Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82ae6c31-4869-486b-a603-b11cea119e5b.roa
File:                     82ae6c31-4869-486b-a603-b11cea119e5b.roa (raw, json)
Hash identifier:          v7gkBRmuSaZMi6MapNQqt4crx8cqqRA3kxqcX1dQVak=
Subject key identifier:   C0:AC:A6:D9:F1:41:E7:EE:89:A1:48:A5:FC:DA:53:CF:58:11:AE:F7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       01619DE4260E1E8251885BA3AF702E18BAC87F06
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82ae6c31-4869-486b-a603-b11cea119e5b.roa
Signing time:             Mon 16 Oct 2023 00:00:00 +0000
ROA not before:           Mon 16 Oct 2023 00:00:00 +0000
ROA not after:            Mon 20 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:61:9d:e4:26:0e:1e:82:51:88:5b:a3:af:70:2e:18:ba:c8:7f:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 16 00:00:00 2023 GMT
            Not After : Nov 20 23:59:59 2023 GMT
        Subject: serialNumber=b0747cd3d3179332ee1768da1d6c559cd9c73c977da8659a496378a7a2fb889d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:41:82:c8:4d:56:35:f6:62:10:bb:cd:21:67:
                    a3:bf:25:b7:91:4c:14:07:21:b3:65:1d:f7:d0:39:
                    27:de:6a:90:19:f1:85:90:2f:2a:55:1e:bb:f9:9c:
                    64:ac:3e:26:b4:ad:e5:75:66:69:dc:56:94:2a:8f:
                    8c:08:46:28:f2:6f:3b:d2:75:55:3e:44:85:77:49:
                    68:c0:97:a2:27:c2:60:e4:5a:f7:42:0b:f4:64:6c:
                    5b:8e:22:f7:0f:dc:86:ee:11:9f:87:06:f4:eb:51:
                    6f:11:36:8c:f5:d5:19:27:c7:34:68:58:65:65:06:
                    79:8a:9e:51:e5:93:80:c5:82:65:79:84:33:e0:70:
                    a4:eb:c4:cd:54:b6:26:80:66:80:71:40:b9:a9:d4:
                    6f:27:51:89:fd:99:e9:fe:a4:76:e1:5f:3d:f0:52:
                    46:b3:b4:19:7c:7b:5e:39:f1:02:4e:78:d0:76:06:
                    05:c8:24:14:48:96:b7:2b:27:05:41:4d:46:52:8b:
                    1f:63:6c:18:1a:67:b1:7a:1a:16:6f:65:bb:ac:61:
                    7c:bb:e1:b1:74:e9:40:b4:7c:66:ff:0c:7d:5f:01:
                    e6:12:16:9c:ff:26:19:6a:af:c7:b8:2e:01:c4:e8:
                    67:c3:ba:1a:bb:98:be:77:8b:4b:9d:79:fc:33:25:
                    08:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:AC:A6:D9:F1:41:E7:EE:89:A1:48:A5:FC:DA:53:CF:58:11:AE:F7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82ae6c31-4869-486b-a603-b11cea119e5b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ec:93:88:12:28:65:f7:45:dc:08:a9:8d:6a:30:b9:a6:0f:
         c3:2a:99:03:92:01:f1:d9:26:f4:1f:da:98:8a:e0:a2:da:cf:
         c5:e6:b5:42:72:6f:e9:97:d3:e3:40:1e:1f:7c:14:b5:0b:fa:
         ba:5f:80:76:ff:53:ab:81:c2:8b:82:c9:76:fa:37:42:04:55:
         1a:7b:2b:d5:95:e6:5e:19:b0:73:37:e3:d8:ae:9b:8a:58:9f:
         45:f3:8e:c9:4c:76:e7:6f:33:44:6b:bc:4b:70:f6:d8:36:4f:
         b0:6d:0d:e3:61:41:48:93:2d:fd:75:fd:0e:9b:e3:4c:a6:8e:
         9c:ce:88:00:d0:4f:fe:ee:26:4a:16:ac:d3:04:40:90:65:c5:
         a9:05:57:c4:6c:df:37:85:cf:f8:8f:10:81:5a:6f:f2:1a:8a:
         53:c6:23:4e:75:fc:53:1e:cc:c4:c9:a4:02:76:e5:93:98:e4:
         6f:ba:2b:02:76:d4:fe:1f:3a:b1:25:74:10:d5:b0:da:e1:59:
         90:c4:cf:d1:7e:75:ad:7a:da:ed:e1:81:ab:bc:6b:90:00:32:
         0d:71:5d:56:0d:c3:89:bf:a4:a3:e9:e9:07:6b:8e:2c:64:45:
         03:a1:41:73:fb:64:ad:a0:f1:8e:e3:5d:4c:28:88:0c:76:c1:
         ab:64:65:bc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAWGd5CYOHoJRiFujr3AuGLrIfwYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE2MDAwMDAwWhcNMjMxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDc0N2NkM2QzMTc5MzMyZWUxNzY4ZGExZDZjNTU5Y2Q5
YzczYzk3N2RhODY1OWE0OTYzNzhhN2EyZmI4ODlkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFQYLITVY19mIQu80hZ6O/JbeRTBQHIbNlHffQOSfeapAZ
8YWQLypVHrv5nGSsPia0reV1ZmncVpQqj4wIRijybzvSdVU+RIV3SWjAl6InwmDk
WvdCC/RkbFuOIvcP3IbuEZ+HBvTrUW8RNoz11RknxzRoWGVlBnmKnlHlk4DFgmV5
hDPgcKTrxM1UtiaAZoBxQLmp1G8nUYn9men+pHbhXz3wUkaztBl8e1458QJOeNB2
BgXIJBRIlrcrJwVBTUZSix9jbBgaZ7F6GhZvZbusYXy74bF06UC0fGb/DH1fAeYS
Fpz/Jhlqr8e4LgHE6GfDuhq7mL53i0udefwzJQjdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwKym2fFB5+6JoUil/NpTz1gRrvcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyYWU2YzMxLTQ4NjktNDg2Yi1hNjAzLWIxMWNlYTExOWU1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJLsk4gSKGX3RdwIqY1qMLmmD8Mq
mQOSAfHZJvQf2piK4KLaz8XmtUJyb+mX0+NAHh98FLUL+rpfgHb/U6uBwouCyXb6
N0IEVRp7K9WV5l4ZsHM349ium4pYn0XzjslMdudvM0RrvEtw9tg2T7BtDeNhQUiT
Lf11/Q6b40ymjpzOiADQT/7uJkoWrNMEQJBlxakFV8Rs3zeFz/iPEIFab/IailPG
I051/FMezMTJpAJ25ZOY5G+6KwJ21P4fOrEldBDVsNrhWZDEz9F+da162u3hgau8
a5AAMg1xXVYNw4m/pKPp6QdrjixkRQOhQXP7ZK2g8Y7jXUwoiAx2watkZbw=
-----END CERTIFICATE-----