Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7f908a58-50c6-48b0-b64b-30b6bd14ea5f.roa
File:                     7f908a58-50c6-48b0-b64b-30b6bd14ea5f.roa (raw, json)
Hash identifier:          bl8cM6pg6P7Oy9HE4d9ziUIb918XpwKx2kWnPGCDfEc=
Subject key identifier:   E2:AB:48:1E:8A:49:17:AB:18:0E:36:A3:FA:D6:BF:9C:5E:47:91:8E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2D04D4178CD85A86B21667925464591690B0F38E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7f908a58-50c6-48b0-b64b-30b6bd14ea5f.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:04:d4:17:8c:d8:5a:86:b2:16:67:92:54:64:59:16:90:b0:f3:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=d6824657da8f812348586ce6733f5903f6885062b90fe108fd0f1bcf8c372ecc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e9:76:08:ca:93:19:cb:d9:1d:c9:83:9a:55:
                    3f:9a:d8:69:37:d2:bf:18:26:0e:ed:a8:e5:ea:aa:
                    25:73:15:f3:67:ce:9e:d5:08:a5:4d:3c:ad:b3:ae:
                    84:8c:5d:38:e9:2b:8c:ec:37:96:97:70:e9:ad:90:
                    20:35:75:39:0b:b0:09:e6:a5:a6:18:23:42:01:fa:
                    69:49:b8:8c:4d:16:6e:0d:c4:93:cf:57:45:d5:47:
                    c5:c0:3c:50:1a:d4:2e:3e:be:35:17:9b:d5:6a:2c:
                    81:cc:31:dd:1a:1e:a4:0e:b0:07:97:2f:2c:ae:62:
                    2a:b6:24:36:ed:e8:a8:7b:6c:fb:1e:17:73:a3:32:
                    bb:34:2c:e3:8b:f7:f4:72:b4:e4:a8:75:f1:04:13:
                    c7:49:1e:e9:39:35:38:70:38:4c:d3:8e:0b:af:11:
                    7d:68:3e:9b:14:fd:f9:de:30:0c:a9:72:f9:4a:78:
                    47:73:36:b8:99:22:fc:87:83:f7:3e:72:04:57:37:
                    b5:c8:6f:70:6f:9f:0e:b1:3e:cb:7c:71:29:73:9a:
                    79:2a:7b:72:31:34:65:87:19:fe:44:80:50:d6:c6:
                    fb:c7:7a:99:32:52:de:9b:4b:c3:c6:26:50:2d:8f:
                    28:8f:03:75:7a:ce:a8:96:1d:b3:77:00:3e:0c:cb:
                    eb:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:AB:48:1E:8A:49:17:AB:18:0E:36:A3:FA:D6:BF:9C:5E:47:91:8E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7f908a58-50c6-48b0-b64b-30b6bd14ea5f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:19:6f:15:1d:03:62:1e:97:54:1b:c5:a9:94:fc:20:ba:34:
         7e:ed:cc:1e:23:eb:c4:74:31:d8:63:2e:00:91:33:55:8f:74:
         38:5a:9d:6c:c7:85:ef:7b:42:69:98:a3:b9:49:71:c4:1b:e4:
         06:03:d6:c9:3a:17:89:c0:bd:69:d4:29:f0:b0:1e:59:5b:3f:
         9c:f4:d5:35:09:f6:32:6c:70:f6:85:42:14:57:76:71:d9:ab:
         6e:7d:2f:ba:d0:0b:3a:8a:07:78:0c:2b:69:3a:6e:87:36:3d:
         50:a3:f3:b4:5c:f5:a0:dd:d3:9c:d0:ef:3c:f5:f2:3f:1f:7d:
         61:2a:84:26:07:64:fc:ff:55:74:19:c5:26:83:97:40:f0:2e:
         a3:81:ce:04:70:41:b4:8c:4a:8f:d9:f7:48:7c:f2:b6:b1:c7:
         91:cb:75:b5:97:bd:1b:29:78:2f:4d:d7:b2:82:d9:ab:c4:7a:
         e3:4f:4a:ad:ab:4a:b1:7c:60:10:6a:50:b6:ea:1a:a3:82:af:
         50:f6:02:4d:45:3c:e2:ad:58:d6:04:1b:3e:f4:f5:ac:3a:b5:
         08:2b:1a:ab:68:9f:3a:10:21:4a:03:17:c2:fe:14:6b:6b:18:
         e5:0c:16:a5:62:ad:a4:3a:2f:43:15:4e:e9:20:23:45:9f:6b:
         7e:9a:a5:28
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULQTUF4zYWoayFmeSVGRZFpCw844wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE4MDAwMDAwWhcNMjMxMDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNjgyNDY1N2RhOGY4MTIzNDg1ODZjZTY3MzNmNTkwM2Y2
ODg1MDYyYjkwZmUxMDhmZDBmMWJjZjhjMzcyZWNjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCl6XYIypMZy9kdyYOaVT+a2Gk30r8YJg7tqOXqqiVzFfNn
zp7VCKVNPK2zroSMXTjpK4zsN5aXcOmtkCA1dTkLsAnmpaYYI0IB+mlJuIxNFm4N
xJPPV0XVR8XAPFAa1C4+vjUXm9VqLIHMMd0aHqQOsAeXLyyuYiq2JDbt6Kh7bPse
F3OjMrs0LOOL9/RytOSodfEEE8dJHuk5NThwOEzTjguvEX1oPpsU/fneMAypcvlK
eEdzNriZIvyHg/c+cgRXN7XIb3Bvnw6xPst8cSlzmnkqe3IxNGWHGf5EgFDWxvvH
epkyUt6bS8PGJlAtjyiPA3V6zqiWHbN3AD4My+vxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4qtIHopJF6sYDjaj+ta/nF5HkY4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdmOTA4YTU4LTUwYzYtNDhiMC1iNjRiLTMwYjZiZDE0ZWE1Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF0ZbxUdA2Iel1QbxamU/CC6NH7t
zB4j68R0MdhjLgCRM1WPdDhanWzHhe97QmmYo7lJccQb5AYD1sk6F4nAvWnUKfCw
HllbP5z01TUJ9jJscPaFQhRXdnHZq259L7rQCzqKB3gMK2k6boc2PVCj87Rc9aDd
05zQ7zz18j8ffWEqhCYHZPz/VXQZxSaDl0DwLqOBzgRwQbSMSo/Z90h88raxx5HL
dbWXvRspeC9N17KC2avEeuNPSq2rSrF8YBBqULbqGqOCr1D2Ak1FPOKtWNYEGz70
9aw6tQgrGqtonzoQIUoDF8L+FGtrGOUMFqViraQ6L0MVTukgI0Wfa36apSg=
-----END CERTIFICATE-----