Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/63e16461-198a-4f55-9125-e35f961aecfb.roa
File:                     63e16461-198a-4f55-9125-e35f961aecfb.roa (raw, json)
Hash identifier:          o2KiAnAeWqEVvTm/dnWbTdvtrAodQlOwf6IUuCOWaSs=
Subject key identifier:   F0:22:89:67:CE:8A:D6:70:4F:25:FF:71:C4:33:E7:34:78:2F:63:98
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       570CEAFB06C50CE72B75B27D3825181B46D70F68
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/63e16461-198a-4f55-9125-e35f961aecfb.roa
Signing time:             Mon 11 Sep 2023 00:00:00 +0000
ROA not before:           Mon 11 Sep 2023 00:00:00 +0000
ROA not after:            Mon 16 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:0c:ea:fb:06:c5:0c:e7:2b:75:b2:7d:38:25:18:1b:46:d7:0f:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 11 00:00:00 2023 GMT
            Not After : Oct 16 23:59:59 2023 GMT
        Subject: serialNumber=4405d2b4b04c081db3c683792c857a867632523ef475b87702e7185b35fe96ba, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d3:8b:25:56:a5:d3:32:89:1f:3e:0e:59:cb:
                    00:c8:8e:04:a5:56:25:a7:4b:20:c5:7f:82:96:4b:
                    c7:43:f2:69:e0:6f:ef:86:84:75:35:32:b0:8c:c5:
                    db:d2:d7:a0:29:57:28:58:dd:f3:2d:e6:5d:6c:32:
                    2b:bc:69:76:64:73:07:06:9c:de:db:96:d6:73:2d:
                    62:65:7e:54:fe:c8:c0:4b:7a:4f:d5:5c:76:20:b5:
                    5e:4b:fb:fb:7c:03:b6:b5:93:1a:7b:f8:83:36:54:
                    42:f7:76:e6:88:47:3b:6b:e1:7c:f4:73:16:4a:7f:
                    a0:51:3a:d6:90:6b:ab:12:58:b1:bd:02:1a:cd:3e:
                    37:6a:11:fc:79:c0:d5:c8:42:9e:d9:a1:bd:0c:0f:
                    5d:76:c0:2a:35:de:6a:14:29:ce:74:1e:1d:cd:18:
                    b0:6c:95:c5:89:7f:2a:2d:3c:44:27:94:d9:91:15:
                    94:05:48:36:ac:37:3d:0b:4f:62:2b:b0:44:48:21:
                    42:05:eb:40:71:9a:4c:47:e4:a0:98:d4:b9:4d:9d:
                    13:8d:5f:3a:8f:7b:cf:bb:fc:ec:e2:b7:76:b8:68:
                    09:1f:dc:d8:83:7c:f2:9d:a0:1f:9d:83:63:79:da:
                    c5:26:ad:c4:34:b5:84:b4:c9:41:71:4c:58:91:36:
                    a8:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:22:89:67:CE:8A:D6:70:4F:25:FF:71:C4:33:E7:34:78:2F:63:98
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/63e16461-198a-4f55-9125-e35f961aecfb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:e5:0c:fc:a9:b9:ed:1a:27:09:cd:3d:fd:50:3a:e2:fb:10:
         64:89:97:cc:a8:6c:b8:ab:91:b8:76:4a:d9:0b:70:88:8d:de:
         94:00:97:d7:55:ea:31:79:2d:f4:1a:58:a7:84:1d:53:21:47:
         c6:ca:c8:af:cd:68:40:d7:ec:24:67:c7:4e:9c:3b:22:d9:f0:
         93:71:ec:54:6b:73:39:ec:c9:37:04:20:ae:9f:b2:bd:5b:56:
         aa:26:e4:23:df:17:5f:bd:7f:95:1a:1a:0b:cf:c2:ce:82:70:
         d8:8a:c7:78:a8:e9:b9:e1:12:a1:74:4b:b9:52:d0:af:41:4f:
         5f:30:87:a0:b0:6b:da:33:71:d8:8e:a1:a1:48:86:24:00:ac:
         22:c1:f3:67:74:cb:86:33:5f:93:df:2e:19:63:c6:f0:35:02:
         2c:a5:19:c5:40:82:97:27:b7:7f:6b:dc:00:d3:05:f4:b4:84:
         55:8d:5b:ae:36:99:74:c1:98:f3:ab:4b:da:d3:66:c1:c9:ae:
         0e:58:f1:61:31:f2:d5:a7:01:49:df:80:97:28:12:fc:2a:6c:
         10:cd:8a:5a:3f:3b:97:2f:b4:cc:89:4b:2c:44:e6:31:d0:fa:
         f5:3c:d2:3c:a0:1a:f3:d4:d8:a3:2f:28:64:4a:42:8c:99:55:
         96:ee:05:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVwzq+wbFDOcrdbJ9OCUYG0bXD2gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTExMDAwMDAwWhcNMjMxMDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NDA1ZDJiNGIwNGMwODFkYjNjNjgzNzkyYzg1N2E4Njc2
MzI1MjNlZjQ3NWI4NzcwMmU3MTg1YjM1ZmU5NmJhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCj04slVqXTMokfPg5ZywDIjgSlViWnSyDFf4KWS8dD8mng
b++GhHU1MrCMxdvS16ApVyhY3fMt5l1sMiu8aXZkcwcGnN7bltZzLWJlflT+yMBL
ek/VXHYgtV5L+/t8A7a1kxp7+IM2VEL3duaIRztr4Xz0cxZKf6BROtaQa6sSWLG9
AhrNPjdqEfx5wNXIQp7Zob0MD112wCo13moUKc50Hh3NGLBslcWJfyotPEQnlNmR
FZQFSDasNz0LT2IrsERIIUIF60BxmkxH5KCY1LlNnRONXzqPe8+7/Ozit3a4aAkf
3NiDfPKdoB+dg2N52sUmrcQ0tYS0yUFxTFiRNqh7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8CKJZ86K1nBPJf9xxDPnNHgvY5gwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYzZTE2NDYxLTE5OGEtNGY1NS05MTI1LWUzNWY5NjFhZWNmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADjlDPypue0aJwnNPf1QOuL7EGSJ
l8yobLirkbh2StkLcIiN3pQAl9dV6jF5LfQaWKeEHVMhR8bKyK/NaEDX7CRnx06c
OyLZ8JNx7FRrcznsyTcEIK6fsr1bVqom5CPfF1+9f5UaGgvPws6CcNiKx3io6bnh
EqF0S7lS0K9BT18wh6Cwa9ozcdiOoaFIhiQArCLB82d0y4YzX5PfLhljxvA1Aiyl
GcVAgpcnt39r3ADTBfS0hFWNW642mXTBmPOrS9rTZsHJrg5Y8WEx8tWnAUnfgJco
EvwqbBDNilo/O5cvtMyJSyxE5jHQ+vU80jygGvPU2KMvKGRKQoyZVZbuBSc=
-----END CERTIFICATE-----