Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/85dddf15-68de-4a7f-8602-962f2ec8892e.roa
File:                     85dddf15-68de-4a7f-8602-962f2ec8892e.roa (raw, json)
Hash identifier:          3l+9ra1zsHJ/xT2TmGsFl1mWzlWi29vCwgOdOv0y2VQ=
Subject key identifier:   3D:9C:FA:47:2E:0A:6D:7D:60:FC:0C:56:F8:A2:82:D1:55:01:19:4E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       140948D861A1A148E58A9725439FDCC77C3EE9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/85dddf15-68de-4a7f-8602-962f2ec8892e.roa
Signing time:             Fri 13 Oct 2023 00:00:00 +0000
ROA not before:           Fri 13 Oct 2023 00:00:00 +0000
ROA not after:            Fri 17 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:09:48:d8:61:a1:a1:48:e5:8a:97:25:43:9f:dc:c7:7c:3e:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 13 00:00:00 2023 GMT
            Not After : Nov 17 23:59:59 2023 GMT
        Subject: serialNumber=7d35ac7a92427a09617f2144c69b487b322be7e9c5070872f90fc3af2121e4a6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4c:74:b7:ea:b2:e8:ba:42:73:17:67:f0:10:
                    ec:87:f6:31:d0:b4:c9:58:bf:db:7b:25:83:bd:e6:
                    0f:62:df:31:dc:7d:22:1c:e9:09:72:16:8e:36:93:
                    59:64:15:1f:f5:30:dd:3d:40:47:d6:0e:46:7a:91:
                    62:d8:1e:d1:7f:b4:64:be:ed:3c:14:cd:19:a8:5f:
                    16:71:49:e8:37:1b:10:87:b5:88:4c:9b:96:5b:b4:
                    2c:54:6f:11:2d:3b:29:21:89:5a:df:4b:23:50:61:
                    48:44:76:c9:74:d2:7d:9b:7c:87:3b:94:69:a8:64:
                    2d:55:5f:86:f3:af:82:5d:f4:72:27:8b:df:7f:4a:
                    0d:b2:0d:a7:2e:47:43:9d:b2:dc:35:de:40:b8:7a:
                    2f:83:5a:d4:00:41:54:66:ca:28:c6:d4:b9:fc:ad:
                    d9:c9:b3:89:93:17:b6:fc:d7:58:a4:ed:49:42:df:
                    66:ef:90:3b:44:1a:29:df:d1:bb:39:f2:27:24:e6:
                    fa:00:83:40:d7:c5:dd:a9:fa:d5:ee:e8:ae:d5:36:
                    3e:7e:d0:37:fd:73:10:02:9a:f2:98:dd:9f:5a:fc:
                    16:2d:51:7f:02:66:be:db:d6:c6:93:42:5a:94:41:
                    df:d4:a2:3f:59:35:4c:92:01:e8:fa:11:2e:81:d3:
                    57:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:9C:FA:47:2E:0A:6D:7D:60:FC:0C:56:F8:A2:82:D1:55:01:19:4E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/85dddf15-68de-4a7f-8602-962f2ec8892e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:e6:1b:87:dc:d4:4d:5b:8a:10:98:7e:a7:c8:c6:72:9c:80:
         22:d3:82:a7:99:fe:6b:fb:8c:7c:c7:98:36:c4:1b:79:7f:11:
         9c:08:1a:85:f8:04:9f:bb:ad:87:2a:19:5c:3f:30:e5:df:7f:
         fc:2d:1f:1e:17:4c:a6:af:9b:76:f5:a4:82:e6:26:8a:c4:a8:
         51:aa:a1:df:25:1f:c0:ba:b9:79:d3:f8:2f:4c:c0:d7:ee:78:
         ee:02:f3:fe:de:e7:67:83:ba:fd:e8:34:af:0c:8f:31:b2:1e:
         39:59:7a:ca:1e:53:9f:6a:6f:73:d0:51:ba:c6:f3:6a:74:86:
         9f:32:98:bc:82:eb:e5:9a:29:20:31:f7:32:65:92:07:33:7f:
         35:a2:c4:c5:81:bf:17:b8:91:58:5b:e9:12:e1:c7:f1:90:4b:
         30:25:6a:38:7d:66:84:cc:1a:09:44:7a:b0:ba:ec:f2:4c:6a:
         fb:a7:0b:09:65:b7:be:38:c8:49:d6:75:e8:87:f8:a6:54:41:
         ce:d0:15:a4:2f:e8:07:53:dd:d8:35:82:1a:46:2e:f8:7b:89:
         f0:67:a4:70:90:c3:c6:62:42:c6:1f:5f:11:38:b1:ca:a2:15:
         af:64:73:ff:33:81:53:0b:ff:5f:0b:a1:40:98:1b:5b:ef:80:
         0f:ee:c2:14
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITFAlI2GGhoUjlipclQ5/cx3w+6TANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzIyNzhhYWI4NzhmMjY2MmNlMTRlOTA1ZTE4ZWJjYjc1MjJm
OTJiMzY4NGJjNDg2NWI0ZDAeFw0yMzEwMTMwMDAwMDBaFw0yMzExMTcyMzU5NTla
MHoxSTBHBgNVBAUTQDdkMzVhYzdhOTI0MjdhMDk2MTdmMjE0NGM2OWI0ODdiMzIy
YmU3ZTljNTA3MDg3MmY5MGZjM2FmMjEyMWU0YTYxLTArBgNVBAMTJGMwY2UyM2Vh
LTQzZmMtNGJlNC1iZWVlLWMwMTQ3ODEyMmEwZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ5MdLfqsui6QnMXZ/AQ7If2MdC0yVi/23slg73mD2LfMdx9
IhzpCXIWjjaTWWQVH/Uw3T1AR9YORnqRYtge0X+0ZL7tPBTNGahfFnFJ6DcbEIe1
iEybllu0LFRvES07KSGJWt9LI1BhSER2yXTSfZt8hzuUaahkLVVfhvOvgl30cieL
339KDbINpy5HQ52y3DXeQLh6L4Na1ABBVGbKKMbUufyt2cmziZMXtvzXWKTtSULf
Zu+QO0QaKd/RuznyJyTm+gCDQNfF3an61e7ortU2Pn7QN/1zEAKa8pjdn1r8Fi1R
fwJmvtvWxpNCWpRB39SiP1k1TJIB6PoRLoHTV1kCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBQ9nPpHLgptfWD8DFb4ooLRVQEZTjAfBgNVHSMEGDAWgBRVqN1F2UQT+dGS
9Sxjzoz7xhSWuDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzE0MzNlYmZmLWRm
ZDYtNGM1Yy1iN2ZmLTk5Yzg1MTM5ZDRhOC8yNzhhYWI4NzhmMjY2MmNlMTRlOTA1
ZTE4ZWJjYjc1MjJmOTJiMzY4NGJjNDg2NWI0ZC5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8xNmYxZmZlZS03NDYxLTQ2NzQtYmIwNS1mZGRl
ZmE5YTAyYzYvODVkZGRmMTUtNjhkZS00YTdmLTg2MDItOTYyZjJlYzg4OTJlLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUt
ZmRkZWZhOWEwMmM2L0ptTE9GT2tGNFk2OHQxSXZrck5vUzhTR1cwMC5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMckeDANBgkqhkiG9w0BAQsFAAOCAQEAq+Ybh9zUTVuKEJh+p8jGcpyAItOC
p5n+a/uMfMeYNsQbeX8RnAgahfgEn7uthyoZXD8w5d9//C0fHhdMpq+bdvWkguYm
isSoUaqh3yUfwLq5edP4L0zA1+547gLz/t7nZ4O6/eg0rwyPMbIeOVl6yh5Tn2pv
c9BRusbzanSGnzKYvILr5ZopIDH3MmWSBzN/NaLExYG/F7iRWFvpEuHH8ZBLMCVq
OH1mhMwaCUR6sLrs8kxq+6cLCWW3vjjISdZ16If4plRBztAVpC/oB1Pd2DWCGkYu
+HuJ8GekcJDDxmJCxh9fETixyqIVr2Rz/zOBUwv/XwuhQJgbW++AD+7CFA==
-----END CERTIFICATE-----