Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b3b968e5-d583-4b1c-99e7-a90092f2a4a2.roa
File:                     b3b968e5-d583-4b1c-99e7-a90092f2a4a2.roa (raw, json)
Hash identifier:          qe4KNjrDGp4uvZkw77+JsP1vaWxyRmc3e/FCbJiYKw4=
Subject key identifier:   44:EF:3A:DE:BF:3E:1A:88:AE:6F:05:A4:D3:85:21:05:42:CA:96:C0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       18D6AF7BB31386818EB9EE0048DD372DE5837A2D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b3b968e5-d583-4b1c-99e7-a90092f2a4a2.roa
Signing time:             Sat 09 Sep 2023 00:00:00 +0000
ROA not before:           Sat 09 Sep 2023 00:00:00 +0000
ROA not after:            Sat 14 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:d6:af:7b:b3:13:86:81:8e:b9:ee:00:48:dd:37:2d:e5:83:7a:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  9 00:00:00 2023 GMT
            Not After : Oct 14 23:59:59 2023 GMT
        Subject: serialNumber=a252b1f709d20caa6a1ac101a4c5d3c03fd3ed7034d955b2a17c526db8e8b5cb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cb:61:e8:6d:61:4e:be:7c:86:6a:6b:e6:43:
                    fc:46:fe:ed:29:cc:74:e3:fa:0c:04:55:cb:08:8a:
                    06:53:b5:57:4a:31:45:c4:d7:65:91:43:f2:0f:eb:
                    70:19:a9:af:4e:ae:28:a8:90:da:cc:e7:33:89:91:
                    e0:d0:5c:2d:8d:34:0c:98:af:3c:aa:e6:36:aa:29:
                    54:63:26:ba:d4:c4:db:33:c2:13:4a:d5:e2:d3:af:
                    bf:eb:d8:b7:ea:8a:a6:74:90:3f:42:8d:7f:1e:b6:
                    d7:62:fc:2c:bd:c6:03:8c:f4:e5:b1:5d:6d:e7:3e:
                    9e:15:d2:d6:7e:44:5e:ee:9e:08:bc:ed:92:5a:17:
                    59:1f:89:c6:21:7c:bc:1c:2b:17:f7:9a:66:a5:de:
                    0f:23:11:db:d6:a9:b6:4e:d3:ee:01:d4:7d:98:71:
                    f8:53:b6:db:44:05:19:6e:77:bd:ad:f2:e6:07:97:
                    2e:b1:1f:b0:2b:b6:65:ac:d3:c2:2f:72:c8:28:38:
                    bc:56:f5:ee:d5:90:c6:a8:03:32:ef:22:9e:12:bc:
                    5d:b9:75:6a:ec:a6:e8:db:9c:1d:00:8a:a9:3f:70:
                    52:8b:1b:8c:8a:09:7f:ec:72:23:c5:c0:0e:65:86:
                    fc:4c:62:a2:3c:1e:58:d6:ca:1d:77:54:1a:6e:84:
                    e2:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:EF:3A:DE:BF:3E:1A:88:AE:6F:05:A4:D3:85:21:05:42:CA:96:C0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b3b968e5-d583-4b1c-99e7-a90092f2a4a2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:5f:71:4b:af:d5:55:03:67:f1:fe:08:66:ab:d1:5d:4f:54:
         dc:04:ce:61:e6:58:1f:c2:ca:8b:22:86:98:8e:ba:28:72:69:
         d5:95:07:52:ef:b6:fd:f8:ce:00:56:f2:9b:8d:b9:82:7c:59:
         c0:69:3a:fa:c5:7b:aa:5b:6c:35:18:00:8d:5f:85:52:a8:b2:
         88:45:32:41:a9:29:9a:e7:e4:71:3e:fa:39:fc:fa:a3:ca:60:
         2d:16:45:d6:0d:91:4a:9f:f5:7e:cb:e4:15:43:88:f2:85:3c:
         76:0e:61:3c:c9:d5:39:bd:ec:58:40:8a:e1:6c:6f:74:59:a3:
         77:87:c1:65:46:00:01:0c:de:5f:06:5b:67:87:fb:bd:59:ac:
         29:27:1d:8a:b4:f4:f3:4b:4e:31:7c:4b:5e:36:ab:bf:2a:05:
         7f:c9:69:c4:90:8b:fa:b0:e9:d4:59:fd:64:3a:65:f4:10:be:
         78:f9:2a:35:67:a4:87:8a:29:ec:99:b1:a1:20:3b:5a:72:c0:
         53:fc:38:37:aa:d3:ec:18:90:6f:b5:8b:a5:f8:d2:c7:7f:1b:
         a3:97:c1:72:7d:05:44:0b:a4:e6:45:c7:f0:59:bd:8d:de:7e:
         cc:8b:e9:a5:c5:43:f7:5f:d1:8a:a0:af:3f:66:7a:64:e0:b2:
         0c:f9:e5:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGNave7MThoGOue4ASN03LeWDei0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA5MDAwMDAwWhcNMjMxMDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjUyYjFmNzA5ZDIwY2FhNmExYWMxMDFhNGM1ZDNjMDNm
ZDNlZDcwMzRkOTU1YjJhMTdjNTI2ZGI4ZThiNWNiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvy2HobWFOvnyGamvmQ/xG/u0pzHTj+gwEVcsIigZTtVdK
MUXE12WRQ/IP63AZqa9OriiokNrM5zOJkeDQXC2NNAyYrzyq5jaqKVRjJrrUxNsz
whNK1eLTr7/r2LfqiqZ0kD9CjX8ettdi/Cy9xgOM9OWxXW3nPp4V0tZ+RF7ungi8
7ZJaF1kficYhfLwcKxf3mmal3g8jEdvWqbZO0+4B1H2YcfhTtttEBRlud72t8uYH
ly6xH7ArtmWs08IvcsgoOLxW9e7VkMaoAzLvIp4SvF25dWrspujbnB0Aiqk/cFKL
G4yKCX/sciPFwA5lhvxMYqI8HljWyh13VBpuhOLzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURO863r8+GoiubwWk04UhBULKlsAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2IzYjk2OGU1LWQ1ODMtNGIxYy05OWU3LWE5MDA5MmYyYTRhMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAtfcUuv1VUDZ/H+CGar0V1PVNwE
zmHmWB/CyosihpiOuihyadWVB1Lvtv34zgBW8puNuYJ8WcBpOvrFe6pbbDUYAI1f
hVKosohFMkGpKZrn5HE++jn8+qPKYC0WRdYNkUqf9X7L5BVDiPKFPHYOYTzJ1Tm9
7FhAiuFsb3RZo3eHwWVGAAEM3l8GW2eH+71ZrCknHYq09PNLTjF8S142q78qBX/J
acSQi/qw6dRZ/WQ6ZfQQvnj5KjVnpIeKKeyZsaEgO1pywFP8ODeq0+wYkG+1i6X4
0sd/G6OXwXJ9BUQLpOZFx/BZvY3efsyL6aXFQ/df0Yqgrz9memTgsgz55Vk=
-----END CERTIFICATE-----