Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82456711-1f68-419f-ae30-95af32d32dcd.roa
File:                     82456711-1f68-419f-ae30-95af32d32dcd.roa (raw, json)
Hash identifier:          ex331nrfv6d9PKADvo70AwpghDp6MLC7jd3Wgf6Arsg=
Subject key identifier:   7E:27:C7:0D:89:D5:03:67:32:C1:E5:09:2E:42:01:62:5F:71:32:3C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5088373D455D1080EEFCC89FE6FAC51C0A19BB3E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82456711-1f68-419f-ae30-95af32d32dcd.roa
Signing time:             Sun 05 Nov 2023 00:00:00 +0000
ROA not before:           Sun 05 Nov 2023 00:00:00 +0000
ROA not after:            Sun 10 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:88:37:3d:45:5d:10:80:ee:fc:c8:9f:e6:fa:c5:1c:0a:19:bb:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  5 00:00:00 2023 GMT
            Not After : Dec 10 23:59:59 2023 GMT
        Subject: serialNumber=4282dca4c163ab68cf2fe4e55d7558b0795d0fef7736eb9f59d19f80c4158375, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:30:8a:12:6f:7d:f7:40:3e:d9:08:e3:10:21:
                    c3:e6:28:07:70:6e:0f:b6:fa:02:4e:76:c4:69:5a:
                    d4:26:f8:e9:57:ca:56:b5:fd:e8:7c:52:ba:c3:1c:
                    5a:46:4b:70:eb:11:31:e9:ac:58:71:9d:cb:58:89:
                    12:99:37:2b:01:9e:94:06:7f:83:86:66:49:4f:07:
                    37:51:5e:e9:7e:83:09:a6:88:c9:7e:e3:48:92:e3:
                    c4:2d:d6:9e:75:0e:96:0a:a4:4b:ce:e7:0c:3c:97:
                    08:36:f1:a0:e4:6f:1a:95:78:0a:76:56:25:d6:66:
                    82:20:7c:8e:55:29:65:ff:7f:9a:48:5f:9b:41:80:
                    29:93:a1:c8:47:4c:07:0c:c2:cc:7f:8c:43:cd:0c:
                    00:93:b9:f8:b4:6d:eb:8d:9c:ba:70:c8:df:83:08:
                    46:09:5a:1c:e4:98:5c:f3:d0:e4:4a:f8:af:01:1b:
                    79:1a:b3:97:5a:b7:1a:4a:4a:60:af:f3:e9:d2:16:
                    8f:9e:99:fb:4c:f3:74:04:97:74:c7:09:a7:fe:08:
                    dd:35:30:22:ef:a1:1d:c0:c8:20:37:d8:d7:31:7f:
                    d6:5f:91:1b:85:cf:bc:5c:b7:28:f9:f7:ca:d1:05:
                    af:05:99:3b:50:52:d9:05:13:cf:07:ec:a8:25:be:
                    35:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:27:C7:0D:89:D5:03:67:32:C1:E5:09:2E:42:01:62:5F:71:32:3C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82456711-1f68-419f-ae30-95af32d32dcd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:9c:41:a6:34:41:e3:ec:f8:0c:da:f4:0a:4f:83:c1:e2:29:
         9d:9f:1b:6c:26:14:fd:50:7e:b4:55:56:ab:cb:41:0e:c5:91:
         e4:c4:e5:fb:69:02:72:56:c6:ea:07:86:53:56:1f:31:7d:28:
         14:17:48:cb:59:6d:c6:e6:45:63:e1:76:57:8c:0e:71:f9:06:
         9e:6e:b7:42:05:8d:51:52:fe:e1:f0:02:1f:43:e2:19:77:2f:
         56:69:01:08:16:5f:d9:74:99:c7:4d:80:eb:99:2a:4c:45:51:
         65:90:51:27:af:cd:75:7d:c1:f8:4a:26:bb:76:ea:c4:7a:84:
         e4:da:31:ec:39:82:50:8f:6f:05:53:19:aa:fe:6d:90:7e:36:
         d0:7d:aa:a1:1d:e7:bf:86:83:76:2f:ed:73:31:55:17:aa:81:
         ee:7a:26:bd:94:46:65:2b:9f:07:29:d4:ed:f5:9e:bf:25:46:
         53:ae:3c:94:35:de:3c:ff:a4:2d:f7:c0:5f:cd:c0:c0:f9:d8:
         ce:52:9d:15:15:70:ae:3e:53:45:e3:65:8d:ca:38:7c:8f:3f:
         43:c2:f9:6e:15:99:c8:cb:17:5d:c2:11:e0:3d:a4:3a:b0:8e:
         39:ac:05:7e:19:b6:ae:05:41:d5:38:da:fe:13:52:93:4f:d6:
         a5:d4:c7:8a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUIg3PUVdEIDu/Mif5vrFHAoZuz4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA1MDAwMDAwWhcNMjMxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MjgyZGNhNGMxNjNhYjY4Y2YyZmU0ZTU1ZDc1NThiMDc5
NWQwZmVmNzczNmViOWY1OWQxOWY4MGM0MTU4Mzc1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9MIoSb333QD7ZCOMQIcPmKAdwbg+2+gJOdsRpWtQm+OlX
yla1/eh8UrrDHFpGS3DrETHprFhxnctYiRKZNysBnpQGf4OGZklPBzdRXul+gwmm
iMl+40iS48Qt1p51DpYKpEvO5ww8lwg28aDkbxqVeAp2ViXWZoIgfI5VKWX/f5pI
X5tBgCmTochHTAcMwsx/jEPNDACTufi0beuNnLpwyN+DCEYJWhzkmFzz0ORK+K8B
G3kas5datxpKSmCv8+nSFo+emftM83QEl3THCaf+CN01MCLvoR3AyCA32Ncxf9Zf
kRuFz7xctyj598rRBa8FmTtQUtkFE88H7KglvjWXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfifHDYnVA2cyweUJLkIBYl9xMjwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyNDU2NzExLTFmNjgtNDE5Zi1hZTMwLTk1YWYzMmQzMmRjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEWcQaY0QePs+Aza9ApPg8HiKZ2f
G2wmFP1QfrRVVqvLQQ7FkeTE5ftpAnJWxuoHhlNWHzF9KBQXSMtZbcbmRWPhdleM
DnH5Bp5ut0IFjVFS/uHwAh9D4hl3L1ZpAQgWX9l0mcdNgOuZKkxFUWWQUSevzXV9
wfhKJrt26sR6hOTaMew5glCPbwVTGar+bZB+NtB9qqEd57+Gg3Yv7XMxVReqge56
Jr2URmUrnwcp1O31nr8lRlOuPJQ13jz/pC33wF/NwMD52M5SnRUVcK4+U0XjZY3K
OHyPP0PC+W4VmcjLF13CEeA9pDqwjjmsBX4Ztq4FQdU42v4TUpNP1qXUx4o=
-----END CERTIFICATE-----