Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd03f537-49e3-41ed-8a2e-7d4ddb5e774a.roa
File:                     cd03f537-49e3-41ed-8a2e-7d4ddb5e774a.roa (raw, json)
Hash identifier:          8YZqHhyYooZ/2Cs7VvpTxjXPndtTUU0mgoPDCIKs+SM=
Subject key identifier:   68:B6:7E:AE:D7:86:B3:36:49:3C:85:7E:E3:E5:13:49:D2:6E:96:1F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       33E158A62EF639B0E8C088A1FAE7B22A919DEB44
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd03f537-49e3-41ed-8a2e-7d4ddb5e774a.roa
Signing time:             Sat 23 Sep 2023 00:00:00 +0000
ROA not before:           Sat 23 Sep 2023 00:00:00 +0000
ROA not after:            Sat 28 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:e1:58:a6:2e:f6:39:b0:e8:c0:88:a1:fa:e7:b2:2a:91:9d:eb:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 23 00:00:00 2023 GMT
            Not After : Oct 28 23:59:59 2023 GMT
        Subject: serialNumber=b6afe3473ff8c39eb7ba4e7ce4c4b4dae641a956a7a72a1ad7e7f109882d32f1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:67:2a:cd:41:23:8b:e6:4e:2d:5c:12:63:90:
                    cf:e1:c6:d4:af:22:58:96:b6:18:20:82:48:28:2e:
                    71:be:82:ff:45:4a:2f:e2:c2:27:af:a3:47:2a:00:
                    90:f2:6d:04:c3:ad:e7:ba:17:74:49:19:83:e0:e9:
                    c8:d8:d5:04:99:74:eb:5a:43:be:d6:e5:f1:06:85:
                    0a:f6:62:d5:20:f1:24:4b:f0:00:3f:d8:33:45:5f:
                    73:a7:5e:4a:8c:85:a5:e7:ae:fb:0d:a6:96:e0:27:
                    80:2d:4c:c1:f1:36:56:7d:bc:5e:03:6a:b9:e7:28:
                    65:d9:b7:b9:a8:b5:fa:ee:51:f9:6a:0f:60:4c:7b:
                    76:60:5b:af:27:87:ab:43:46:bb:48:40:86:a5:1b:
                    32:6a:a2:58:59:a5:81:81:f7:b2:1e:e8:f6:89:5b:
                    99:9a:3c:03:fe:3c:8d:30:ca:99:d2:2e:42:f6:03:
                    29:6c:3d:1b:42:94:a7:52:83:97:4b:51:b8:83:38:
                    a8:b8:15:53:8c:81:cf:f2:1e:89:28:23:86:8a:ab:
                    9b:b9:ae:80:6d:e4:dd:69:4d:15:d2:a2:82:78:8d:
                    72:fb:d2:aa:51:79:23:e0:65:b7:9a:4e:f6:c6:4d:
                    2f:36:34:0b:e3:ab:8b:be:01:53:ea:73:6e:6e:89:
                    ab:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:B6:7E:AE:D7:86:B3:36:49:3C:85:7E:E3:E5:13:49:D2:6E:96:1F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd03f537-49e3-41ed-8a2e-7d4ddb5e774a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:0c:4f:87:d1:36:08:e7:45:b5:20:d7:39:05:77:a5:94:c6:
         53:b9:f6:de:9c:ea:82:e3:42:2f:86:0b:9a:7c:98:aa:23:56:
         26:70:09:11:40:95:c2:9d:a5:7f:28:af:1e:2b:01:a9:9d:c3:
         a1:e7:8c:84:ce:62:b6:a3:9f:56:2a:eb:aa:63:d7:e9:f2:96:
         6d:91:13:c3:ae:08:c0:a1:ad:2b:4b:a8:36:93:52:07:78:7a:
         42:fa:2e:c4:46:66:d7:86:06:50:94:c0:5b:50:33:3a:70:6c:
         9e:de:5e:54:5b:d6:60:7b:10:8e:3f:75:6d:e5:8b:bb:c1:d5:
         d5:28:ae:cd:7d:e2:4b:17:4b:7d:ef:d5:3b:ae:73:1e:0f:bf:
         8a:be:5d:95:0c:c5:14:27:2e:eb:74:e1:24:23:51:23:6f:6f:
         d8:5b:b1:fc:20:ff:e8:16:a1:0e:f3:ae:c2:36:0c:1c:63:15:
         d2:6d:c8:fd:37:cd:8d:b9:ef:3f:e5:1f:17:6f:15:fd:92:d3:
         d8:ae:a4:ee:2f:95:d1:b3:94:28:1e:fc:2c:21:74:81:4c:7e:
         61:76:f7:cf:9e:86:18:34:cc:98:8f:7e:4b:87:d7:a7:23:5f:
         5f:77:54:e7:93:a8:d0:58:99:59:a4:65:23:cc:42:3f:3b:d7:
         c3:d0:9f:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM+FYpi72ObDowIih+ueyKpGd60QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIzMDAwMDAwWhcNMjMxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNmFmZTM0NzNmZjhjMzllYjdiYTRlN2NlNGM0YjRkYWU2
NDFhOTU2YTdhNzJhMWFkN2U3ZjEwOTg4MmQzMmYxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoZyrNQSOL5k4tXBJjkM/hxtSvIliWthgggkgoLnG+gv9F
Si/iwievo0cqAJDybQTDree6F3RJGYPg6cjY1QSZdOtaQ77W5fEGhQr2YtUg8SRL
8AA/2DNFX3OnXkqMhaXnrvsNppbgJ4AtTMHxNlZ9vF4DarnnKGXZt7motfruUflq
D2BMe3ZgW68nh6tDRrtIQIalGzJqolhZpYGB97Ie6PaJW5maPAP+PI0wypnSLkL2
AylsPRtClKdSg5dLUbiDOKi4FVOMgc/yHokoI4aKq5u5roBt5N1pTRXSooJ4jXL7
0qpReSPgZbeaTvbGTS82NAvjq4u+AVPqc25uiavPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaLZ+rteGszZJPIV+4+UTSdJulh8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NkMDNmNTM3LTQ5ZTMtNDFlZC04YTJlLTdkNGRkYjVlNzc0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACQMT4fRNgjnRbUg1zkFd6WUxlO5
9t6c6oLjQi+GC5p8mKojViZwCRFAlcKdpX8orx4rAamdw6HnjITOYrajn1Yq66pj
1+nylm2RE8OuCMChrStLqDaTUgd4ekL6LsRGZteGBlCUwFtQMzpwbJ7eXlRb1mB7
EI4/dW3li7vB1dUors194ksXS33v1Tuucx4Pv4q+XZUMxRQnLut04SQjUSNvb9hb
sfwg/+gWoQ7zrsI2DBxjFdJtyP03zY257z/lHxdvFf2S09iupO4vldGzlCge/Cwh
dIFMfmF298+ehhg0zJiPfkuH16cjX193VOeTqNBYmVmkZSPMQj8718PQn7Q=
-----END CERTIFICATE-----