Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd2f22cf-da29-462f-8f7f-20d8b6cb5531.roa
File:                     dd2f22cf-da29-462f-8f7f-20d8b6cb5531.roa (raw, json)
Hash identifier:          2p541zfQxjiyxj38Q2JU5s4t34zx7xT06TJWoo8j5fw=
Subject key identifier:   CB:68:23:9A:AB:35:31:91:13:19:05:36:C5:A9:7C:AE:27:27:40:A9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0DC48835152E2BC6EEE395FCEEFAFBC1F1EEBCD2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd2f22cf-da29-462f-8f7f-20d8b6cb5531.roa
Signing time:             Tue 19 Sep 2023 00:00:00 +0000
ROA not before:           Tue 19 Sep 2023 00:00:00 +0000
ROA not after:            Tue 24 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:c4:88:35:15:2e:2b:c6:ee:e3:95:fc:ee:fa:fb:c1:f1:ee:bc:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 19 00:00:00 2023 GMT
            Not After : Oct 24 23:59:59 2023 GMT
        Subject: serialNumber=2d467ec518ea8118ca25c2fc15fce750b2b2291be3fe49c87127a8c09f229c18, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6f:ca:6b:6c:1a:97:fa:79:94:9e:3b:f6:ce:
                    88:c5:01:4d:09:08:38:37:b9:36:af:f0:65:0a:7f:
                    22:42:62:04:bb:ff:8f:82:70:0e:f4:b2:43:e5:89:
                    45:bf:6b:cb:a6:b0:5a:f3:f8:59:78:d1:02:58:13:
                    30:73:68:07:47:f4:e9:05:b8:f2:67:2e:a6:2f:0f:
                    1e:54:2f:c8:83:ed:42:a0:ae:bb:b9:f6:74:f1:3d:
                    b5:32:e1:b8:2a:ae:7a:f8:86:d3:c4:c3:b0:43:01:
                    c6:ee:8b:8f:6a:2d:8e:2e:05:72:e8:6c:2a:fb:d2:
                    78:d0:20:7d:93:82:b8:43:0e:6a:ee:b8:63:49:3c:
                    f0:de:82:4b:55:b1:8b:ad:38:12:aa:ff:74:33:42:
                    e2:e4:6b:46:d3:72:8c:90:82:52:0a:2c:f4:a7:33:
                    99:8f:07:95:c5:66:54:2f:bb:e2:ff:24:74:3e:ce:
                    b3:5b:80:69:4a:ed:af:b9:eb:75:7e:ad:91:21:9a:
                    c4:25:fc:c5:bf:5e:e1:37:ed:f3:60:d5:fd:be:45:
                    2b:22:64:8c:66:50:24:86:41:79:99:2b:e2:9e:7c:
                    e7:0c:f3:35:bc:80:6d:82:54:0c:af:5d:b7:48:cb:
                    34:f2:36:7e:4d:d8:b1:a8:2f:61:b8:28:32:42:78:
                    53:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:68:23:9A:AB:35:31:91:13:19:05:36:C5:A9:7C:AE:27:27:40:A9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd2f22cf-da29-462f-8f7f-20d8b6cb5531.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:3d:b2:ca:5f:4b:2e:96:a1:9a:cc:12:6e:1c:28:8f:85:e6:
         9b:00:da:44:c7:41:99:a8:e4:a6:0a:4d:12:28:97:40:b0:64:
         eb:c7:43:23:25:6e:d1:e5:d4:19:e8:9b:22:8e:68:02:93:16:
         0a:d7:16:81:1a:32:ab:e0:5d:5b:7f:0f:96:98:49:e4:06:d7:
         9c:80:c3:42:68:39:90:f3:9f:83:4b:ce:b5:89:69:79:f1:58:
         d4:f4:f8:5e:fe:ce:33:8d:c1:f5:32:60:7a:33:00:ac:95:2a:
         ae:0c:5c:59:6d:fb:f5:12:8c:ba:a8:5d:e6:8c:f4:fb:5f:40:
         19:22:0a:6f:1e:76:ce:fd:35:65:c4:1f:b7:eb:92:24:72:fc:
         bd:b1:33:c4:95:7d:0e:7a:a4:d8:4e:2c:70:93:1a:0f:3e:03:
         79:96:f5:e1:25:ff:5a:2f:c9:63:7f:38:a3:92:5b:e7:78:93:
         ba:93:d3:bf:3f:ec:66:b1:b0:46:26:55:79:4f:9b:fb:90:69:
         18:70:7c:ef:ca:2a:8d:87:e5:6f:44:93:a7:de:e7:4b:e6:09:
         34:4d:67:1c:dc:11:89:21:7b:73:7f:a6:b1:34:ab:5c:db:8e:
         6d:36:28:17:19:83:91:6c:26:7f:2a:24:8a:61:b5:8d:d3:f8:
         67:11:2b:1a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDcSINRUuK8bu45X87vr7wfHuvNIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE5MDAwMDAwWhcNMjMxMDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZDQ2N2VjNTE4ZWE4MTE4Y2EyNWMyZmMxNWZjZTc1MGIy
YjIyOTFiZTNmZTQ5Yzg3MTI3YThjMDlmMjI5YzE4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtb8prbBqX+nmUnjv2zojFAU0JCDg3uTav8GUKfyJCYgS7
/4+CcA70skPliUW/a8umsFrz+Fl40QJYEzBzaAdH9OkFuPJnLqYvDx5UL8iD7UKg
rru59nTxPbUy4bgqrnr4htPEw7BDAcbui49qLY4uBXLobCr70njQIH2TgrhDDmru
uGNJPPDegktVsYutOBKq/3QzQuLka0bTcoyQglIKLPSnM5mPB5XFZlQvu+L/JHQ+
zrNbgGlK7a+563V+rZEhmsQl/MW/XuE37fNg1f2+RSsiZIxmUCSGQXmZK+KefOcM
8zW8gG2CVAyvXbdIyzTyNn5N2LGoL2G4KDJCeFOfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUy2gjmqs1MZETGQU2xal8ricnQKkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RkMmYyMmNmLWRhMjktNDYyZi04ZjdmLTIwZDhiNmNiNTUzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB49sspfSy6WoZrMEm4cKI+F5psA
2kTHQZmo5KYKTRIol0CwZOvHQyMlbtHl1BnomyKOaAKTFgrXFoEaMqvgXVt/D5aY
SeQG15yAw0JoOZDzn4NLzrWJaXnxWNT0+F7+zjONwfUyYHozAKyVKq4MXFlt+/US
jLqoXeaM9PtfQBkiCm8eds79NWXEH7frkiRy/L2xM8SVfQ56pNhOLHCTGg8+A3mW
9eEl/1ovyWN/OKOSW+d4k7qT078/7GaxsEYmVXlPm/uQaRhwfO/KKo2H5W9Ek6fe
50vmCTRNZxzcEYkhe3N/prE0q1zbjm02KBcZg5FsJn8qJIphtY3T+GcRKxo=
-----END CERTIFICATE-----