a5:47:ba:69:b2:c5:56:cf:fc:90:d2:
                    52:b1:07:c5:86:8b:9b:85:6c:c5:8c:eb:8e:f3:fb:
                    ff:90:8d:e4:46:f6:8e:08:f9:5b:c9:49:93:42:dd:
                    98:bb:fd:6c:28:98:85:67:9c:6c:03:5d:4e:13:97:
                    fb:3b:2a:14:4b:ae:10:ca:4f:5b:10:72:33:51:51:
                    09:58:e3:5c:f7:e8:ba:2b:bb:7d:6a:11:4f:7c:ec:
                    74:b7:d7:df:02:ce:1e:58:76:9d:66:8c:75:2e:0c:
                    e9:27:8c:6e:c5:22:78:54:5d:82:9e:8c:e8:72:5f:
                    08:41:29:ae:d1:35:a8:65:16:59:52:80:f2:3e:96:
                    d0:a8:53:71:70:c8:5b:17:f9:87:16:91:ad:f1:e0:
                    b2:26:cf:d3:c9:e2:e9:b6:85:75:18:5e:1c:37:72:
                    9f:d1:a5:67:85:a8:d3:08:6f:4f:47:ac:9f:6a:7e:
                    13:84:c8:b7:2d:e1:54:a7:5e:61:7a:4b:9e:2e:ad:
                    4a:74:cf:0e:30:8a:85:7d:76:61:12:74:1e:c2:02:
                    07:e6:b3:52:79:e3:dc:79:cc:0c:23:43:86:54:db:
                    44:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:17:69:BD:F0:E7:49:1E:41:75:1E:D8:5F:9D:F8:BC:45:76:F3:6B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5b6b8587-5e1d-4bef-939b-a0463b7f3e6e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:4c:7f:d9:7e:6d:85:c0:a8:6f:07:11:8d:aa:a6:a4:2b:aa:
         fe:0f:47:8b:33:24:ed:78:c6:83:49:95:03:5c:9e:c2:57:64:
         2a:4e:7a:dd:61:3e:d0:ed:2a:1f:6c:e0:37:b8:5a:52:54:62:
         70:63:d0:37:20:06:81:38:03:d1:94:5b:b8:60:dc:57:30:9c:
         ef:c9:3b:36:8c:8d:35:ef:57:0e:71:da:92:f4:15:ad:66:42:
         13:19:6c:d0:d1:f0:52:b5:81:9f:02:e4:5a:71:56:9c:88:7a:
         68:43:fe:f1:7f:78:7c:e7:29:f5:ae:49:61:d0:89:9f:e1:04:
         53:08:f6:fd:17:dc:95:b0:b9:4c:17:ee:48:4d:48:b1:ef:c5:
         84:c3:f9:4b:95:02:42:4f:28:c7:8c:af:08:c0:b2:d5:2a:8c:
         c7:bb:c0:85:d0:25:1b:13:93:9a:31:c8:91:87:08:a0:14:f8:
         42:01:c4:a1:5d:49:18:fa:ea:78:77:ee:73:0e:2d:11:a0:40:
         9c:65:be:a2:96:51:48:0d:8f:ad:45:6b:c3:2d:39:ae:81:e2:
         f2:68:62:f9:5e:1c:e7:00:93:f5:6e:e2:f5:2a:04:0f:cb:ba:
         13:08:93:2c:91:5d:e7:d3:d5:94:94:a4:3f:04:82:8f:6d:83:
         48:3d:68:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM3c4XTRg9E/ZlCfh8FKFDn3W1zUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE1MDAwMDAwWhcNMjMxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNWIxZTAxODBkMGZkODNjYjBlMDc4MjljMjM0M2NkYjU5
ZTI0YzhlNGU4OTgyN2ZkMGQxYjZkOTczOGVlNDM5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvJ6t4hqF5t/03msaRGFuH9B3+kOdgT8SFV1wwdk+1yw+l
R7ppssVWz/yQ0lKxB8WGi5uFbMWM647z+/+QjeRG9o4I+VvJSZNC3Zi7/WwomIVn
nGwDXU4Tl/s7KhRLrhDKT1sQcjNRUQlY41z36Loru31qEU987HS3198Czh5Ydp1m
jHUuDOknjG7FInhUXYKejOhyXwhBKa7RNahlFllSgPI+ltCoU3FwyFsX+YcWka3x
4LImz9PJ4um2hXUYXhw3cp/RpWeFqNMIb09HrJ9qfhOEyLct4VSnXmF6S54urUp0
zw4wioV9dmESdB7CAgfms1J549x5zAwjQ4ZU20SHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrBdpvfDnSR5BdR7YX534vEV282swHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzViNmI4NTg3LTVlMWQtNGJlZi05MzliLWEwNDYzYjdmM2U2ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJNMf9l+bYXAqG8HEY2qpqQrqv4P
R4szJO14xoNJlQNcnsJXZCpOet1hPtDtKh9s4De4WlJUYnBj0DcgBoE4A9GUW7hg
3FcwnO/JOzaMjTXvVw5x2pL0Fa1mQhMZbNDR8FK1gZ8C5FpxVpyIemhD/vF/eHzn
KfWuSWHQiZ/hBFMI9v0X3JWwuUwX7khNSLHvxYTD+UuVAkJPKMeMrwjAstUqjMe7
wIXQJRsTk5oxyJGHCKAU+EIBxKFdSRj66nh37nMOLRGgQJxlvqKWUUgNj61Fa8Mt
Oa6B4vJoYvleHOcAk/Vu4vUqBA/LuhMIkyyRXefT1ZSUpD8Ego9tg0g9aB4=
-----END CERTIFICATE-----