Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bd15d010-7966-450e-a5ac-7e3738d1aa8c.roa
File:                     bd15d010-7966-450e-a5ac-7e3738d1aa8c.roa (raw, json)
Hash identifier:          UMaBdq01wIrdNnL/0qGkmVL2EAOVMGHjSTeSWsnDx+c=
Subject key identifier:   95:B4:C9:C6:55:19:D9:8D:8D:95:6C:82:59:CD:D6:A2:4D:27:4C:2C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5DD17C04466FD4677BE583242851E96F27A0036B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bd15d010-7966-450e-a5ac-7e3738d1aa8c.roa
Signing time:             Mon 16 Oct 2023 00:00:00 +0000
ROA not before:           Mon 16 Oct 2023 00:00:00 +0000
ROA not after:            Mon 20 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:d1:7c:04:46:6f:d4:67:7b:e5:83:24:28:51:e9:6f:27:a0:03:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 16 00:00:00 2023 GMT
            Not After : Nov 20 23:59:59 2023 GMT
        Subject: serialNumber=aa1f253bf80dcd0adf229011039d801cc47213464786d79528893ab3d87c26b1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:23:c3:50:da:3d:39:c5:cf:c2:ce:ec:7b:95:
                    15:a0:82:c2:83:d2:58:80:51:71:df:2c:aa:82:50:
                    c8:94:d4:43:5c:bd:aa:11:62:35:d0:dd:39:48:d2:
                    5d:d4:0a:64:55:58:43:a4:5c:6f:50:90:3f:c6:fe:
                    70:e5:d3:a6:85:c6:34:1f:c0:3f:62:ba:69:2b:14:
                    ff:45:18:cb:5e:e1:4e:64:7c:c6:02:0b:ca:36:28:
                    f7:c3:d4:fa:4a:1a:81:dd:40:c7:fc:ae:69:de:a2:
                    40:b6:7c:b3:7d:bc:23:9e:50:ab:7e:2f:cc:e0:2e:
                    a1:33:91:87:30:dc:d1:c4:ef:d8:0a:d4:25:87:14:
                    42:70:31:f5:0c:93:30:65:9f:d7:12:8f:5b:60:a7:
                    ac:33:e3:5a:6f:d7:cc:09:56:2b:97:a1:3f:04:42:
                    dc:61:6e:66:5f:96:84:e2:16:79:3f:2f:8a:94:0e:
                    2e:c7:d1:45:59:a4:3e:14:58:d4:f9:68:6d:f2:a7:
                    f9:c5:ce:00:19:cc:fa:a7:d7:9e:fe:a2:34:33:ce:
                    4b:05:bb:f1:e2:d0:99:31:d2:13:63:5b:66:66:07:
                    2d:cc:21:0c:24:6d:75:8d:69:a2:1b:8e:e9:46:e9:
                    f0:a6:9a:c1:1a:e1:52:2b:a8:ee:56:66:f4:f1:38:
                    b4:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B4:C9:C6:55:19:D9:8D:8D:95:6C:82:59:CD:D6:A2:4D:27:4C:2C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bd15d010-7966-450e-a5ac-7e3738d1aa8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:37:f1:0b:c9:0a:8b:67:6b:5d:0f:6a:a9:c0:e8:24:8e:9b:
         30:34:8e:cc:5b:8c:aa:d9:53:0a:1c:be:d4:52:e6:a1:97:0d:
         92:9e:b2:ff:5c:21:34:eb:0e:90:84:60:49:ff:fd:36:8c:6f:
         bf:32:fe:47:ca:79:2f:4f:0d:d6:3d:6c:e5:88:a3:92:9b:e6:
         29:7f:6e:06:33:f4:0b:62:e5:71:d3:24:34:bc:8f:37:73:23:
         b8:49:a7:3f:c0:20:ae:f1:64:12:f4:79:e7:00:0c:32:f0:96:
         3f:4f:4d:2f:9b:76:2f:72:45:f7:4d:b0:f3:29:80:16:7c:f7:
         9a:b6:61:58:b2:e6:31:bf:76:6c:f3:39:8e:9b:f1:ba:8c:e7:
         26:da:c8:b5:39:0d:6f:9a:19:29:a1:57:7e:d6:54:e2:3f:02:
         de:b8:0f:ed:bd:cd:2c:c2:a4:32:3a:06:f2:81:d6:32:e7:3b:
         1c:0b:23:f4:03:d9:f0:db:c6:aa:80:e7:25:15:3a:b5:60:c9:
         ed:90:5d:46:8f:2d:3e:bd:ea:3f:b8:9d:3a:a3:e7:de:e3:93:
         18:c7:e2:03:34:99:3f:08:93:d0:ec:f5:f4:2c:1a:fe:76:80:
         3c:c5:71:7c:3f:5a:f1:73:bd:e2:46:e7:41:8a:0a:93:6c:bc:
         f3:ef:7c:43
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXdF8BEZv1Gd75YMkKFHpbyegA2swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE2MDAwMDAwWhcNMjMxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTFmMjUzYmY4MGRjZDBhZGYyMjkwMTEwMzlkODAxY2M0
NzIxMzQ2NDc4NmQ3OTUyODg5M2FiM2Q4N2MyNmIxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYI8NQ2j05xc/Czux7lRWggsKD0liAUXHfLKqCUMiU1ENc
vaoRYjXQ3TlI0l3UCmRVWEOkXG9QkD/G/nDl06aFxjQfwD9iumkrFP9FGMte4U5k
fMYCC8o2KPfD1PpKGoHdQMf8rmneokC2fLN9vCOeUKt+L8zgLqEzkYcw3NHE79gK
1CWHFEJwMfUMkzBln9cSj1tgp6wz41pv18wJViuXoT8EQtxhbmZfloTiFnk/L4qU
Di7H0UVZpD4UWNT5aG3yp/nFzgAZzPqn157+ojQzzksFu/Hi0Jkx0hNjW2ZmBy3M
IQwkbXWNaaIbjulG6fCmmsEa4VIrqO5WZvTxOLTHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlbTJxlUZ2Y2NlWyCWc3Wok0nTCwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JkMTVkMDEwLTc5NjYtNDUwZS1hNWFjLTdlMzczOGQxYWE4Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF438QvJCotna10PaqnA6CSOmzA0
jsxbjKrZUwocvtRS5qGXDZKesv9cITTrDpCEYEn//TaMb78y/kfKeS9PDdY9bOWI
o5Kb5il/bgYz9Ati5XHTJDS8jzdzI7hJpz/AIK7xZBL0eecADDLwlj9PTS+bdi9y
RfdNsPMpgBZ895q2YViy5jG/dmzzOY6b8bqM5ybayLU5DW+aGSmhV37WVOI/At64
D+29zSzCpDI6BvKB1jLnOxwLI/QD2fDbxqqA5yUVOrVgye2QXUaPLT696j+4nTqj
597jkxjH4gM0mT8Ik9Ds9fQsGv52gDzFcXw/WvFzveJG50GKCpNsvPPvfEM=
-----END CERTIFICATE-----