Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d3babba-d14b-48f0-a523-a2de5cb42338.roa
File:                     9d3babba-d14b-48f0-a523-a2de5cb42338.roa (raw, json)
Hash identifier:          u1q/sA3gdXR+gxCCGNGGcIf5lF+vpBwOFf7cchEMVUo=
Subject key identifier:   21:59:C9:1C:DD:D3:EC:83:9E:53:63:B1:88:B0:A5:EB:08:93:86:34
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3AC672108A4C49CF1D77D7D52C281C62E74FAA08
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d3babba-d14b-48f0-a523-a2de5cb42338.roa
Signing time:             Wed 27 Sep 2023 00:00:00 +0000
ROA not before:           Wed 27 Sep 2023 00:00:00 +0000
ROA not after:            Wed 01 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:c6:72:10:8a:4c:49:cf:1d:77:d7:d5:2c:28:1c:62:e7:4f:aa:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 27 00:00:00 2023 GMT
            Not After : Nov  1 23:59:59 2023 GMT
        Subject: serialNumber=81bf7b4c224bc1e73b660baa5fd6840b0b71887f3e5b2622b3b8adf76703054e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:87:ba:c2:58:9b:f6:26:d2:a2:38:c8:96:3c:
                    a4:50:25:7d:f4:29:75:4d:22:5a:96:53:2b:bd:1d:
                    ff:4d:e3:10:b5:3b:18:96:62:33:d6:d3:3e:4f:15:
                    76:26:41:d8:24:47:f4:19:eb:88:d1:38:64:6e:67:
                    ab:05:99:21:35:71:6e:7e:d5:1f:08:35:c5:76:79:
                    7e:9f:8c:36:bc:a6:2e:a1:2b:8e:b6:bc:31:16:08:
                    3a:36:1b:e1:7f:10:25:94:f5:48:94:8a:d2:ec:10:
                    32:3f:e3:4f:91:cb:ff:76:9d:1f:6b:da:f1:30:a0:
                    f8:f1:39:6a:38:c5:b2:97:c3:d3:3d:fc:7a:a9:87:
                    ef:53:9a:03:b2:50:f4:0c:cc:6e:6e:5a:58:46:c3:
                    a0:a6:6b:4c:d5:da:21:33:95:c6:08:21:fe:c0:c5:
                    bc:f6:db:bf:86:5c:08:28:f3:f1:3d:d6:cc:ad:91:
                    d2:35:9c:2d:d2:cc:94:04:24:ad:c4:93:17:f8:fe:
                    e1:2b:ba:78:9b:e9:9d:20:8b:9a:df:3b:4e:61:fd:
                    a4:40:78:43:e8:e3:7e:ed:54:57:58:cc:22:6e:6d:
                    97:12:d2:36:5a:ac:d9:68:82:92:55:29:de:9a:a6:
                    93:87:8d:b1:95:b8:fe:b8:d7:e2:7a:77:8a:26:1c:
                    1c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:59:C9:1C:DD:D3:EC:83:9E:53:63:B1:88:B0:A5:EB:08:93:86:34
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d3babba-d14b-48f0-a523-a2de5cb42338.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:25:ea:70:fc:53:07:88:f2:7a:22:35:56:9c:13:79:5a:ac:
         67:d9:58:c6:a8:c5:f5:9b:3c:88:d2:8e:09:fa:b8:27:78:e7:
         c0:cc:a3:6b:c2:bd:dd:16:64:e9:07:e7:35:56:4f:79:68:e1:
         92:8f:8a:67:a9:92:94:32:9e:39:1a:eb:63:30:4b:a7:49:e7:
         81:e8:1e:d0:67:5e:5f:94:d2:a4:9a:2f:65:48:49:74:4a:64:
         f9:11:d5:91:75:75:ef:7f:e8:ab:6b:2d:1b:ad:aa:a9:7f:64:
         53:2f:2b:c9:97:b4:06:f2:73:80:2f:34:40:1d:36:b3:70:63:
         d6:d9:70:1f:19:0d:98:f7:2f:84:9a:81:bc:45:54:0d:4a:a4:
         81:bb:70:49:78:be:e6:c3:8f:39:aa:d2:16:ea:f4:48:86:15:
         b2:ca:db:90:30:ea:8b:d4:7d:31:39:2f:f8:3b:67:0d:fc:55:
         b1:b5:5d:ac:ff:d1:3a:90:cc:87:92:8c:7f:90:6c:09:b8:d1:
         58:63:78:23:b1:fd:9d:c6:82:41:59:3c:06:b9:5e:40:d1:13:
         b0:9f:05:c6:b1:a9:8a:84:a6:ee:e8:61:fc:de:be:bd:df:54:
         39:8c:b2:9f:06:f1:25:9f:88:39:cc:0f:6b:9d:73:72:6f:4b:
         66:ec:cb:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOsZyEIpMSc8dd9fVLCgcYudPqggwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI3MDAwMDAwWhcNMjMxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MWJmN2I0YzIyNGJjMWU3M2I2NjBiYWE1ZmQ2ODQwYjBi
NzE4ODdmM2U1YjI2MjJiM2I4YWRmNzY3MDMwNTRlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9h7rCWJv2JtKiOMiWPKRQJX30KXVNIlqWUyu9Hf9N4xC1
OxiWYjPW0z5PFXYmQdgkR/QZ64jROGRuZ6sFmSE1cW5+1R8INcV2eX6fjDa8pi6h
K462vDEWCDo2G+F/ECWU9UiUitLsEDI/40+Ry/92nR9r2vEwoPjxOWo4xbKXw9M9
/Hqph+9TmgOyUPQMzG5uWlhGw6Cma0zV2iEzlcYIIf7Axbz227+GXAgo8/E91syt
kdI1nC3SzJQEJK3Ekxf4/uErunib6Z0gi5rfO05h/aRAeEPo437tVFdYzCJubZcS
0jZarNlogpJVKd6appOHjbGVuP641+J6d4omHBxBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIVnJHN3T7IOeU2OxiLCl6wiThjQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlkM2JhYmJhLWQxNGItNDhmMC1hNTIzLWEyZGU1Y2I0MjMzOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADQl6nD8UweI8noiNVacE3larGfZ
WMaoxfWbPIjSjgn6uCd458DMo2vCvd0WZOkH5zVWT3lo4ZKPimepkpQynjka62Mw
S6dJ54HoHtBnXl+U0qSaL2VISXRKZPkR1ZF1de9/6KtrLRutqql/ZFMvK8mXtAby
c4AvNEAdNrNwY9bZcB8ZDZj3L4SagbxFVA1KpIG7cEl4vubDjzmq0hbq9EiGFbLK
25Aw6ovUfTE5L/g7Zw38VbG1Xaz/0TqQzIeSjH+QbAm40VhjeCOx/Z3GgkFZPAa5
XkDRE7CfBcaxqYqEpu7oYfzevr3fVDmMsp8G8SWfiDnMD2udc3JvS2bsy9E=
-----END CERTIFICATE-----