Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d4f12dd7-32f2-416b-8899-97d0835e6403.roa
File:                     d4f12dd7-32f2-416b-8899-97d0835e6403.roa (raw, json)
Hash identifier:          FttHzLjaCkRDE12IT2Ex03z2mIhLe0/njlG4NoCc0qg=
Subject key identifier:   DC:CC:EE:2A:E5:47:70:3B:6F:9C:EC:61:29:88:1E:6B:30:2E:E6:C2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0249D53656712DCD453D4FE8BF523504D37AF076
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d4f12dd7-32f2-416b-8899-97d0835e6403.roa
Signing time:             Wed 27 Sep 2023 00:00:00 +0000
ROA not before:           Wed 27 Sep 2023 00:00:00 +0000
ROA not after:            Wed 01 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:49:d5:36:56:71:2d:cd:45:3d:4f:e8:bf:52:35:04:d3:7a:f0:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 27 00:00:00 2023 GMT
            Not After : Nov  1 23:59:59 2023 GMT
        Subject: serialNumber=77abfce2ee6e18ce3763594f12d610d1f6634886a88d07f94a40a1e23116564a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a1:9c:1f:33:b3:49:15:d4:c9:f8:29:ef:44:
                    88:d9:5d:98:72:76:83:f1:1e:1a:f7:1b:ad:e6:67:
                    63:d1:cd:83:25:14:5e:ac:d4:46:46:1f:64:86:ea:
                    57:6d:91:e1:3d:10:7d:03:c6:87:c3:0d:40:33:40:
                    e9:9b:ed:1c:e9:db:4d:e6:ce:89:b1:87:cc:ec:74:
                    5f:57:8c:59:39:86:a4:32:01:e9:36:c8:19:2d:e1:
                    4f:99:9a:c0:63:95:2b:07:b6:ee:51:18:0d:54:f7:
                    a2:04:56:c5:40:41:9c:6a:0f:65:36:e5:e5:1c:b7:
                    d4:b1:75:4e:9e:0b:e2:e5:d5:8e:19:12:96:37:41:
                    fc:1d:35:71:85:bd:ac:6c:4a:95:b6:61:c8:18:98:
                    ea:cf:7b:29:e0:97:25:60:c3:61:c4:a5:09:8e:11:
                    6b:8b:87:9a:aa:2e:ab:41:9f:a6:25:0b:a9:4d:5a:
                    40:64:c3:a0:69:7e:e1:fe:df:ec:a3:85:30:aa:79:
                    06:c0:d1:91:7a:18:1b:d3:c0:d3:13:69:3a:c1:11:
                    0d:0e:85:53:8c:03:52:52:cf:36:ef:ba:3b:e9:18:
                    00:a2:cf:fb:7f:08:aa:5a:ad:ea:11:ba:b7:99:27:
                    ab:21:92:6b:0e:74:bb:a7:d0:29:21:1b:08:bd:f6:
                    f9:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:CC:EE:2A:E5:47:70:3B:6F:9C:EC:61:29:88:1E:6B:30:2E:E6:C2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d4f12dd7-32f2-416b-8899-97d0835e6403.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:bc:5c:d3:57:c3:9b:98:bf:78:c2:67:4b:8c:10:d8:ae:45:
         49:6c:49:23:68:34:22:b1:06:26:d0:25:b9:97:17:2d:43:76:
         43:2e:9e:07:a3:78:85:20:62:ae:b4:a8:8c:b1:f2:41:98:a9:
         1d:cd:2e:dd:06:b9:2f:f0:09:16:80:5e:2b:db:49:df:df:f0:
         3a:94:d9:7f:c0:82:c6:b6:5b:aa:f1:ad:cd:77:57:dc:d0:3a:
         cb:b8:7a:38:ed:b6:4c:51:76:e6:d4:db:fd:81:ee:21:b5:1a:
         68:9f:ed:81:95:cb:2f:5a:2c:49:e0:17:4a:52:0f:e5:3b:1a:
         55:c5:0f:38:6a:0e:ed:68:8d:fe:22:a2:0c:e2:b6:9d:bc:51:
         26:27:08:67:84:fc:46:02:ff:a8:c6:4a:3f:48:cc:7b:90:7a:
         38:29:20:d1:e9:e2:5b:5a:41:e3:4e:13:65:50:89:90:58:6a:
         54:b2:1a:17:b0:31:41:78:6e:e5:4d:2f:9b:e3:bb:f5:bf:3c:
         de:7a:05:99:1d:73:33:a4:5b:97:97:9c:70:a6:7f:82:40:e0:
         c5:0d:c0:8e:06:4a:c3:6e:3d:87:8d:18:39:ff:61:6e:b0:d6:
         6f:0b:fe:22:0d:ed:f4:00:f8:bf:46:4f:d7:cf:d7:34:63:05:
         cc:d1:90:a9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAknVNlZxLc1FPU/ov1I1BNN68HYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI3MDAwMDAwWhcNMjMxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3N2FiZmNlMmVlNmUxOGNlMzc2MzU5NGYxMmQ2MTBkMWY2
NjM0ODg2YTg4ZDA3Zjk0YTQwYTFlMjMxMTY1NjRhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzoZwfM7NJFdTJ+CnvRIjZXZhydoPxHhr3G63mZ2PRzYMl
FF6s1EZGH2SG6ldtkeE9EH0DxofDDUAzQOmb7Rzp203mzomxh8zsdF9XjFk5hqQy
Aek2yBkt4U+ZmsBjlSsHtu5RGA1U96IEVsVAQZxqD2U25eUct9SxdU6eC+Ll1Y4Z
EpY3QfwdNXGFvaxsSpW2YcgYmOrPeynglyVgw2HEpQmOEWuLh5qqLqtBn6YlC6lN
WkBkw6BpfuH+3+yjhTCqeQbA0ZF6GBvTwNMTaTrBEQ0OhVOMA1JSzzbvujvpGACi
z/t/CKpareoRureZJ6shkmsOdLun0CkhGwi99vkbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3MzuKuVHcDtvnOxhKYgeazAu5sIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q0ZjEyZGQ3LTMyZjItNDE2Yi04ODk5LTk3ZDA4MzVlNjQwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI68XNNXw5uYv3jCZ0uMENiuRUls
SSNoNCKxBibQJbmXFy1DdkMungejeIUgYq60qIyx8kGYqR3NLt0GuS/wCRaAXivb
Sd/f8DqU2X/Agsa2W6rxrc13V9zQOsu4ejjttkxRdubU2/2B7iG1Gmif7YGVyy9a
LEngF0pSD+U7GlXFDzhqDu1ojf4iogzitp28USYnCGeE/EYC/6jGSj9IzHuQejgp
INHp4ltaQeNOE2VQiZBYalSyGhewMUF4buVNL5vju/W/PN56BZkdczOkW5eXnHCm
f4JA4MUNwI4GSsNuPYeNGDn/YW6w1m8L/iIN7fQA+L9GT9fP1zRjBczRkKk=
-----END CERTIFICATE-----