Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/65e9253e-c307-401c-9deb-ce32ba09cb90.roa
File:                     65e9253e-c307-401c-9deb-ce32ba09cb90.roa (raw, json)
Hash identifier:          ZrJ4YgwCDXHSRzQ1+vXvIoUohd5r5HZNPvYmQiQxjEM=
Subject key identifier:   25:DE:96:62:BB:49:6F:7F:DA:B2:92:84:32:06:45:D6:1F:3C:5C:08
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0582EA385DDD46C2270B2134DF9301938A06289E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/65e9253e-c307-401c-9deb-ce32ba09cb90.roa
Signing time:             Fri 15 Sep 2023 00:00:00 +0000
ROA not before:           Fri 15 Sep 2023 00:00:00 +0000
ROA not after:            Fri 20 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:82:ea:38:5d:dd:46:c2:27:0b:21:34:df:93:01:93:8a:06:28:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 15 00:00:00 2023 GMT
            Not After : Oct 20 23:59:59 2023 GMT
        Subject: serialNumber=e3a2ba7865792b6c5b9693f519bc4205c44ab0547d557945ca1b162320fa9f22, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f6:1e:88:be:c7:16:7a:c3:13:fc:20:9c:33:
                    83:da:39:7e:92:41:29:97:f2:57:dd:64:2a:e8:54:
                    3d:bf:35:4b:f9:2a:8e:e6:5f:cc:25:a4:90:b6:42:
                    fc:87:b8:36:df:ed:0b:a0:1a:56:ad:84:78:d4:ce:
                    88:20:32:f9:85:42:3a:7e:7f:75:08:e4:3c:45:ee:
                    2c:29:5c:7f:0d:24:8a:2d:81:6c:89:fa:e8:20:b3:
                    af:bb:38:d9:c6:29:0f:30:06:53:ad:6c:3f:3c:28:
                    9c:8d:4b:ba:b1:1b:98:bb:27:50:64:b1:01:bb:fb:
                    57:3d:95:d6:cc:3c:ec:f8:fe:d6:2f:ce:4e:5c:cb:
                    bb:e8:ea:33:7f:0b:2c:00:37:68:f8:6e:38:68:dd:
                    91:23:8f:88:cd:fd:ed:03:b9:fa:51:d7:7b:6b:45:
                    17:2d:c3:60:d6:07:a5:62:d6:69:5a:15:4d:9e:4d:
                    ce:18:1b:65:1b:8b:f8:c2:50:a1:76:1d:2e:9c:b1:
                    f7:46:2a:b2:01:97:75:45:9d:e9:e9:12:6b:90:5d:
                    56:46:46:dd:0a:52:a9:26:28:7d:15:94:16:fa:71:
                    bd:7f:62:1e:62:09:9d:38:1b:ca:f8:61:a0:d4:0c:
                    83:ec:14:08:f8:53:79:19:d6:22:49:a9:e7:75:91:
                    e1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:DE:96:62:BB:49:6F:7F:DA:B2:92:84:32:06:45:D6:1F:3C:5C:08
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/65e9253e-c307-401c-9deb-ce32ba09cb90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:62:88:57:2f:20:34:41:fa:fb:b5:10:28:cc:29:e9:55:85:
         91:c9:94:9e:6b:84:ef:a9:2f:9f:b4:5c:b6:91:61:17:62:e4:
         07:9d:1b:73:dd:e9:70:4b:10:31:86:a0:5b:82:5d:c8:a6:31:
         c3:83:21:2d:94:26:b8:6d:56:73:6a:21:78:34:96:53:11:71:
         fe:69:e2:73:9b:6f:37:9e:5b:ed:f2:10:25:f7:8a:3a:8e:a2:
         5e:a2:fc:f3:2d:96:96:52:56:cd:56:ef:a0:3b:6a:fa:f0:01:
         1e:d6:98:d2:74:92:0e:32:31:c5:b1:5b:97:16:c8:f6:61:43:
         05:b6:77:78:9f:29:fd:14:3b:81:cb:ff:c8:df:95:81:7f:22:
         a8:a6:f0:8d:2d:b6:9c:4c:34:e8:14:d4:06:87:2a:49:58:c2:
         ed:4a:25:69:58:b9:49:12:92:4b:e1:25:74:e8:93:02:5f:1c:
         b3:ec:59:54:c5:f2:2a:55:ad:6c:39:97:46:dd:99:4e:09:83:
         60:7c:1d:3c:3e:66:98:0e:d1:3d:82:48:10:85:d4:2b:5d:71:
         60:cc:81:58:36:16:b7:fb:57:ea:1b:4c:f4:39:87:90:f9:9b:
         04:b0:df:60:6c:25:37:b2:73:e0:94:3e:a0:87:74:d9:6d:43:
         60:7b:52:35
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBYLqOF3dRsInCyE035MBk4oGKJ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE1MDAwMDAwWhcNMjMxMDIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlM2EyYmE3ODY1NzkyYjZjNWI5NjkzZjUxOWJjNDIwNWM0
NGFiMDU0N2Q1NTc5NDVjYTFiMTYyMzIwZmE5ZjIyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ9h6IvscWesMT/CCcM4PaOX6SQSmX8lfdZCroVD2/NUv5
Ko7mX8wlpJC2QvyHuDbf7QugGlathHjUzoggMvmFQjp+f3UI5DxF7iwpXH8NJIot
gWyJ+uggs6+7ONnGKQ8wBlOtbD88KJyNS7qxG5i7J1BksQG7+1c9ldbMPOz4/tYv
zk5cy7vo6jN/CywAN2j4bjho3ZEjj4jN/e0DufpR13trRRctw2DWB6Vi1mlaFU2e
Tc4YG2Ubi/jCUKF2HS6csfdGKrIBl3VFnenpEmuQXVZGRt0KUqkmKH0VlBb6cb1/
Yh5iCZ04G8r4YaDUDIPsFAj4U3kZ1iJJqed1keFxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJd6WYrtJb3/aspKEMgZF1h88XAgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY1ZTkyNTNlLWMzMDctNDAxYy05ZGViLWNlMzJiYTA5Y2I5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHhiiFcvIDRB+vu1ECjMKelVhZHJ
lJ5rhO+pL5+0XLaRYRdi5AedG3Pd6XBLEDGGoFuCXcimMcODIS2UJrhtVnNqIXg0
llMRcf5p4nObbzeeW+3yECX3ijqOol6i/PMtlpZSVs1W76A7avrwAR7WmNJ0kg4y
McWxW5cWyPZhQwW2d3ifKf0UO4HL/8jflYF/Iqim8I0ttpxMNOgU1AaHKklYwu1K
JWlYuUkSkkvhJXTokwJfHLPsWVTF8ipVrWw5l0bdmU4Jg2B8HTw+ZpgO0T2CSBCF
1CtdcWDMgVg2Frf7V+obTPQ5h5D5mwSw32BsJTeyc+CUPqCHdNltQ2B7UjU=
-----END CERTIFICATE-----