Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8b7d4db-52ba-4012-ba86-374063db3bb2.roa
File:                     d8b7d4db-52ba-4012-ba86-374063db3bb2.roa (raw, json)
Hash identifier:          XTSklcY3KmnClsbDt9uahwtq7dzm+vZv4cdDMMWDQkM=
Subject key identifier:   7B:30:56:B2:DB:9B:22:6C:DA:A7:9E:58:2F:A8:64:D1:AB:FC:05:D6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2B3D60A2BC46B871F3C1713943D5C08B88889B49
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8b7d4db-52ba-4012-ba86-374063db3bb2.roa
Signing time:             Wed 27 Sep 2023 00:00:00 +0000
ROA not before:           Wed 27 Sep 2023 00:00:00 +0000
ROA not after:            Wed 01 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:3d:60:a2:bc:46:b8:71:f3:c1:71:39:43:d5:c0:8b:88:88:9b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 27 00:00:00 2023 GMT
            Not After : Nov  1 23:59:59 2023 GMT
        Subject: serialNumber=b4f6d8fc4bcdad7ae2a993d687589e06472aca7f0a074910a1e64b9a8fa2d4d3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:ef:02:5e:1b:61:c4:59:fd:11:c5:0a:65:d1:
                    d3:47:61:53:71:ba:d9:de:8e:f4:09:1d:90:96:3b:
                    50:91:be:71:41:0b:7f:31:a4:14:cb:bd:9a:f8:6d:
                    78:a9:ae:31:de:29:54:70:ea:8a:49:9e:b6:6e:63:
                    1a:a9:cc:93:2b:a4:10:7f:0f:0f:97:9e:96:02:90:
                    c2:17:23:00:4b:9a:79:a8:9d:62:28:43:03:a6:68:
                    c4:ba:20:ba:f4:b0:3e:69:55:3d:7d:23:99:b3:ee:
                    05:1d:e9:30:59:63:d7:e3:00:18:27:af:c2:08:aa:
                    64:db:c1:e7:a3:43:f3:c4:5c:d8:77:19:a2:d4:a1:
                    2e:f5:ec:c2:6f:4e:a6:08:d8:11:ed:66:f3:08:49:
                    17:d2:c9:1f:9d:cf:ec:5c:d7:84:71:03:25:3f:fe:
                    5d:52:72:65:43:30:2a:7f:a1:06:07:1d:81:95:03:
                    3f:66:22:67:54:bc:85:0b:24:6f:01:e3:c9:d3:e9:
                    e5:6f:50:46:38:ba:c8:2c:5e:34:30:62:ae:4d:7c:
                    e7:79:b0:6b:e8:62:30:83:86:47:89:d0:35:b1:f9:
                    a5:46:f4:d5:87:6a:d8:c0:66:ef:9e:3a:08:f3:81:
                    00:a5:32:f5:a5:1b:c7:1b:16:0b:b6:bf:71:7d:da:
                    c0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:30:56:B2:DB:9B:22:6C:DA:A7:9E:58:2F:A8:64:D1:AB:FC:05:D6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8b7d4db-52ba-4012-ba86-374063db3bb2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:96:24:e7:56:5b:c9:4b:e8:f7:4d:f0:da:e7:ab:f2:7d:9f:
         34:3c:cf:95:4e:28:f2:00:ab:77:22:61:16:9c:2a:d9:ad:69:
         93:93:ae:22:29:fb:ce:65:72:fd:46:32:0a:07:5d:6a:74:42:
         4c:98:2a:64:a9:d5:bd:55:18:0e:57:ee:bd:b0:50:2a:86:79:
         bb:3c:4a:cf:18:c4:80:e1:64:e7:77:5f:9b:8c:93:e4:89:24:
         92:77:13:8d:d1:b6:df:56:dc:b9:e0:08:d9:28:c5:9c:a1:30:
         48:0c:f0:88:fa:37:dd:1a:b4:ee:06:33:c9:4d:53:9e:5e:25:
         33:8e:eb:5e:30:3b:88:85:40:d4:0b:4c:f6:b0:86:73:74:d3:
         40:c2:23:23:52:93:29:b5:bd:d5:d9:05:a8:dc:5f:33:60:ed:
         cb:fa:6f:ed:13:d3:86:fb:a4:6d:5c:f4:76:42:ad:77:2c:f4:
         de:96:56:21:c5:55:ae:e0:09:43:1f:46:6f:38:23:a5:d2:4f:
         f7:96:bd:e1:95:fe:c1:b3:61:5a:6e:a1:86:63:b7:2d:cb:a2:
         1c:8e:1a:11:a1:f4:7d:f1:dd:cf:24:06:5d:e1:05:7a:bb:74:
         bd:cc:d4:bc:fd:a4:1d:be:62:ad:b4:5f:8c:e6:71:40:11:19:
         fb:a7:e2:ab
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKz1gorxGuHHzwXE5Q9XAi4iIm0kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI3MDAwMDAwWhcNMjMxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNGY2ZDhmYzRiY2RhZDdhZTJhOTkzZDY4NzU4OWUwNjQ3
MmFjYTdmMGEwNzQ5MTBhMWU2NGI5YThmYTJkNGQzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDp7wJeG2HEWf0RxQpl0dNHYVNxutnejvQJHZCWO1CRvnFB
C38xpBTLvZr4bXiprjHeKVRw6opJnrZuYxqpzJMrpBB/Dw+XnpYCkMIXIwBLmnmo
nWIoQwOmaMS6ILr0sD5pVT19I5mz7gUd6TBZY9fjABgnr8IIqmTbweejQ/PEXNh3
GaLUoS717MJvTqYI2BHtZvMISRfSyR+dz+xc14RxAyU//l1ScmVDMCp/oQYHHYGV
Az9mImdUvIULJG8B48nT6eVvUEY4usgsXjQwYq5NfOd5sGvoYjCDhkeJ0DWx+aVG
9NWHatjAZu+eOgjzgQClMvWlG8cbFgu2v3F92sBXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUezBWstubImzap55YL6hk0av8BdYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q4YjdkNGRiLTUyYmEtNDAxMi1iYTg2LTM3NDA2M2RiM2JiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABuWJOdWW8lL6PdN8Nrnq/J9nzQ8
z5VOKPIAq3ciYRacKtmtaZOTriIp+85lcv1GMgoHXWp0QkyYKmSp1b1VGA5X7r2w
UCqGebs8Ss8YxIDhZOd3X5uMk+SJJJJ3E43Rtt9W3LngCNkoxZyhMEgM8Ij6N90a
tO4GM8lNU55eJTOO614wO4iFQNQLTPawhnN000DCIyNSkym1vdXZBajcXzNg7cv6
b+0T04b7pG1c9HZCrXcs9N6WViHFVa7gCUMfRm84I6XST/eWveGV/sGzYVpuoYZj
ty3LohyOGhGh9H3x3c8kBl3hBXq7dL3M1Lz9pB2+Yq20X4zmcUARGfun4qs=
-----END CERTIFICATE-----