Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9b945aa5-f3a0-4a2c-959a-d24bc8876049.roa
File:                     9b945aa5-f3a0-4a2c-959a-d24bc8876049.roa (raw, json)
Hash identifier:          IOA02Uiq7ggFr7nT6/F2LMMZVJiwfik+uIY9/THV8A4=
Subject key identifier:   50:E0:8A:10:E3:D0:E7:29:E6:19:5E:F2:C8:DC:F0:0D:8F:C2:C6:F6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       56F3870EBC9857D50166B1849230AA023CB2252B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9b945aa5-f3a0-4a2c-959a-d24bc8876049.roa
Signing time:             Sat 09 Sep 2023 00:00:00 +0000
ROA not before:           Sat 09 Sep 2023 00:00:00 +0000
ROA not after:            Sat 14 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:f3:87:0e:bc:98:57:d5:01:66:b1:84:92:30:aa:02:3c:b2:25:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  9 00:00:00 2023 GMT
            Not After : Oct 14 23:59:59 2023 GMT
        Subject: serialNumber=4f6afb11030714c99ab6c634e7e0a1a8ab751d412dc230abb0e52371898ccec5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c6:c7:b4:9b:b8:1f:30:dd:ab:68:d4:61:60:
                    01:cd:56:12:ee:54:eb:68:f1:72:56:49:48:f9:c5:
                    ae:dd:70:d1:d7:4b:43:90:be:a6:f3:88:97:03:2e:
                    b6:f3:32:1f:6a:ce:d4:66:e3:cf:ea:a0:a9:8e:33:
                    08:a6:68:2f:1b:f7:cc:60:2a:e9:03:6a:73:b9:4c:
                    96:1e:8a:a0:0d:6f:af:f1:07:ff:45:32:eb:ca:1b:
                    33:31:5d:a1:a7:6a:e3:76:b0:46:4c:4c:a2:88:a6:
                    5f:a6:91:e9:c1:e9:5e:eb:15:3e:57:51:e3:b1:d1:
                    a1:28:1c:a3:6c:76:4e:71:04:14:5d:85:7a:42:2e:
                    2d:d6:c2:15:d1:6c:4b:72:2b:12:3e:5f:91:e7:25:
                    18:be:cd:0c:a2:f9:49:e5:de:36:a9:44:51:77:c1:
                    d1:3a:a7:bc:04:55:86:b9:33:5d:8e:f3:66:b3:a9:
                    ee:91:6e:84:4e:40:ec:44:60:98:51:7a:eb:dd:d9:
                    80:17:a2:ce:13:77:2f:cb:90:07:fc:06:27:eb:ec:
                    56:41:b4:c8:d1:f5:d0:a3:18:37:22:2a:59:9f:de:
                    a0:27:4d:20:f1:db:03:2b:52:f7:72:81:23:b2:25:
                    a1:77:86:59:1c:1f:1b:f1:00:29:eb:7d:e9:0c:bf:
                    79:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E0:8A:10:E3:D0:E7:29:E6:19:5E:F2:C8:DC:F0:0D:8F:C2:C6:F6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9b945aa5-f3a0-4a2c-959a-d24bc8876049.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:b2:90:d3:fd:70:56:4a:b8:94:a4:2b:a7:b1:c0:26:42:5a:
         37:c7:66:47:33:e6:2a:00:bb:e2:81:96:9f:5c:1d:a0:0b:16:
         6b:1b:4d:52:2b:b2:73:67:72:1d:24:6e:0e:15:a9:4d:ae:30:
         01:c9:f7:64:7d:a2:15:76:6d:00:29:3a:6c:05:e0:7b:ac:a4:
         36:24:f1:59:31:e2:75:ed:0a:65:41:d4:1c:92:bf:fb:86:eb:
         3d:b4:ff:0f:f6:99:2c:be:9b:90:1a:e3:56:a7:a8:92:16:6a:
         0d:df:77:b3:dc:fa:af:f9:da:a5:cd:e0:1d:60:b1:f1:cf:97:
         a6:d7:ba:ca:02:b6:34:f2:83:2b:76:45:ea:47:98:1b:43:a1:
         b8:ec:a3:2d:85:46:a7:8e:c3:06:62:c1:18:5d:26:92:a9:6d:
         db:00:d7:fb:4e:31:92:e3:9b:8d:f2:c6:13:7e:dd:e1:eb:65:
         16:41:75:f4:6c:49:d5:84:98:06:03:fe:4d:b8:75:2c:43:40:
         9e:3e:8a:23:bd:8c:57:51:a2:20:6d:35:0e:aa:92:aa:2f:9c:
         f9:95:f1:bd:d3:90:c7:58:09:8c:37:b4:89:dc:b9:79:af:8c:
         23:97:ce:4d:9d:30:74:08:86:38:cd:98:68:a5:bb:dc:c3:46:
         e0:e0:d2:02
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVvOHDryYV9UBZrGEkjCqAjyyJSswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA5MDAwMDAwWhcNMjMxMDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZjZhZmIxMTAzMDcxNGM5OWFiNmM2MzRlN2UwYTFhOGFi
NzUxZDQxMmRjMjMwYWJiMGU1MjM3MTg5OGNjZWM1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSxse0m7gfMN2raNRhYAHNVhLuVOto8XJWSUj5xa7dcNHX
S0OQvqbziJcDLrbzMh9qztRm48/qoKmOMwimaC8b98xgKukDanO5TJYeiqANb6/x
B/9FMuvKGzMxXaGnauN2sEZMTKKIpl+mkenB6V7rFT5XUeOx0aEoHKNsdk5xBBRd
hXpCLi3WwhXRbEtyKxI+X5HnJRi+zQyi+Unl3japRFF3wdE6p7wEVYa5M12O82az
qe6RboROQOxEYJhReuvd2YAXos4Tdy/LkAf8Bifr7FZBtMjR9dCjGDciKlmf3qAn
TSDx2wMrUvdygSOyJaF3hlkcHxvxACnrfekMv3lvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUOCKEOPQ5ynmGV7yyNzwDY/CxvYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzliOTQ1YWE1LWYzYTAtNGEyYy05NTlhLWQyNGJjODg3NjA0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIaykNP9cFZKuJSkK6exwCZCWjfH
Zkcz5ioAu+KBlp9cHaALFmsbTVIrsnNnch0kbg4VqU2uMAHJ92R9ohV2bQApOmwF
4HuspDYk8Vkx4nXtCmVB1BySv/uG6z20/w/2mSy+m5Aa41anqJIWag3fd7Pc+q/5
2qXN4B1gsfHPl6bXusoCtjTygyt2RepHmBtDobjsoy2FRqeOwwZiwRhdJpKpbdsA
1/tOMZLjm43yxhN+3eHrZRZBdfRsSdWEmAYD/k24dSxDQJ4+iiO9jFdRoiBtNQ6q
kqovnPmV8b3TkMdYCYw3tIncuXmvjCOXzk2dMHQIhjjNmGilu9zDRuDg0gI=
-----END CERTIFICATE-----