Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c00235b0-3281-4f25-a2b3-33042fed8ff1.roa
File:                     c00235b0-3281-4f25-a2b3-33042fed8ff1.roa (raw, json)
Hash identifier:          LUZy0sb0Wh4JQz8ondsb5YC/dnxFCwyMCDqNU6rRa8w=
Subject key identifier:   23:5F:91:AE:A6:E4:14:D1:31:20:51:7B:C1:8C:3F:D6:B6:7F:35:05
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2AF08DD12999F9A35B936BE4E7FE136D1214EEB9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c00235b0-3281-4f25-a2b3-33042fed8ff1.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:f0:8d:d1:29:99:f9:a3:5b:93:6b:e4:e7:fe:13:6d:12:14:ee:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=37b13eb5efb2185333dc02bdc88c99ee430c9e102b0ee048420bb184ec1b5d0d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e4:36:71:9a:b6:46:0b:61:bc:76:4e:cc:fe:
                    cb:e6:01:fd:8f:00:0d:f0:43:7f:40:d2:13:eb:0e:
                    bb:d0:77:74:b6:08:5c:f3:8b:d2:52:2a:4f:61:a3:
                    30:bb:f0:29:af:89:e9:71:33:ef:88:cf:ce:96:2c:
                    06:06:7e:90:37:2f:8e:58:d8:f0:bf:88:34:39:b7:
                    1d:08:b3:64:39:80:3d:54:bc:07:06:fb:d3:16:eb:
                    c3:04:1e:3a:e2:6e:66:6a:fb:94:8b:05:a3:64:74:
                    8d:54:af:cf:31:00:be:7c:b4:6b:6d:20:3d:b4:a1:
                    20:62:18:27:72:91:d5:44:86:3f:26:e7:00:9e:f8:
                    17:d1:95:6c:11:82:42:ce:92:bd:da:8c:93:07:c3:
                    68:32:c6:e2:17:47:8b:c3:bc:ff:0f:f4:c1:ff:46:
                    63:1b:d6:82:0d:82:65:7d:36:95:24:9d:b5:97:d8:
                    42:d5:f9:1f:b8:5f:1e:d0:14:bd:e7:75:1a:a9:43:
                    e1:57:68:94:af:50:9d:ca:57:3a:a8:b0:85:41:ba:
                    1a:c7:75:34:94:df:df:7b:fd:48:cf:6b:28:92:62:
                    c5:45:0c:e2:ec:d6:c6:b6:97:a5:77:30:5c:fa:cb:
                    1e:77:98:f4:22:73:08:7f:eb:90:65:be:2c:0d:b7:
                    21:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:5F:91:AE:A6:E4:14:D1:31:20:51:7B:C1:8C:3F:D6:B6:7F:35:05
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c00235b0-3281-4f25-a2b3-33042fed8ff1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:6c:79:68:09:7a:1b:7a:96:98:25:b6:f8:f4:43:7f:b3:9e:
         b2:30:e6:6c:00:97:df:76:89:1c:0b:21:1c:40:af:43:68:0f:
         4e:3a:43:a7:00:f6:da:5b:e9:b5:3b:ce:a0:47:8a:8e:fe:ac:
         6e:ca:07:de:4e:45:38:93:50:08:79:6b:77:fc:fc:4d:53:38:
         c9:9d:fa:c7:fb:eb:b9:25:52:34:17:6d:17:0f:8d:20:91:4a:
         43:94:a1:5d:48:65:f9:75:17:62:c5:df:f0:ee:89:5e:3a:25:
         4d:74:30:af:09:92:42:b8:c7:52:92:eb:64:96:73:4e:d7:82:
         30:95:ce:60:1e:b6:13:df:e3:6e:ee:a4:bd:ba:4f:ce:00:2b:
         36:0d:1f:d0:ff:fb:d8:3e:9e:c9:9d:1c:be:7b:a9:0c:90:16:
         b4:83:41:41:5a:ed:97:fb:25:ef:77:36:27:51:4a:c2:2a:13:
         8a:d2:ec:21:e6:f3:94:c5:b2:7d:11:c1:cc:e2:d3:54:10:69:
         82:37:1b:b1:57:ed:8b:1e:9b:59:63:44:06:4a:da:16:34:78:
         0b:0d:2a:7d:84:12:3e:ae:55:c2:14:51:8a:83:5e:27:51:74:
         90:da:09:bf:97:1b:5a:35:62:f2:1b:a3:d1:78:87:3c:80:30:
         26:31:5f:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKvCN0SmZ+aNbk2vk5/4TbRIU7rkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIyMDAwMDAwWhcNMjMxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2IxM2ViNWVmYjIxODUzMzNkYzAyYmRjODhjOTllZTQz
MGM5ZTEwMmIwZWUwNDg0MjBiYjE4NGVjMWI1ZDBkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs5DZxmrZGC2G8dk7M/svmAf2PAA3wQ39A0hPrDrvQd3S2
CFzzi9JSKk9hozC78CmvielxM++Iz86WLAYGfpA3L45Y2PC/iDQ5tx0Is2Q5gD1U
vAcG+9MW68MEHjribmZq+5SLBaNkdI1Ur88xAL58tGttID20oSBiGCdykdVEhj8m
5wCe+BfRlWwRgkLOkr3ajJMHw2gyxuIXR4vDvP8P9MH/RmMb1oINgmV9NpUknbWX
2ELV+R+4Xx7QFL3ndRqpQ+FXaJSvUJ3KVzqosIVBuhrHdTSU3997/UjPayiSYsVF
DOLs1sa2l6V3MFz6yx53mPQicwh/65BlviwNtyGzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUI1+RrqbkFNExIFF7wYw/1rZ/NQUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2MwMDIzNWIwLTMyODEtNGYyNS1hMmIzLTMzMDQyZmVkOGZmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGxseWgJeht6lpgltvj0Q3+znrIw
5mwAl992iRwLIRxAr0NoD046Q6cA9tpb6bU7zqBHio7+rG7KB95ORTiTUAh5a3f8
/E1TOMmd+sf767klUjQXbRcPjSCRSkOUoV1IZfl1F2LF3/DuiV46JU10MK8JkkK4
x1KS62SWc07XgjCVzmAethPf427upL26T84AKzYNH9D/+9g+nsmdHL57qQyQFrSD
QUFa7Zf7Je93NidRSsIqE4rS7CHm85TFsn0Rwczi01QQaYI3G7FX7Ysem1ljRAZK
2hY0eAsNKn2EEj6uVcIUUYqDXidRdJDaCb+XG1o1YvIbo9F4hzyAMCYxX30=
-----END CERTIFICATE-----