Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bc2523a7-d95b-4d56-8b8f-9517b82fab49.roa
File:                     bc2523a7-d95b-4d56-8b8f-9517b82fab49.roa (raw, json)
Hash identifier:          MdYuEvBMnu8ePlkCzIQboxeAXvXdLBhQsyrJTV1DTPQ=
Subject key identifier:   71:22:33:31:B9:D4:7B:92:94:7E:E3:3F:8B:31:4A:4D:CC:47:89:4B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       164A33460F46F22C2C8A620120B1691F4E57B048
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bc2523a7-d95b-4d56-8b8f-9517b82fab49.roa
Signing time:             Sat 14 Oct 2023 00:00:00 +0000
ROA not before:           Sat 14 Oct 2023 00:00:00 +0000
ROA not after:            Sat 18 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:4a:33:46:0f:46:f2:2c:2c:8a:62:01:20:b1:69:1f:4e:57:b0:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 14 00:00:00 2023 GMT
            Not After : Nov 18 23:59:59 2023 GMT
        Subject: serialNumber=e5f7a1f100c5fff397c2a854580b25cd3222447ea01f41f04e4bfeefefead6e5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d3:dd:c1:52:ad:c9:26:56:0a:f5:9c:9f:8a:
                    7d:20:42:e4:68:72:cc:ce:60:b8:39:16:ec:cf:d2:
                    53:98:cf:1e:e6:80:28:30:3d:93:71:e1:48:d1:4b:
                    63:97:e2:52:49:62:95:7f:78:3d:03:86:ca:b0:c1:
                    40:15:2f:d7:64:0e:9e:c1:a9:40:c0:69:e2:26:9f:
                    b2:48:34:09:25:b6:15:1c:43:6e:f2:c5:dd:e8:19:
                    c2:5b:98:40:af:72:f1:81:c4:56:6a:51:84:6d:09:
                    13:e2:3c:7f:91:e2:18:48:a7:22:d1:08:75:aa:82:
                    09:d5:55:0c:c6:33:54:4f:f0:f7:c6:47:68:e9:f2:
                    45:bf:1f:9e:c2:01:e4:58:38:ff:fa:b1:9b:73:0f:
                    38:c8:50:2b:f1:11:f0:24:ef:54:b2:5a:ae:50:8f:
                    6a:8c:15:6f:d6:ac:7e:37:b5:e1:55:ab:9a:4c:76:
                    91:d0:1b:e1:22:d0:33:53:7a:ab:e9:dc:1c:87:80:
                    59:ba:04:8b:24:ea:fa:65:4d:f3:4f:88:4f:93:73:
                    67:75:38:6c:cb:be:d8:0d:f2:61:11:56:36:5b:a0:
                    93:53:15:07:e6:a9:a0:8c:f9:8d:d4:da:c3:10:ed:
                    09:60:93:58:89:ca:58:2c:e2:4c:ff:dd:56:bf:91:
                    da:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:22:33:31:B9:D4:7B:92:94:7E:E3:3F:8B:31:4A:4D:CC:47:89:4B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bc2523a7-d95b-4d56-8b8f-9517b82fab49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:bc:62:e5:8a:45:13:8a:d4:95:f2:6d:ea:51:b2:57:2e:3a:
         bd:67:3f:58:24:6e:49:27:24:61:25:c8:1a:4f:f7:5f:23:35:
         d7:b8:aa:25:01:cc:46:b3:08:dc:4c:af:6b:31:19:e8:21:57:
         84:6b:72:e7:c1:09:93:25:7b:e2:4b:52:a6:18:f8:81:27:21:
         52:95:89:52:19:3d:6a:6b:74:ad:a8:e5:24:ee:1e:45:16:eb:
         90:6c:69:cd:0a:4b:be:b3:65:43:42:5d:77:5d:e4:cb:0e:9e:
         c7:6c:ac:6c:4f:88:93:7d:49:22:d4:eb:60:df:e1:19:a8:ed:
         ab:c8:53:ea:1d:9e:9b:89:fb:a3:b6:a8:fe:4a:45:ed:50:d8:
         46:70:8f:00:95:d0:15:f2:bf:57:30:cf:17:35:c7:ff:4f:df:
         bb:d2:a8:a8:fb:4d:be:e7:56:2a:62:74:e7:cf:94:d1:23:4a:
         7b:9f:2a:54:20:f3:6b:aa:4e:f7:c6:b1:0b:90:37:ad:b5:ab:
         36:dd:ba:93:e6:1e:82:1b:14:6e:4d:8e:a4:2a:50:ed:bd:33:
         d1:50:9f:2b:a9:a4:89:3d:5d:db:fd:d1:4f:66:bd:ab:fd:d6:
         24:1a:6a:73:05:ec:cd:05:e5:4f:91:c7:24:3b:ba:96:44:2f:
         bb:5f:29:b6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFkozRg9G8iwsimIBILFpH05XsEgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE0MDAwMDAwWhcNMjMxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNWY3YTFmMTAwYzVmZmYzOTdjMmE4NTQ1ODBiMjVjZDMy
MjI0NDdlYTAxZjQxZjA0ZTRiZmVlZmVmZWFkNmU1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDT093BUq3JJlYK9Zyfin0gQuRocszOYLg5FuzP0lOYzx7m
gCgwPZNx4UjRS2OX4lJJYpV/eD0DhsqwwUAVL9dkDp7BqUDAaeImn7JINAklthUc
Q27yxd3oGcJbmECvcvGBxFZqUYRtCRPiPH+R4hhIpyLRCHWqggnVVQzGM1RP8PfG
R2jp8kW/H57CAeRYOP/6sZtzDzjIUCvxEfAk71SyWq5Qj2qMFW/WrH43teFVq5pM
dpHQG+Ei0DNTeqvp3ByHgFm6BIsk6vplTfNPiE+Tc2d1OGzLvtgN8mERVjZboJNT
FQfmqaCM+Y3U2sMQ7Qlgk1iJylgs4kz/3Va/kdr3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcSIzMbnUe5KUfuM/izFKTcxHiUswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JjMjUyM2E3LWQ5NWItNGQ1Ni04YjhmLTk1MTdiODJmYWI0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA28YuWKRROK1JXybepRslcuOr1n
P1gkbkknJGElyBpP918jNde4qiUBzEazCNxMr2sxGeghV4RrcufBCZMle+JLUqYY
+IEnIVKViVIZPWprdK2o5STuHkUW65Bsac0KS76zZUNCXXdd5MsOnsdsrGxPiJN9
SSLU62Df4Rmo7avIU+odnpuJ+6O2qP5KRe1Q2EZwjwCV0BXyv1cwzxc1x/9P37vS
qKj7Tb7nVipidOfPlNEjSnufKlQg82uqTvfGsQuQN621qzbdupPmHoIbFG5NjqQq
UO29M9FQnyuppIk9Xdv90U9mvav91iQaanMF7M0F5U+RxyQ7upZEL7tfKbY=
-----END CERTIFICATE-----