Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8ec3582c-df71-4424-abb5-390726ab70bb.roa
File:                     8ec3582c-df71-4424-abb5-390726ab70bb.roa (raw, json)
Hash identifier:          2dmhOvJNLj3pdaaJvuo7vYwxtFzt5KnFvYYEyM2i6dE=
Subject key identifier:   DA:1E:39:47:44:76:51:90:04:FE:9D:E8:62:FE:77:03:F1:63:5D:97
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       57F01A927AFCD4ECB0EA6005164AEA6B8206A3B2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8ec3582c-df71-4424-abb5-390726ab70bb.roa
Signing time:             Wed 06 Sep 2023 00:00:00 +0000
ROA not before:           Wed 06 Sep 2023 00:00:00 +0000
ROA not after:            Wed 11 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:f0:1a:92:7a:fc:d4:ec:b0:ea:60:05:16:4a:ea:6b:82:06:a3:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  6 00:00:00 2023 GMT
            Not After : Oct 11 23:59:59 2023 GMT
        Subject: serialNumber=336d2b7d718c9129c10bcfbae2549829481ba8abb9ce8473ffc5fac9d2c39d2e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9d:1f:de:42:cf:97:73:ac:d2:18:a8:9f:dd:
                    41:a1:78:6e:c1:fd:d8:5e:1c:a3:0a:41:d3:3f:ac:
                    14:75:fd:58:5c:74:0c:78:68:65:e9:77:35:31:71:
                    6c:64:bd:33:9e:d1:ce:ee:e1:1f:fe:9a:56:4e:e5:
                    7c:bb:24:bc:1c:45:3c:df:f2:f2:97:d0:37:eb:09:
                    fc:7c:4b:8a:0a:e2:1c:c2:55:4d:fd:f5:ae:5b:d6:
                    81:d1:0c:01:ce:39:f4:60:54:75:00:5b:2a:d6:96:
                    24:5d:da:31:60:a8:a5:17:2e:5e:0a:ee:c2:2f:fc:
                    96:74:62:cd:7a:d2:ed:df:ca:87:39:25:72:53:8f:
                    e6:41:93:a9:1e:87:f1:8e:23:43:07:d4:83:a1:7e:
                    da:63:60:d4:d7:b7:3a:bf:38:d5:d7:86:51:10:9b:
                    2b:40:35:0d:f2:0a:a9:6b:bc:ba:88:93:56:3a:2a:
                    0e:cd:e0:f9:30:0e:c4:98:94:ad:82:d3:ce:39:d7:
                    5a:48:9f:6b:15:67:b9:b5:6d:f3:5e:66:3e:4e:d7:
                    f0:51:fc:35:e8:1b:3e:ca:5d:78:53:9a:17:49:58:
                    ea:bd:f6:b5:a6:b1:38:f9:7f:75:cf:3a:eb:fe:a0:
                    21:1f:a6:0d:1a:df:81:92:27:43:4f:de:04:ee:37:
                    10:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:1E:39:47:44:76:51:90:04:FE:9D:E8:62:FE:77:03:F1:63:5D:97
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8ec3582c-df71-4424-abb5-390726ab70bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:e3:dd:8b:0d:75:51:22:ce:e1:35:3e:cf:12:f2:f1:83:76:
         c6:d3:41:c9:34:99:90:31:6a:00:5d:8a:a4:3d:a8:a3:b8:13:
         5d:0f:fe:0f:c7:9b:ab:f0:c9:3e:3f:a8:83:53:10:bb:7b:b1:
         6e:d1:87:4f:cc:da:05:40:92:4f:9f:f7:20:ca:97:9d:6f:cc:
         3b:23:fc:74:9f:9b:c9:d7:a2:aa:17:1e:c3:51:97:09:c9:50:
         77:87:2f:64:fd:e8:65:0e:2d:b0:81:b4:9f:5e:ee:ba:27:36:
         a4:08:96:02:0e:bc:e3:99:34:68:4d:d1:03:d7:bb:80:9e:d6:
         34:65:41:59:79:4a:ed:38:e3:b1:54:24:7e:75:bf:54:03:ec:
         c9:3b:3c:c7:c4:10:c3:d9:70:e5:40:4e:f5:8c:8b:3b:4b:fb:
         fc:84:2b:fa:4c:4d:08:24:9d:5a:1b:a7:84:87:80:fb:50:28:
         dc:cf:ac:d4:34:88:d1:66:a4:11:96:39:64:0e:e2:50:34:1e:
         53:fa:dd:26:9c:13:e0:a1:d5:73:46:06:d0:b8:32:aa:f4:03:
         ad:0a:ff:d4:ec:59:b5:da:c4:e9:70:ca:7e:e5:09:91:d0:60:
         d0:f2:db:50:fb:fa:4a:16:25:5e:a2:62:cc:fc:c8:d5:a6:cf:
         ed:43:d3:1c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV/Aaknr81Oyw6mAFFkrqa4IGo7IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA2MDAwMDAwWhcNMjMxMDExMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzZkMmI3ZDcxOGM5MTI5YzEwYmNmYmFlMjU0OTgyOTQ4
MWJhOGFiYjljZTg0NzNmZmM1ZmFjOWQyYzM5ZDJlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfnR/eQs+Xc6zSGKif3UGheG7B/dheHKMKQdM/rBR1/Vhc
dAx4aGXpdzUxcWxkvTOe0c7u4R/+mlZO5Xy7JLwcRTzf8vKX0DfrCfx8S4oK4hzC
VU399a5b1oHRDAHOOfRgVHUAWyrWliRd2jFgqKUXLl4K7sIv/JZ0Ys160u3fyoc5
JXJTj+ZBk6keh/GOI0MH1IOhftpjYNTXtzq/ONXXhlEQmytANQ3yCqlrvLqIk1Y6
Kg7N4PkwDsSYlK2C084511pIn2sVZ7m1bfNeZj5O1/BR/DXoGz7KXXhTmhdJWOq9
9rWmsTj5f3XPOuv+oCEfpg0a34GSJ0NP3gTuNxAXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2h45R0R2UZAE/p3oYv53A/FjXZcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhlYzM1ODJjLWRmNzEtNDQyNC1hYmI1LTM5MDcyNmFiNzBiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADbj3YsNdVEizuE1Ps8S8vGDdsbT
Qck0mZAxagBdiqQ9qKO4E10P/g/Hm6vwyT4/qINTELt7sW7Rh0/M2gVAkk+f9yDK
l51vzDsj/HSfm8nXoqoXHsNRlwnJUHeHL2T96GUOLbCBtJ9e7ronNqQIlgIOvOOZ
NGhN0QPXu4Ce1jRlQVl5Su0447FUJH51v1QD7Mk7PMfEEMPZcOVATvWMiztL+/yE
K/pMTQgknVobp4SHgPtQKNzPrNQ0iNFmpBGWOWQO4lA0HlP63SacE+Ch1XNGBtC4
Mqr0A60K/9TsWbXaxOlwyn7lCZHQYNDy21D7+koWJV6iYsz8yNWmz+1D0xw=
-----END CERTIFICATE-----