Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cf687ca4-684a-4933-8804-689462ceeb6c.roa
File:                     cf687ca4-684a-4933-8804-689462ceeb6c.roa (raw, json)
Hash identifier:          IjdbNjS61H5FlWCcPW1U30Xvp9BYjMIwehkpphBQuGo=
Subject key identifier:   17:4F:50:2F:53:43:2B:03:F3:73:01:CB:DF:B0:82:E0:AF:71:64:2C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1D8FEAF5ECCAA3EE9DD9210617249159B1FD45C9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cf687ca4-684a-4933-8804-689462ceeb6c.roa
Signing time:             Wed 27 Sep 2023 00:00:00 +0000
ROA not before:           Wed 27 Sep 2023 00:00:00 +0000
ROA not after:            Wed 01 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:8f:ea:f5:ec:ca:a3:ee:9d:d9:21:06:17:24:91:59:b1:fd:45:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 27 00:00:00 2023 GMT
            Not After : Nov  1 23:59:59 2023 GMT
        Subject: serialNumber=e019189a9da05c81cd1c21f3b292aa0e8e00c55f6e79af89a198b66b2b455e3b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d3:f1:53:44:b5:41:80:d3:c8:33:e1:cd:36:
                    4b:ad:c9:21:f1:30:44:bf:f6:01:f1:f7:2f:cf:14:
                    63:34:39:3e:b5:58:82:8f:ea:64:c5:c5:8c:c1:39:
                    d9:03:db:b8:b8:bc:b7:ae:f3:06:bf:a2:f1:9b:a8:
                    ef:8b:11:d1:06:2a:99:b6:1c:0d:19:40:9a:1d:20:
                    2c:e6:57:0b:24:c9:a7:b6:0e:d8:76:d8:a4:39:9f:
                    d4:0c:37:bf:4d:dd:4d:76:e5:6d:8c:a5:c0:c9:ab:
                    52:b7:3d:1c:ef:50:4f:b4:b2:0d:a4:b0:ec:91:2c:
                    b5:eb:a9:73:a7:57:36:cb:3a:35:c4:52:26:5f:0e:
                    97:0e:d4:69:2e:dd:66:4d:37:70:6e:d6:c8:bd:92:
                    a2:2e:e1:76:f9:09:73:44:a6:78:f0:6d:9d:28:ab:
                    9d:47:00:45:7f:cf:ce:6d:b1:8b:1a:bf:94:f4:59:
                    14:d9:ea:20:8b:5d:ab:8c:25:e1:56:1f:0b:3c:66:
                    2d:f9:7b:2d:d2:12:77:c7:0b:49:72:bd:52:d2:c3:
                    00:23:8a:d0:3c:d4:6f:64:e8:ae:df:36:7a:d7:47:
                    e1:5e:98:68:7c:a5:ef:7b:4f:ba:de:8e:1b:b9:e4:
                    cc:19:38:25:89:cd:d5:b4:17:02:cc:8d:ed:bf:13:
                    83:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:4F:50:2F:53:43:2B:03:F3:73:01:CB:DF:B0:82:E0:AF:71:64:2C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cf687ca4-684a-4933-8804-689462ceeb6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:83:ff:f3:62:13:a2:24:6d:7b:52:ae:1d:f5:73:1e:0b:ff:
         3b:51:99:cb:4b:83:e2:fe:78:7e:26:09:ed:b6:c5:e2:8c:46:
         b2:e4:5c:88:50:1e:7c:f5:7a:86:a0:af:35:f6:97:0b:45:5f:
         ca:17:70:c0:91:ad:5c:d2:a2:cf:a9:d4:6d:d2:55:9d:55:ca:
         f3:67:48:22:11:26:34:1f:29:30:de:66:d2:49:17:2c:0f:61:
         d6:b0:a8:36:06:43:48:7a:0c:0d:c4:e0:f8:38:57:86:34:37:
         68:ed:cb:04:99:7a:4f:d0:5f:f7:57:a1:70:86:d5:dd:c9:14:
         ba:b1:d5:76:93:b0:01:0a:48:33:cc:82:70:00:4e:50:80:a0:
         7f:45:81:a9:64:ab:58:d2:82:7a:40:c3:f0:74:26:ce:4b:83:
         cc:76:c5:30:9e:26:e6:7a:7e:e0:74:ac:31:e0:0d:8f:78:c5:
         e3:c6:30:5b:17:01:b5:9f:13:da:3f:e6:f7:39:b0:c3:55:39:
         23:56:0a:ae:0d:9e:1b:6a:c0:32:c7:34:5c:85:34:16:50:85:
         3c:1e:cc:e7:1e:58:b7:b5:b5:8e:a1:21:72:d5:1c:c7:0c:6d:
         9c:41:b8:88:be:d0:d2:08:80:3f:5b:78:40:e8:16:41:71:be:
         f0:98:53:f5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHY/q9ezKo+6d2SEGFySRWbH9RckwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI3MDAwMDAwWhcNMjMxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMDE5MTg5YTlkYTA1YzgxY2QxYzIxZjNiMjkyYWEwZThl
MDBjNTVmNmU3OWFmODlhMTk4YjY2YjJiNDU1ZTNiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC60/FTRLVBgNPIM+HNNkutySHxMES/9gHx9y/PFGM0OT61
WIKP6mTFxYzBOdkD27i4vLeu8wa/ovGbqO+LEdEGKpm2HA0ZQJodICzmVwskyae2
Dth22KQ5n9QMN79N3U125W2MpcDJq1K3PRzvUE+0sg2ksOyRLLXrqXOnVzbLOjXE
UiZfDpcO1Gku3WZNN3Bu1si9kqIu4Xb5CXNEpnjwbZ0oq51HAEV/z85tsYsav5T0
WRTZ6iCLXauMJeFWHws8Zi35ey3SEnfHC0lyvVLSwwAjitA81G9k6K7fNnrXR+Fe
mGh8pe97T7rejhu55MwZOCWJzdW0FwLMje2/E4OdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUF09QL1NDKwPzcwHL37CC4K9xZCwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NmNjg3Y2E0LTY4NGEtNDkzMy04ODA0LTY4OTQ2MmNlZWI2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADmD//NiE6IkbXtSrh31cx4L/ztR
mctLg+L+eH4mCe22xeKMRrLkXIhQHnz1eoagrzX2lwtFX8oXcMCRrVzSos+p1G3S
VZ1VyvNnSCIRJjQfKTDeZtJJFywPYdawqDYGQ0h6DA3E4Pg4V4Y0N2jtywSZek/Q
X/dXoXCG1d3JFLqx1XaTsAEKSDPMgnAATlCAoH9Fgalkq1jSgnpAw/B0Js5Lg8x2
xTCeJuZ6fuB0rDHgDY94xePGMFsXAbWfE9o/5vc5sMNVOSNWCq4NnhtqwDLHNFyF
NBZQhTwezOceWLe1tY6hIXLVHMcMbZxBuIi+0NIIgD9beEDoFkFxvvCYU/U=
-----END CERTIFICATE-----