Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82b2268f-9dad-46d8-979b-f60965aa17fc.roa
File:                     82b2268f-9dad-46d8-979b-f60965aa17fc.roa (raw, json)
Hash identifier:          NDZyxzMUiTYKSR/t08MBx3sNAGIroXFIkJVNtzTAE0g=
Subject key identifier:   BF:53:4B:E1:DB:E6:4B:2E:01:5A:A4:51:58:B1:0C:20:2D:45:7B:3E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6C0FE49E668DFBCF3E453C8AE51B889BC23ED67C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82b2268f-9dad-46d8-979b-f60965aa17fc.roa
Signing time:             Wed 18 Oct 2023 00:00:00 +0000
ROA not before:           Wed 18 Oct 2023 00:00:00 +0000
ROA not after:            Wed 22 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:0f:e4:9e:66:8d:fb:cf:3e:45:3c:8a:e5:1b:88:9b:c2:3e:d6:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 18 00:00:00 2023 GMT
            Not After : Nov 22 23:59:59 2023 GMT
        Subject: serialNumber=8afbee254bb8e193cbb8b9aa5835cea175a23073d36bfd3c45b2992abda45a45, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:8d:c8:be:d5:43:11:df:f4:a0:48:8f:ee:66:
                    6b:c2:3a:6a:33:39:c1:ff:a3:92:06:50:1b:c3:53:
                    1f:4c:ca:51:29:21:5d:9f:bd:bf:2c:92:2c:13:41:
                    9c:c1:57:ce:89:d4:ac:35:d7:53:bf:62:f6:fb:28:
                    b0:49:92:2c:e6:37:40:41:f5:0b:68:39:fd:d3:8b:
                    4e:c7:d2:17:07:a4:b4:5a:e0:9f:15:5c:8a:42:a5:
                    ad:ad:f6:26:66:0d:78:7a:f0:7d:3d:2e:01:31:64:
                    7d:47:43:28:2d:0f:22:c1:c3:eb:3c:16:40:0d:35:
                    5d:d3:02:c1:e6:9b:34:a6:ba:f1:f6:9d:b5:4b:23:
                    7a:33:ad:0d:3d:07:ca:c5:c4:77:4e:d3:b6:f9:b8:
                    df:52:ca:74:68:87:fb:8a:b3:6c:fb:95:51:0a:7c:
                    67:e8:50:86:e1:78:36:de:b1:fc:9e:ea:97:43:20:
                    3b:42:1b:83:f0:d9:30:ae:49:a8:fe:96:a5:d2:b5:
                    bc:e5:0e:da:b8:92:59:eb:e1:ef:68:d4:34:d2:92:
                    f9:93:7e:8f:ff:5c:3d:f5:fe:8e:a0:f0:ea:4e:cc:
                    84:80:ce:4c:6b:1c:ca:87:91:0c:5a:e5:1d:5a:31:
                    b0:82:55:e1:30:99:2a:8e:ac:9b:9a:64:49:40:08:
                    98:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:53:4B:E1:DB:E6:4B:2E:01:5A:A4:51:58:B1:0C:20:2D:45:7B:3E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82b2268f-9dad-46d8-979b-f60965aa17fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:c0:1e:ef:0a:91:1e:0e:63:ee:d5:63:10:4d:a6:ad:e0:df:
         13:d3:18:16:b5:e7:12:92:d8:be:62:c1:8d:24:f6:db:61:8a:
         ac:24:6c:a7:f2:bf:9d:43:ac:ca:c3:b7:72:c6:a3:ad:02:84:
         23:b1:ef:2b:df:5a:cc:da:e1:20:6e:fa:66:b8:78:a4:03:88:
         82:66:53:4d:43:6d:e8:0c:dd:64:a0:c8:46:e7:25:f2:b2:8b:
         00:0b:b3:35:7d:a2:d8:62:66:fb:f4:d9:11:a3:37:ce:7a:0b:
         81:d2:6d:4c:ce:8e:e7:e9:fe:3f:98:ae:73:e0:68:fa:85:ae:
         1d:da:f4:41:41:76:2a:12:51:cc:86:90:6e:a1:73:86:0e:3b:
         6c:75:42:27:35:4d:c7:ca:45:4e:45:bb:fc:c5:6b:25:73:dd:
         1e:05:48:74:db:2b:fb:0e:18:2d:3e:d2:07:1f:61:ee:25:d8:
         9a:25:10:68:08:fc:6a:b8:d0:68:66:20:82:f2:f0:99:48:70:
         08:d9:c0:65:7c:4e:b3:9d:a0:e2:34:95:0c:96:99:4b:f8:65:
         d7:a7:72:a3:2b:4f:c4:29:25:48:d3:0e:6d:4d:da:96:fa:09:
         5c:14:02:98:fa:b6:a1:3a:bd:ab:45:4a:ab:2e:35:c9:72:fa:
         3a:b1:a3:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbA/knmaN+88+RTyK5RuIm8I+1nwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE4MDAwMDAwWhcNMjMxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YWZiZWUyNTRiYjhlMTkzY2JiOGI5YWE1ODM1Y2VhMTc1
YTIzMDczZDM2YmZkM2M0NWIyOTkyYWJkYTQ1YTQ1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDljci+1UMR3/SgSI/uZmvCOmozOcH/o5IGUBvDUx9MylEp
IV2fvb8skiwTQZzBV86J1Kw111O/Yvb7KLBJkizmN0BB9QtoOf3Ti07H0hcHpLRa
4J8VXIpCpa2t9iZmDXh68H09LgExZH1HQygtDyLBw+s8FkANNV3TAsHmmzSmuvH2
nbVLI3ozrQ09B8rFxHdO07b5uN9SynRoh/uKs2z7lVEKfGfoUIbheDbesfye6pdD
IDtCG4Pw2TCuSaj+lqXStbzlDtq4klnr4e9o1DTSkvmTfo//XD31/o6g8OpOzISA
zkxrHMqHkQxa5R1aMbCCVeEwmSqOrJuaZElACJjxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUv1NL4dvmSy4BWqRRWLEMIC1Fez4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyYjIyNjhmLTlkYWQtNDZkOC05NzliLWY2MDk2NWFhMTdmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAATAHu8KkR4OY+7VYxBNpq3g3xPT
GBa15xKS2L5iwY0k9tthiqwkbKfyv51DrMrDt3LGo60ChCOx7yvfWsza4SBu+ma4
eKQDiIJmU01DbegM3WSgyEbnJfKyiwALszV9othiZvv02RGjN856C4HSbUzOjufp
/j+YrnPgaPqFrh3a9EFBdioSUcyGkG6hc4YOO2x1Qic1TcfKRU5Fu/zFayVz3R4F
SHTbK/sOGC0+0gcfYe4l2JolEGgI/Gq40GhmIILy8JlIcAjZwGV8TrOdoOI0lQyW
mUv4ZdencqMrT8QpJUjTDm1N2pb6CVwUApj6tqE6vatFSqsuNcly+jqxo/Y=
-----END CERTIFICATE-----