Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a1d4ea07-e3a3-4e10-b6eb-8f102fb88975.roa
File:                     a1d4ea07-e3a3-4e10-b6eb-8f102fb88975.roa (raw, json)
Hash identifier:          7JXZ9GEGMnUmPJBKWJO6KSX2QXDhGrECH9yslKAfInw=
Subject key identifier:   0B:5F:80:9D:18:1A:A8:0B:54:B4:02:B2:69:44:43:E0:96:70:2D:BB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       639D965E184408CCF1E9A4013C6A00D7CF517323
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a1d4ea07-e3a3-4e10-b6eb-8f102fb88975.roa
Signing time:             Mon 11 Sep 2023 00:00:00 +0000
ROA not before:           Mon 11 Sep 2023 00:00:00 +0000
ROA not after:            Mon 16 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:9d:96:5e:18:44:08:cc:f1:e9:a4:01:3c:6a:00:d7:cf:51:73:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 11 00:00:00 2023 GMT
            Not After : Oct 16 23:59:59 2023 GMT
        Subject: serialNumber=a218dd7b5016a39ebc2be4e46a1d43c260b27a142135c275ebc08dcee3d7ad91, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:94:c2:9c:61:50:c2:ae:2a:6a:8c:f7:d0:4f:
                    1a:ac:3a:72:11:bb:56:b7:64:37:bb:3a:03:16:18:
                    05:24:d1:11:9f:74:6f:de:ae:fa:76:7b:79:b6:0a:
                    fc:73:ae:d9:44:37:b9:fd:eb:8f:4a:23:43:68:54:
                    aa:8b:ac:c4:e9:5e:4c:c6:ae:60:b0:a3:58:52:88:
                    87:42:dd:c3:21:83:f6:89:20:3d:0c:bf:23:9b:26:
                    7b:1f:ad:cf:57:e8:e5:a2:bf:15:ce:0e:dd:6f:52:
                    15:b6:96:17:7d:11:8c:bc:fb:d7:4d:9a:63:14:db:
                    06:3d:f5:79:7c:db:74:db:f9:05:bb:f2:10:fc:9f:
                    63:33:8b:9b:a4:a6:fe:f2:79:81:b4:c8:ab:01:2a:
                    74:87:b4:8a:74:3d:a2:e6:35:03:90:0d:a5:e8:08:
                    2e:f4:ce:65:37:11:fb:90:29:f4:7d:9e:86:85:00:
                    9e:52:1c:70:86:df:74:b0:b2:25:01:8e:1b:c6:f7:
                    f9:1d:9f:5d:7e:75:8f:ef:50:22:47:f7:92:3d:e6:
                    c4:e5:3a:64:fd:d3:04:17:ec:47:59:89:34:a7:5f:
                    bb:33:53:b6:78:5e:58:ba:ff:ab:73:f9:88:27:c7:
                    e3:19:ff:ab:c2:7d:0d:c5:6a:8e:a5:3f:47:f7:2c:
                    06:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:5F:80:9D:18:1A:A8:0B:54:B4:02:B2:69:44:43:E0:96:70:2D:BB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a1d4ea07-e3a3-4e10-b6eb-8f102fb88975.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:38:10:25:bf:11:01:6f:4e:4c:01:4f:49:21:ac:65:80:c8:
         03:07:82:a9:11:c0:23:3e:bf:21:30:07:45:36:f9:48:bd:4c:
         7d:14:97:d6:eb:25:24:2d:74:a2:07:61:34:1b:95:18:d1:d9:
         99:01:78:81:c9:68:38:10:35:b8:16:c4:20:9a:49:0f:52:67:
         d6:4f:bb:5a:fb:46:d7:88:e5:fe:1b:54:36:62:b1:c2:bc:04:
         3a:98:58:27:69:0d:db:af:8b:3f:c7:a8:91:44:98:63:3c:dc:
         ee:9f:e3:a8:6f:3a:1b:5e:cf:ce:0e:d1:32:77:a1:da:e1:bb:
         49:b2:e3:e1:bb:00:c8:1f:70:c1:1c:ce:a3:d3:66:29:b2:3a:
         b0:cb:11:64:37:53:6e:cb:ed:10:31:8c:78:b6:c6:13:4a:f6:
         f6:ec:84:fc:dd:eb:37:c1:da:ab:d0:66:0f:da:5f:b3:37:72:
         20:19:c9:57:1a:4b:4d:1f:48:cb:82:6b:a6:4d:77:6e:05:ea:
         7f:7c:8c:c7:9e:f6:58:8f:05:56:dd:00:b6:b5:bb:45:c8:9a:
         7c:e0:98:af:3e:3c:9c:06:b0:72:1d:ae:fa:ca:64:ea:b1:bb:
         ad:40:38:f9:b3:9f:61:fb:be:c0:84:d0:92:b6:13:45:59:5f:
         b5:35:96:cf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY52WXhhECMzx6aQBPGoA189RcyMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTExMDAwMDAwWhcNMjMxMDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjE4ZGQ3YjUwMTZhMzllYmMyYmU0ZTQ2YTFkNDNjMjYw
YjI3YTE0MjEzNWMyNzVlYmMwOGRjZWUzZDdhZDkxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCplMKcYVDCripqjPfQTxqsOnIRu1a3ZDe7OgMWGAUk0RGf
dG/ervp2e3m2CvxzrtlEN7n9649KI0NoVKqLrMTpXkzGrmCwo1hSiIdC3cMhg/aJ
ID0MvyObJnsfrc9X6OWivxXODt1vUhW2lhd9EYy8+9dNmmMU2wY99Xl823Tb+QW7
8hD8n2Mzi5ukpv7yeYG0yKsBKnSHtIp0PaLmNQOQDaXoCC70zmU3EfuQKfR9noaF
AJ5SHHCG33SwsiUBjhvG9/kdn11+dY/vUCJH95I95sTlOmT90wQX7EdZiTSnX7sz
U7Z4Xli6/6tz+Ygnx+MZ/6vCfQ3Fao6lP0f3LAbjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUC1+AnRgaqAtUtAKyaURD4JZwLbswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ExZDRlYTA3LWUzYTMtNGUxMC1iNmViLThmMTAyZmI4ODk3NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEw4ECW/EQFvTkwBT0khrGWAyAMH
gqkRwCM+vyEwB0U2+Ui9TH0Ul9brJSQtdKIHYTQblRjR2ZkBeIHJaDgQNbgWxCCa
SQ9SZ9ZPu1r7RteI5f4bVDZiscK8BDqYWCdpDduviz/HqJFEmGM83O6f46hvOhte
z84O0TJ3odrhu0my4+G7AMgfcMEczqPTZimyOrDLEWQ3U27L7RAxjHi2xhNK9vbs
hPzd6zfB2qvQZg/aX7M3ciAZyVcaS00fSMuCa6ZNd24F6n98jMee9liPBVbdALa1
u0XImnzgmK8+PJwGsHIdrvrKZOqxu61AOPmzn2H7vsCE0JK2E0VZX7U1ls8=
-----END CERTIFICATE-----