Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/70a89821-76c3-4c6f-b3b7-1ead9715a3f8.roa
File:                     70a89821-76c3-4c6f-b3b7-1ead9715a3f8.roa (raw, json)
Hash identifier:          70u0cIsCFbR1mJCbTQR97qTz3oteg/Q7nbkEFZfEPgg=
Subject key identifier:   F0:DF:AC:33:BD:55:9B:3B:A0:E7:79:E8:8A:2B:6A:FB:A2:09:DD:EB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2DF11C2A1DCE13DD74FE30923CBAFB1BEDE423BA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/70a89821-76c3-4c6f-b3b7-1ead9715a3f8.roa
Signing time:             Sat 23 Sep 2023 00:00:00 +0000
ROA not before:           Sat 23 Sep 2023 00:00:00 +0000
ROA not after:            Sat 28 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:f1:1c:2a:1d:ce:13:dd:74:fe:30:92:3c:ba:fb:1b:ed:e4:23:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 23 00:00:00 2023 GMT
            Not After : Oct 28 23:59:59 2023 GMT
        Subject: serialNumber=c24447fbf84af605b865a816f5cb2d2a02d07b7b98582eca7696e74bfc2af97d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:d7:ad:c2:c7:90:9a:73:f7:f8:be:3c:a7:6d:
                    e3:a1:4c:53:06:16:e9:26:82:91:ac:82:b4:5e:8d:
                    54:c3:92:4e:70:6a:96:85:5c:30:5a:f7:87:cf:5b:
                    07:5d:ed:ba:81:e7:64:fc:9e:83:0f:9b:08:e8:6d:
                    99:ab:5e:4e:ed:ab:d7:43:57:64:51:a0:39:bb:20:
                    6d:c0:09:2e:7e:91:ea:1d:3a:45:fd:b2:bc:12:07:
                    28:dc:93:31:68:f6:00:4b:67:17:82:ba:3d:32:1d:
                    bc:8d:4b:e8:88:ee:75:31:7c:18:5a:1f:31:cc:34:
                    c9:10:6b:ea:e5:6b:dc:7e:65:51:59:dc:39:fe:6a:
                    2b:6c:b8:3e:d6:dc:31:29:d6:1f:22:19:98:1e:70:
                    ef:59:5f:d7:27:70:cf:5e:50:f5:36:0a:0b:be:b1:
                    ec:2d:01:7a:ba:ee:f3:01:5c:37:88:19:77:46:b4:
                    5b:00:63:da:03:06:f8:2d:c2:2b:42:54:89:76:2a:
                    90:2d:3d:3a:c8:81:72:4f:e5:b8:7d:20:8c:a5:88:
                    ac:87:f1:b5:af:7c:ac:8b:43:6a:11:72:36:ef:ae:
                    2a:ac:eb:16:f8:81:86:f3:8c:f6:aa:57:5c:f1:c0:
                    8d:2f:24:64:d3:7c:b3:72:9b:c7:10:b3:f6:0b:1a:
                    bb:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:DF:AC:33:BD:55:9B:3B:A0:E7:79:E8:8A:2B:6A:FB:A2:09:DD:EB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/70a89821-76c3-4c6f-b3b7-1ead9715a3f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:df:e0:64:ff:1a:fa:31:b9:4a:31:f3:10:fb:a4:f1:5b:1a:
         6f:ab:04:60:6b:b5:e0:ea:d1:ba:77:9e:e8:f7:f1:8e:dd:0b:
         a9:77:44:1b:c2:99:01:38:87:e2:3f:17:46:d6:9f:da:c2:04:
         d3:80:ea:fa:df:01:4b:84:ad:fe:e7:35:8a:58:78:5a:75:0a:
         19:13:e5:71:16:a1:de:ed:cc:fd:e9:5a:08:c9:45:bb:fe:39:
         08:45:d5:fa:49:06:74:62:46:a6:76:12:96:eb:ec:b1:21:a2:
         d8:49:92:cb:7a:ea:a2:19:00:68:22:09:5f:7b:fa:f9:b5:1d:
         1f:18:b7:2f:ec:40:3f:bd:e4:e4:d7:4a:b2:b7:11:4d:50:df:
         a4:d8:15:5d:d2:64:90:30:4d:77:70:de:32:a2:37:05:c2:ec:
         0f:9f:0d:85:dd:95:c3:17:a9:1b:e4:74:79:d3:6a:d4:9a:bb:
         d8:50:fd:73:6a:3a:8d:77:a7:e7:33:eb:2f:64:a4:08:d6:d4:
         03:d6:aa:ba:17:fa:b5:ac:c7:63:62:4d:f7:f7:09:05:e3:98:
         f2:c4:c3:d0:81:ae:1f:88:eb:9d:5e:d1:8a:de:c2:f2:92:7e:
         9e:2f:02:69:1d:f7:cf:84:27:b4:23:35:77:95:eb:1b:c5:7f:
         d6:69:f9:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULfEcKh3OE910/jCSPLr7G+3kI7owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIzMDAwMDAwWhcNMjMxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMjQ0NDdmYmY4NGFmNjA1Yjg2NWE4MTZmNWNiMmQyYTAy
ZDA3YjdiOTg1ODJlY2E3Njk2ZTc0YmZjMmFmOTdkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDn163Cx5Cac/f4vjynbeOhTFMGFukmgpGsgrRejVTDkk5w
apaFXDBa94fPWwdd7bqB52T8noMPmwjobZmrXk7tq9dDV2RRoDm7IG3ACS5+keod
OkX9srwSByjckzFo9gBLZxeCuj0yHbyNS+iI7nUxfBhaHzHMNMkQa+rla9x+ZVFZ
3Dn+aitsuD7W3DEp1h8iGZgecO9ZX9cncM9eUPU2Cgu+sewtAXq67vMBXDeIGXdG
tFsAY9oDBvgtwitCVIl2KpAtPTrIgXJP5bh9IIyliKyH8bWvfKyLQ2oRcjbvriqs
6xb4gYbzjPaqV1zxwI0vJGTTfLNym8cQs/YLGrvZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8N+sM71Vmzug53noiitq+6IJ3eswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcwYTg5ODIxLTc2YzMtNGM2Zi1iM2I3LTFlYWQ5NzE1YTNmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC/f4GT/GvoxuUox8xD7pPFbGm+r
BGBrteDq0bp3nuj38Y7dC6l3RBvCmQE4h+I/F0bWn9rCBNOA6vrfAUuErf7nNYpY
eFp1ChkT5XEWod7tzP3pWgjJRbv+OQhF1fpJBnRiRqZ2Epbr7LEhothJkst66qIZ
AGgiCV97+vm1HR8Yty/sQD+95OTXSrK3EU1Q36TYFV3SZJAwTXdw3jKiNwXC7A+f
DYXdlcMXqRvkdHnTatSau9hQ/XNqOo13p+cz6y9kpAjW1APWqroX+rWsx2NiTff3
CQXjmPLEw9CBrh+I651e0YrewvKSfp4vAmkd98+EJ7QjNXeV6xvFf9Zp+V0=
-----END CERTIFICATE-----