Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5edd0954-f803-4d07-b292-66252268531f.roa
File:                     5edd0954-f803-4d07-b292-66252268531f.roa (raw, json)
Hash identifier:          J/Bb/t1jRFY/JZB4jIRaAQct6x0CzvdWx9RTQB0L1mw=
Subject key identifier:   9D:98:A9:DC:19:34:6D:27:90:A2:6A:B9:3C:C3:1A:93:95:11:7F:85
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       47D59EFFE32A81D98B70A59868F9C858B83F7204
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5edd0954-f803-4d07-b292-66252268531f.roa
Signing time:             Tue 17 Oct 2023 00:00:00 +0000
ROA not before:           Tue 17 Oct 2023 00:00:00 +0000
ROA not after:            Tue 21 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:d5:9e:ff:e3:2a:81:d9:8b:70:a5:98:68:f9:c8:58:b8:3f:72:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 17 00:00:00 2023 GMT
            Not After : Nov 21 23:59:59 2023 GMT
        Subject: serialNumber=1f8904d4d46b4e20bbfcc97c5042a8f7c6631cb6c05a49cc45a967dc9d98de8f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:0d:20:a2:42:20:62:d9:53:f4:43:f8:85:57:
                    7d:32:55:f6:24:18:b6:62:9f:e2:d3:60:a0:02:91:
                    6e:96:46:ec:34:cf:37:86:f0:0b:79:33:6b:31:00:
                    29:3a:df:05:63:e1:23:6f:27:77:f9:f9:e7:01:9a:
                    6e:ec:a9:ee:65:6d:d3:0d:dc:08:59:91:0d:bf:6b:
                    5b:4e:3f:34:ca:20:ea:dd:a2:58:4d:b5:14:ed:11:
                    7d:52:15:10:e7:88:4d:8a:70:45:2c:35:d8:b3:78:
                    45:c8:6c:74:ef:88:01:27:c7:8f:97:81:d4:05:f4:
                    03:ce:fa:94:cf:27:a2:b0:87:6e:0d:ca:a6:27:18:
                    4b:09:fc:fd:f5:40:ec:17:e8:54:7f:1c:10:ee:0c:
                    2a:5d:98:bd:bc:85:e7:66:7e:e0:bf:9e:a3:27:c0:
                    1b:ec:f9:c9:4a:7b:f6:be:25:ec:5d:5f:9c:c1:e7:
                    6a:63:cd:0f:3b:a6:70:df:62:7e:e5:45:05:57:59:
                    b2:bb:2e:98:e1:2f:da:64:f1:9a:c8:19:e1:3e:b6:
                    38:67:9e:bc:98:cf:95:c9:96:60:5b:dd:28:79:dc:
                    c6:04:12:7f:2b:e4:66:2f:fb:6c:2b:f8:6a:e2:57:
                    b1:38:45:5f:0d:d3:7f:f9:3e:53:ee:97:26:a2:81:
                    d0:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:98:A9:DC:19:34:6D:27:90:A2:6A:B9:3C:C3:1A:93:95:11:7F:85
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5edd0954-f803-4d07-b292-66252268531f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:cc:10:b2:ca:f4:bb:b7:50:31:8d:b7:6b:e3:31:ee:af:72:
         a1:54:19:12:eb:7b:34:30:25:84:b2:e3:41:21:ea:cb:0e:9a:
         0a:3e:e0:67:f2:40:8f:08:74:52:c7:28:85:c7:d0:30:9e:bc:
         94:ab:e5:f1:4c:54:c1:f5:54:46:22:1b:88:a2:19:84:77:37:
         a2:1b:da:18:40:14:25:46:b7:b6:d2:f1:bc:25:00:22:ac:7c:
         e2:27:64:9a:d0:e0:72:cd:74:98:84:fb:bb:ed:b1:1e:bb:78:
         2f:2b:1e:ed:c4:9e:ac:6f:09:f5:92:4f:30:36:86:06:fe:a9:
         f8:5b:06:e6:75:87:81:34:7a:b9:cf:a6:d5:77:55:1f:87:cf:
         9c:aa:b5:34:94:7e:b5:8c:d8:e2:77:ee:a2:95:18:db:b3:f7:
         93:a2:06:e5:ec:53:71:d0:d4:23:83:2d:bc:ba:ad:2a:b2:51:
         d4:4e:25:17:53:6f:35:04:62:81:8d:7c:48:4a:bf:e2:a1:47:
         2a:41:78:a7:0d:19:52:65:4e:97:50:47:8a:e9:26:ce:cb:de:
         6e:7b:48:5b:a2:84:5f:90:1c:e6:17:6c:03:28:1a:e0:2e:d1:
         93:e3:88:31:1a:eb:e4:0b:a5:c9:fa:0a:fa:2d:5c:42:80:6c:
         a8:01:c9:a4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR9We/+MqgdmLcKWYaPnIWLg/cgQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE3MDAwMDAwWhcNMjMxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZjg5MDRkNGQ0NmI0ZTIwYmJmY2M5N2M1MDQyYThmN2M2
NjMxY2I2YzA1YTQ5Y2M0NWE5NjdkYzlkOThkZThmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJDSCiQiBi2VP0Q/iFV30yVfYkGLZin+LTYKACkW6WRuw0
zzeG8At5M2sxACk63wVj4SNvJ3f5+ecBmm7sqe5lbdMN3AhZkQ2/a1tOPzTKIOrd
olhNtRTtEX1SFRDniE2KcEUsNdizeEXIbHTviAEnx4+XgdQF9APO+pTPJ6Kwh24N
yqYnGEsJ/P31QOwX6FR/HBDuDCpdmL28hedmfuC/nqMnwBvs+clKe/a+JexdX5zB
52pjzQ87pnDfYn7lRQVXWbK7LpjhL9pk8ZrIGeE+tjhnnryYz5XJlmBb3Sh53MYE
En8r5GYv+2wr+GriV7E4RV8N03/5PlPulyaigdA3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnZip3Bk0bSeQomq5PMMak5URf4UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVlZGQwOTU0LWY4MDMtNGQwNy1iMjkyLTY2MjUyMjY4NTMxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJjMELLK9Lu3UDGNt2vjMe6vcqFU
GRLrezQwJYSy40Eh6ssOmgo+4GfyQI8IdFLHKIXH0DCevJSr5fFMVMH1VEYiG4ii
GYR3N6Ib2hhAFCVGt7bS8bwlACKsfOInZJrQ4HLNdJiE+7vtsR67eC8rHu3Enqxv
CfWSTzA2hgb+qfhbBuZ1h4E0ernPptV3VR+Hz5yqtTSUfrWM2OJ37qKVGNuz95Oi
BuXsU3HQ1CODLby6rSqyUdROJRdTbzUEYoGNfEhKv+KhRypBeKcNGVJlTpdQR4rp
Js7L3m57SFuihF+QHOYXbAMoGuAu0ZPjiDEa6+QLpcn6CvotXEKAbKgByaQ=
-----END CERTIFICATE-----