Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/72f5474f-2583-4133-a12e-c6bb5368340b.roa
File:                     72f5474f-2583-4133-a12e-c6bb5368340b.roa (raw, json)
Hash identifier:          TVz+U3yy6k4o5Sk7jUvRIHJ2Z34w83cUOOZTa9hww3g=
Subject key identifier:   45:FF:95:E7:DD:7F:2F:69:61:03:89:32:BD:5C:70:D6:42:3B:BB:02
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2BA74A3D596A49A15ABF99FA68D4524D4C297509
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/72f5474f-2583-4133-a12e-c6bb5368340b.roa
Signing time:             Fri 27 Oct 2023 00:00:00 +0000
ROA not before:           Fri 27 Oct 2023 00:00:00 +0000
ROA not after:            Fri 01 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:a7:4a:3d:59:6a:49:a1:5a:bf:99:fa:68:d4:52:4d:4c:29:75:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 27 00:00:00 2023 GMT
            Not After : Dec  1 23:59:59 2023 GMT
        Subject: serialNumber=06aeeb406a07b0c0bfd0ae875a299d42a492a59da14a02e2a3457e5ac027555e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f5:d7:c5:25:38:be:93:00:40:66:b4:3c:53:
                    d5:d9:13:59:03:02:4c:00:39:dd:d8:72:9c:81:eb:
                    1d:e4:4b:8e:a1:ce:00:d1:27:1a:08:c4:71:26:a5:
                    75:ad:4a:84:de:bd:ad:f1:1e:4a:a4:e6:61:a2:91:
                    ee:87:f7:78:ff:b5:9a:d6:d4:d3:9c:2a:17:a6:d8:
                    93:30:b0:9b:5d:fe:7f:a0:b6:93:77:77:2e:cd:03:
                    75:38:4f:8c:4e:d1:25:3d:94:a2:4b:55:40:de:84:
                    fd:17:86:b9:47:98:a2:b6:33:87:d2:04:c9:8e:4a:
                    43:37:6a:96:f4:1a:6a:20:45:87:34:53:c9:0b:8c:
                    fe:05:78:6b:65:31:4b:ff:25:d7:29:81:93:65:11:
                    ca:82:77:95:ae:77:31:f8:99:75:41:f4:92:a7:54:
                    66:e8:e7:8d:b3:60:93:4f:eb:1d:31:cc:d6:43:03:
                    10:3a:fd:b4:58:24:b3:b3:56:80:e7:60:42:96:d2:
                    86:aa:5a:cc:1a:00:c8:1d:27:69:56:5f:1b:31:e2:
                    78:e0:e6:34:33:20:69:b6:3c:07:c0:17:14:15:05:
                    79:61:e0:d9:99:36:a3:01:e9:62:11:91:2b:3d:dd:
                    d3:56:3b:fb:2e:23:47:49:70:c2:0d:37:ed:fc:f1:
                    0e:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:FF:95:E7:DD:7F:2F:69:61:03:89:32:BD:5C:70:D6:42:3B:BB:02
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/72f5474f-2583-4133-a12e-c6bb5368340b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:a6:01:64:81:67:4e:73:87:0e:e6:5b:75:7a:61:f5:59:8d:
         ad:d3:c7:d9:86:43:df:f2:e1:d6:0c:f3:35:da:d0:36:bd:61:
         51:86:95:82:99:f7:fe:51:74:67:b0:88:f9:6b:fd:0f:c4:1c:
         6d:ee:55:89:25:3d:d4:63:91:cf:fd:a5:0d:36:98:9f:34:a5:
         9f:92:04:1e:1e:b2:f6:11:e9:dd:56:2e:91:09:0e:46:c1:96:
         66:cf:fc:0f:fb:7e:ee:17:3e:82:a3:64:38:2b:3c:90:1b:79:
         28:36:1d:b2:09:0a:c2:0e:3b:82:41:25:91:85:a4:64:dc:0e:
         b2:5c:eb:fe:aa:21:ef:bf:ac:60:28:ac:e3:12:75:16:41:ad:
         82:9a:2e:67:42:f8:bb:09:ec:13:e4:86:bc:6c:31:e3:50:0c:
         a3:0c:02:db:cf:95:24:bd:e4:dd:4e:ce:bd:80:ad:77:94:71:
         58:c5:fc:79:39:0d:36:79:0d:e2:3f:84:62:fa:df:56:a0:2e:
         0d:ce:73:b8:64:aa:cb:6b:78:7e:ec:ed:e5:ba:eb:52:36:b5:
         d9:dd:fc:5f:ba:de:e9:fd:b3:d5:48:1d:1d:dc:cb:d2:68:69:
         af:36:3f:a6:20:79:a1:da:a2:c5:f0:b7:8c:e5:36:af:c0:cf:
         09:a4:c8:b3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK6dKPVlqSaFav5n6aNRSTUwpdQkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI3MDAwMDAwWhcNMjMxMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNmFlZWI0MDZhMDdiMGMwYmZkMGFlODc1YTI5OWQ0MmE0
OTJhNTlkYTE0YTAyZTJhMzQ1N2U1YWMwMjc1NTVlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDc9dfFJTi+kwBAZrQ8U9XZE1kDAkwAOd3YcpyB6x3kS46h
zgDRJxoIxHEmpXWtSoTeva3xHkqk5mGike6H93j/tZrW1NOcKhem2JMwsJtd/n+g
tpN3dy7NA3U4T4xO0SU9lKJLVUDehP0XhrlHmKK2M4fSBMmOSkM3apb0GmogRYc0
U8kLjP4FeGtlMUv/JdcpgZNlEcqCd5WudzH4mXVB9JKnVGbo542zYJNP6x0xzNZD
AxA6/bRYJLOzVoDnYEKW0oaqWswaAMgdJ2lWXxsx4njg5jQzIGm2PAfAFxQVBXlh
4NmZNqMB6WIRkSs93dNWO/suI0dJcMINN+388Q5TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURf+V591/L2lhA4kyvVxw1kI7uwIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcyZjU0NzRmLTI1ODMtNDEzMy1hMTJlLWM2YmI1MzY4MzQwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG+mAWSBZ05zhw7mW3V6YfVZja3T
x9mGQ9/y4dYM8zXa0Da9YVGGlYKZ9/5RdGewiPlr/Q/EHG3uVYklPdRjkc/9pQ02
mJ80pZ+SBB4esvYR6d1WLpEJDkbBlmbP/A/7fu4XPoKjZDgrPJAbeSg2HbIJCsIO
O4JBJZGFpGTcDrJc6/6qIe+/rGAorOMSdRZBrYKaLmdC+LsJ7BPkhrxsMeNQDKMM
AtvPlSS95N1Ozr2ArXeUcVjF/Hk5DTZ5DeI/hGL631agLg3Oc7hkqstreH7s7eW6
61I2tdnd/F+63un9s9VIHR3cy9Joaa82P6YgeaHaosXwt4zlNq/AzwmkyLM=
-----END CERTIFICATE-----