Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/663b5e72-baa5-432a-9bc4-484351711323.roa
File:                     663b5e72-baa5-432a-9bc4-484351711323.roa (raw, json)
Hash identifier:          YpEbkdyaoLLNJp7RF+skUF3vPEtPB3T6Yq8z0wDoP+M=
Subject key identifier:   FE:D4:C5:57:00:64:24:C6:05:41:DC:4F:59:9B:B8:19:F9:16:E0:8B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       24FABC9C50E9EAAA7B0A35AA9B35628C240F303A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/663b5e72-baa5-432a-9bc4-484351711323.roa
Signing time:             Tue 24 Oct 2023 00:00:00 +0000
ROA not before:           Tue 24 Oct 2023 00:00:00 +0000
ROA not after:            Tue 28 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:fa:bc:9c:50:e9:ea:aa:7b:0a:35:aa:9b:35:62:8c:24:0f:30:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 24 00:00:00 2023 GMT
            Not After : Nov 28 23:59:59 2023 GMT
        Subject: serialNumber=fe007d9295b20e1cfcb91adb73a3322da145ea942fdc0102ad1e34a37d858608, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d5:dc:3d:29:19:52:37:ba:15:17:9a:b7:76:
                    57:77:03:09:6e:a7:0a:f9:82:63:5e:ae:bd:21:f2:
                    fe:b0:66:a5:25:04:12:d5:e1:36:98:bc:fe:bc:3b:
                    45:28:e5:1a:70:0c:8e:8a:05:cd:9e:8c:a1:09:90:
                    1c:10:77:d4:53:8c:16:a1:fd:af:7c:eb:70:d0:ff:
                    94:7b:3e:20:95:69:7e:e1:e6:12:64:72:31:ab:d9:
                    f5:da:6d:53:fc:4b:81:a5:6d:f5:0c:cc:df:d5:cc:
                    d7:39:ea:be:5f:31:04:8c:3a:3a:73:7c:10:5e:aa:
                    38:28:95:ab:49:37:dc:10:2e:8e:45:5a:eb:95:c3:
                    98:dd:5a:3b:de:03:d9:14:42:f9:cd:12:09:8d:31:
                    49:fe:d5:00:49:7c:47:25:44:7d:21:0c:f9:e7:59:
                    dc:0a:d6:7e:cf:44:a1:24:0c:bb:1d:47:d4:86:e5:
                    71:b5:1d:25:e8:80:62:c0:be:be:cc:ff:d1:db:d9:
                    f3:ba:e2:8d:2a:4f:bb:64:d0:8b:c9:27:03:53:90:
                    90:b4:07:3d:91:9b:d7:26:a3:cb:e5:c0:a6:01:f9:
                    f8:ec:1a:13:a5:c8:fe:27:8c:4f:bd:57:8d:ee:ae:
                    94:ff:a5:b2:7a:bc:ff:16:5c:d7:86:4e:13:01:3c:
                    f4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:D4:C5:57:00:64:24:C6:05:41:DC:4F:59:9B:B8:19:F9:16:E0:8B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/663b5e72-baa5-432a-9bc4-484351711323.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:02:b9:59:cf:54:6a:c7:c2:26:5d:c0:07:a7:55:43:ad:17:
         8b:ab:5d:fa:0a:52:3a:91:b8:6a:b5:b1:87:61:a7:57:1c:e9:
         16:9c:bd:8f:d1:5f:6b:bc:10:9f:80:00:92:7c:61:06:21:a9:
         b5:ed:f9:12:c7:83:09:b0:ce:7c:3f:e3:ab:9a:a9:d8:33:5e:
         4e:5d:e6:95:6c:ba:a8:21:33:4d:33:de:aa:d0:95:b1:10:2f:
         45:91:cc:9b:31:e0:47:b3:eb:c8:1f:07:9f:80:27:c2:7b:d7:
         65:e6:f7:04:18:c5:fd:2e:9c:9c:53:94:ad:6c:76:1d:61:3f:
         bc:1a:84:87:01:b3:43:bd:98:ed:55:6a:06:51:6b:cd:c9:01:
         ea:7c:78:c6:7b:f6:df:13:d6:0c:f8:fe:78:bb:35:cd:8f:35:
         80:de:30:fa:bc:81:fc:88:50:e6:31:d3:99:95:a3:54:af:63:
         df:80:b5:b6:fd:f2:88:36:c8:32:c5:38:ef:6c:4a:e2:bc:66:
         1e:d6:2e:91:86:8d:5c:6c:48:b4:79:e2:5c:91:2d:04:c7:d2:
         8f:60:3c:bb:f4:9f:71:57:d0:86:f4:01:4e:0f:3b:4c:53:4a:
         fb:96:d3:08:ff:1e:2d:86:5c:df:6c:44:86:c2:b8:5b:6c:19:
         91:86:9c:d4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJPq8nFDp6qp7CjWqmzVijCQPMDowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI0MDAwMDAwWhcNMjMxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZTAwN2Q5Mjk1YjIwZTFjZmNiOTFhZGI3M2EzMzIyZGEx
NDVlYTk0MmZkYzAxMDJhZDFlMzRhMzdkODU4NjA4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQ1dw9KRlSN7oVF5q3dld3Awlupwr5gmNerr0h8v6wZqUl
BBLV4TaYvP68O0Uo5RpwDI6KBc2ejKEJkBwQd9RTjBah/a9863DQ/5R7PiCVaX7h
5hJkcjGr2fXabVP8S4GlbfUMzN/VzNc56r5fMQSMOjpzfBBeqjgolatJN9wQLo5F
WuuVw5jdWjveA9kUQvnNEgmNMUn+1QBJfEclRH0hDPnnWdwK1n7PRKEkDLsdR9SG
5XG1HSXogGLAvr7M/9Hb2fO64o0qT7tk0IvJJwNTkJC0Bz2Rm9cmo8vlwKYB+fjs
GhOlyP4njE+9V43urpT/pbJ6vP8WXNeGThMBPPQRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/tTFVwBkJMYFQdxPWZu4GfkW4IswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY2M2I1ZTcyLWJhYTUtNDMyYS05YmM0LTQ4NDM1MTcxMTMyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJoCuVnPVGrHwiZdwAenVUOtF4ur
XfoKUjqRuGq1sYdhp1cc6RacvY/RX2u8EJ+AAJJ8YQYhqbXt+RLHgwmwznw/46ua
qdgzXk5d5pVsuqghM00z3qrQlbEQL0WRzJsx4Eez68gfB5+AJ8J712Xm9wQYxf0u
nJxTlK1sdh1hP7wahIcBs0O9mO1VagZRa83JAep8eMZ79t8T1gz4/ni7Nc2PNYDe
MPq8gfyIUOYx05mVo1SvY9+Atbb98og2yDLFOO9sSuK8Zh7WLpGGjVxsSLR54lyR
LQTH0o9gPLv0n3FX0Ib0AU4PO0xTSvuW0wj/Hi2GXN9sRIbCuFtsGZGGnNQ=
-----END CERTIFICATE-----