Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d995d26d-7f94-4467-84f8-0f71a4b612b2.roa
File:                     d995d26d-7f94-4467-84f8-0f71a4b612b2.roa (raw, json)
Hash identifier:          t1azh6oUhLnwthi+HZUNnyzSwhxrpRLSd2Rl/ALP1KY=
Subject key identifier:   87:65:05:ED:3E:8C:45:82:4A:DD:E1:9E:BE:20:4F:E2:29:26:1F:6D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0D7DA31BFC46B3BBBF8BEBA9E71517365D19DF39
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d995d26d-7f94-4467-84f8-0f71a4b612b2.roa
Signing time:             Sat 14 Oct 2023 00:00:00 +0000
ROA not before:           Sat 14 Oct 2023 00:00:00 +0000
ROA not after:            Sat 18 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:7d:a3:1b:fc:46:b3:bb:bf:8b:eb:a9:e7:15:17:36:5d:19:df:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 14 00:00:00 2023 GMT
            Not After : Nov 18 23:59:59 2023 GMT
        Subject: serialNumber=ac0dd5fd5646feeda533f62d6438a9c7189c615d148edc801252b3b12317e0b1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:39:e0:2e:d1:0e:c9:a5:79:6c:da:ac:dc:a9:
                    21:28:61:ac:c9:64:db:5f:27:a5:37:fa:79:81:77:
                    f7:81:3a:54:d6:0e:6b:e4:c4:fb:cf:35:d2:7c:2c:
                    d4:45:0d:1c:55:c4:db:12:7c:77:a4:31:66:29:ce:
                    d5:f5:fa:4e:32:9d:e7:62:eb:ee:61:28:94:ce:a5:
                    3c:a4:4b:29:81:ea:07:da:c9:19:09:31:f0:16:82:
                    62:9d:4e:65:68:54:47:a8:03:fb:38:00:2f:ae:2a:
                    95:c4:46:3c:c3:96:67:dd:e2:79:65:68:6b:e3:3a:
                    47:d9:39:cf:6a:a7:2a:20:f0:7f:fb:09:60:15:9c:
                    c2:22:75:6a:30:8f:20:30:79:10:ff:2e:0a:ae:fe:
                    61:91:b8:a6:f1:c6:54:6a:06:d3:0c:87:40:3f:1a:
                    40:e4:6e:37:2d:9a:ea:7c:8e:9c:84:4d:59:44:a0:
                    74:ea:b8:21:a1:14:fa:59:26:d2:9c:84:d1:c8:de:
                    3e:23:04:e1:5c:7e:8c:3f:9a:48:8e:22:80:5c:2a:
                    9c:0c:0b:53:fb:50:f4:7b:3a:25:f2:7b:0e:14:fc:
                    95:15:44:cc:3c:7f:bf:91:61:e4:f2:cb:eb:f5:05:
                    c4:ed:a9:1c:9c:ad:86:9a:11:17:74:d8:1f:0a:3f:
                    9d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:65:05:ED:3E:8C:45:82:4A:DD:E1:9E:BE:20:4F:E2:29:26:1F:6D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d995d26d-7f94-4467-84f8-0f71a4b612b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:60:83:be:88:7a:33:c6:a1:80:7c:d3:2a:e7:aa:ea:d6:a6:
         45:00:82:41:34:1c:fe:b7:20:e0:98:3e:67:da:e6:fd:8e:d2:
         3e:08:be:c2:1a:d5:bd:5c:2a:f3:9d:31:26:55:88:33:44:1f:
         6c:e7:dd:34:05:6c:04:31:cc:0a:1e:8f:f1:32:34:d4:7c:12:
         ac:89:81:b5:b6:1e:e1:3d:18:86:ff:f6:48:1f:45:69:a9:8a:
         5a:bf:f8:4c:cf:75:05:93:8d:34:4c:15:1a:d3:b3:18:a0:12:
         08:9b:76:cd:fd:23:df:48:ab:20:ea:3c:9f:13:9b:94:f1:c1:
         6d:a0:b4:9a:52:82:31:46:e3:c3:b7:cd:a1:6f:be:b7:52:64:
         a4:07:fa:a8:57:7d:ce:19:cb:cf:f0:2d:82:47:0a:63:3c:1d:
         7e:51:85:b5:25:d4:fb:f1:73:cf:9a:e8:04:3b:c2:90:f9:f7:
         0b:6e:ed:a9:4e:82:fe:b0:f6:4a:e9:4c:82:b1:6b:09:e0:fb:
         ea:9d:48:96:69:de:46:33:df:f7:f5:42:ec:f0:b9:01:31:ea:
         47:65:b6:2a:52:10:68:dd:e0:10:fc:01:01:ce:ae:c8:52:49:
         6b:3d:36:c3:c7:c3:6c:24:26:d1:55:1d:fa:93:8e:ac:a3:f5:
         30:d0:8d:b1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDX2jG/xGs7u/i+up5xUXNl0Z3zkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE0MDAwMDAwWhcNMjMxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYzBkZDVmZDU2NDZmZWVkYTUzM2Y2MmQ2NDM4YTljNzE4
OWM2MTVkMTQ4ZWRjODAxMjUyYjNiMTIzMTdlMGIxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD0OeAu0Q7JpXls2qzcqSEoYazJZNtfJ6U3+nmBd/eBOlTW
DmvkxPvPNdJ8LNRFDRxVxNsSfHekMWYpztX1+k4ynedi6+5hKJTOpTykSymB6gfa
yRkJMfAWgmKdTmVoVEeoA/s4AC+uKpXERjzDlmfd4nllaGvjOkfZOc9qpyog8H/7
CWAVnMIidWowjyAweRD/Lgqu/mGRuKbxxlRqBtMMh0A/GkDkbjctmup8jpyETVlE
oHTquCGhFPpZJtKchNHI3j4jBOFcfow/mkiOIoBcKpwMC1P7UPR7OiXyew4U/JUV
RMw8f7+RYeTyy+v1BcTtqRycrYaaERd02B8KP50zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUh2UF7T6MRYJK3eGeviBP4ikmH20wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q5OTVkMjZkLTdmOTQtNDQ2Ny04NGY4LTBmNzFhNGI2MTJiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIJgg76IejPGoYB80yrnqurWpkUA
gkE0HP63IOCYPmfa5v2O0j4IvsIa1b1cKvOdMSZViDNEH2zn3TQFbAQxzAoej/Ey
NNR8EqyJgbW2HuE9GIb/9kgfRWmpilq/+EzPdQWTjTRMFRrTsxigEgibds39I99I
qyDqPJ8Tm5TxwW2gtJpSgjFG48O3zaFvvrdSZKQH+qhXfc4Zy8/wLYJHCmM8HX5R
hbUl1Pvxc8+a6AQ7wpD59wtu7alOgv6w9krpTIKxawng++qdSJZp3kYz3/f1Quzw
uQEx6kdltipSEGjd4BD8AQHOrshSSWs9NsPHw2wkJtFVHfqTjqyj9TDQjbE=
-----END CERTIFICATE-----