Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/89f9bbec-aa14-447a-b053-aae8d19a5142.roa
File:                     89f9bbec-aa14-447a-b053-aae8d19a5142.roa (raw, json)
Hash identifier:          d9opsvh4V4Holc69oUAl5dSiSC0MxEu6cv4wHBCHZpE=
Subject key identifier:   A0:57:7C:F5:BE:F5:46:6C:0B:CD:96:57:A5:91:5B:03:16:DF:E6:D4
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3421B8FE4DA74117E00C11A03525FB66CFB4D7F0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/89f9bbec-aa14-447a-b053-aae8d19a5142.roa
Signing time:             Sun 29 Oct 2023 00:00:00 +0000
ROA not before:           Sun 29 Oct 2023 00:00:00 +0000
ROA not after:            Sun 03 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:21:b8:fe:4d:a7:41:17:e0:0c:11:a0:35:25:fb:66:cf:b4:d7:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 29 00:00:00 2023 GMT
            Not After : Dec  3 23:59:59 2023 GMT
        Subject: serialNumber=4cddde8cd1f86bb8efa1d83d844a77b90c09347235fb23c854de0ca03f081b52, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:82:39:c7:bb:c7:80:8d:f9:89:35:ba:61:7b:
                    69:9a:51:63:18:b5:97:a6:e2:75:7c:4e:3b:29:cb:
                    7a:8c:17:c5:3d:80:29:70:af:14:fa:83:6a:2b:94:
                    a0:92:2d:6b:bc:39:e0:33:54:c0:4c:76:c8:62:52:
                    6a:fe:89:08:c2:dd:7b:98:d3:92:11:58:82:21:84:
                    19:07:e3:bb:34:76:f6:ae:c5:88:4b:5e:d1:c9:b5:
                    4b:65:2c:23:8f:5c:c2:5e:cc:f5:f0:2d:b1:2e:b9:
                    e8:8a:d0:59:d0:94:e4:2b:a8:b8:f2:af:ba:05:54:
                    21:ec:a3:31:63:0b:c2:d8:40:b1:24:8f:35:75:ad:
                    b0:48:6d:80:e7:1d:73:36:d7:14:2c:e6:e8:ef:47:
                    18:7f:cd:fe:ea:17:99:6c:d8:f2:69:7c:e8:75:30:
                    83:13:0d:1a:79:53:6b:72:7e:31:4d:21:d2:90:a0:
                    2f:15:bb:c2:ec:a4:35:a7:a3:6d:eb:cb:71:20:78:
                    f3:e5:cc:bf:ee:f6:c9:8f:59:ef:87:f7:a5:0e:9c:
                    b0:51:e3:36:65:e3:51:dc:39:a9:47:5e:6a:49:51:
                    50:1d:1d:5b:ce:00:91:1d:6b:f3:fe:63:88:09:c9:
                    97:8b:68:e1:e0:75:51:75:4a:1b:ee:23:42:58:a1:
                    82:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:57:7C:F5:BE:F5:46:6C:0B:CD:96:57:A5:91:5B:03:16:DF:E6:D4
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/89f9bbec-aa14-447a-b053-aae8d19a5142.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:ce:b6:85:54:a9:65:a4:9e:7a:44:f4:13:b2:44:e2:85:a5:
         4c:04:17:da:3a:af:8d:36:8e:90:15:8f:9f:01:b6:9c:83:c3:
         aa:d5:33:76:33:18:a3:68:b9:6d:fe:d6:2b:66:6f:60:41:af:
         85:e9:50:c9:b2:99:ee:11:25:02:8e:ca:fd:af:29:70:17:79:
         6f:0a:cd:b0:cb:60:6a:16:d9:41:15:a2:0f:2e:b2:bd:17:7f:
         48:ef:13:31:4b:99:6c:00:d1:73:1a:91:da:14:6f:32:cd:d1:
         bc:31:84:d8:1e:03:61:91:c9:23:5c:7d:a7:ae:1d:a8:89:fa:
         06:6e:25:00:45:04:ac:2e:ed:7e:68:78:89:44:a2:c5:73:48:
         68:a1:e8:73:98:28:97:0b:25:c0:c0:08:0e:a0:0f:99:9f:15:
         2f:c7:e3:69:f5:cf:9e:f0:01:aa:09:c2:16:c8:81:27:5c:3f:
         21:dc:7e:6c:fe:6c:e4:02:70:e0:ff:d0:6f:03:39:8d:37:e6:
         50:a7:5f:e9:7f:b7:24:0a:eb:c0:8c:c0:8c:47:20:db:06:64:
         a6:8f:e8:d6:64:fc:60:7d:39:f2:63:05:72:3e:0a:7d:db:58:
         c5:0d:f3:0a:50:49:1a:b8:89:0d:2b:54:ab:9c:dd:da:25:ed:
         7a:d5:d0:7c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNCG4/k2nQRfgDBGgNSX7Zs+01/AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI5MDAwMDAwWhcNMjMxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0Y2RkZGU4Y2QxZjg2YmI4ZWZhMWQ4M2Q4NDRhNzdiOTBj
MDkzNDcyMzVmYjIzYzg1NGRlMGNhMDNmMDgxYjUyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7gjnHu8eAjfmJNbphe2maUWMYtZem4nV8Tjspy3qMF8U9
gClwrxT6g2orlKCSLWu8OeAzVMBMdshiUmr+iQjC3XuY05IRWIIhhBkH47s0dvau
xYhLXtHJtUtlLCOPXMJezPXwLbEuueiK0FnQlOQrqLjyr7oFVCHsozFjC8LYQLEk
jzV1rbBIbYDnHXM21xQs5ujvRxh/zf7qF5ls2PJpfOh1MIMTDRp5U2tyfjFNIdKQ
oC8Vu8LspDWno23ry3EgePPlzL/u9smPWe+H96UOnLBR4zZl41HcOalHXmpJUVAd
HVvOAJEda/P+Y4gJyZeLaOHgdVF1ShvuI0JYoYL3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoFd89b71RmwLzZZXpZFbAxbf5tQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg5ZjliYmVjLWFhMTQtNDQ3YS1iMDUzLWFhZThkMTlhNTE0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACzOtoVUqWWknnpE9BOyROKFpUwE
F9o6r402jpAVj58BtpyDw6rVM3YzGKNouW3+1itmb2BBr4XpUMmyme4RJQKOyv2v
KXAXeW8KzbDLYGoW2UEVog8usr0Xf0jvEzFLmWwA0XMakdoUbzLN0bwxhNgeA2GR
ySNcfaeuHaiJ+gZuJQBFBKwu7X5oeIlEosVzSGih6HOYKJcLJcDACA6gD5mfFS/H
42n1z57wAaoJwhbIgSdcPyHcfmz+bOQCcOD/0G8DOY035lCnX+l/tyQK68CMwIxH
INsGZKaP6NZk/GB9OfJjBXI+Cn3bWMUN8wpQSRq4iQ0rVKuc3dol7XrV0Hw=
-----END CERTIFICATE-----