Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e1247607-1444-4309-b5c0-c7d3a84bb77f.roa
File:                     e1247607-1444-4309-b5c0-c7d3a84bb77f.roa (raw, json)
Hash identifier:          7AU9pq8jG8WuIJNj+TrgxV/bN+eO1ZBJmODuwFDFBeI=
Subject key identifier:   6E:AD:D9:DA:51:34:52:E5:8C:27:3D:9F:A2:DB:D2:C7:34:1B:2C:23
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4206C98976CADB30FE052256D0BCD8D534587785
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e1247607-1444-4309-b5c0-c7d3a84bb77f.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:06:c9:89:76:ca:db:30:fe:05:22:56:d0:bc:d8:d5:34:58:77:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=4f3e6072adcba71611ca2938a3c90c10013e18dc6f9c399c2c3e44be10cfe67d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4f:1f:2e:5e:0c:26:51:90:ff:48:64:6e:b0:
                    2c:0d:c7:be:da:53:43:63:cb:2a:82:c4:e2:b5:6e:
                    62:c4:69:84:90:75:e6:1f:10:f6:0d:c2:c0:e8:df:
                    fd:29:42:4f:59:ba:58:8a:9d:58:c2:c9:7f:f4:9f:
                    6a:01:ad:0d:5c:d3:17:3d:4c:48:04:c7:35:53:ac:
                    e1:38:ff:da:de:3c:25:9e:8b:4b:ff:39:3b:1a:78:
                    ce:d7:02:72:14:1b:0a:ce:72:bd:db:1e:c9:c7:cb:
                    c1:83:e1:64:15:ff:9c:f1:46:99:3c:37:b4:aa:4f:
                    9c:63:e4:40:e4:9c:c9:ad:cf:f5:fb:89:a2:17:4b:
                    84:87:b6:c1:1e:62:34:c0:4e:31:d0:4a:62:67:a0:
                    5a:c9:b2:e1:d7:f4:5c:2d:be:92:cb:23:d0:0a:da:
                    34:4c:94:d9:da:1a:25:40:0d:e8:b6:f5:71:8a:e9:
                    da:ac:81:09:ca:32:b0:1b:7d:c2:d9:4c:36:3a:9c:
                    84:59:7a:84:eb:37:ec:d4:a7:18:20:ad:2f:a9:aa:
                    81:8c:3a:13:06:9d:4f:f9:05:0a:37:42:41:5c:55:
                    04:ea:4b:15:16:a5:8c:87:9d:bf:3a:9a:bf:a1:06:
                    41:8d:0f:e6:6f:43:ee:ed:b9:47:27:1d:fd:82:7c:
                    4a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:AD:D9:DA:51:34:52:E5:8C:27:3D:9F:A2:DB:D2:C7:34:1B:2C:23
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e1247607-1444-4309-b5c0-c7d3a84bb77f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:32:2f:77:dc:38:39:c5:f7:d5:b3:de:be:a3:5d:64:ce:d4:
         f1:df:3a:f6:87:a5:79:78:27:9a:bb:83:09:46:fc:42:97:0a:
         89:5f:66:15:af:24:8f:1c:9e:87:06:34:be:71:8e:d4:e8:89:
         c6:a3:11:a0:60:68:bf:bf:66:04:bb:76:d5:20:49:4a:6a:b5:
         e0:23:79:db:0a:17:2f:0e:11:cd:0e:07:a4:3b:ad:36:14:b1:
         bc:a9:9d:fb:89:e8:10:fa:13:c9:c5:cd:ab:99:8e:72:5b:e6:
         f4:0b:cd:56:23:69:3f:0a:1c:b2:1b:78:e9:16:7d:dd:3b:b2:
         85:35:4a:f5:77:5e:85:aa:ff:56:c9:a5:dd:e3:dc:ff:cb:fa:
         07:8c:1a:f4:10:5c:e8:76:f8:b6:a0:d8:d3:cb:2e:d8:ad:2b:
         c4:49:75:2e:17:d5:a3:1c:80:dd:65:fb:96:6a:65:c1:6e:48:
         34:2c:50:4c:7d:ea:77:9b:b3:73:4c:48:6c:20:30:7c:a1:84:
         53:da:90:5b:c8:30:8b:e6:ad:3b:9e:3b:84:c6:b4:9e:46:cf:
         ce:2d:bd:44:62:02:a7:f4:cf:2e:49:c1:27:89:f0:8c:71:b6:
         00:14:39:da:60:81:e0:f0:95:88:b0:d1:e0:9b:9d:23:3c:08:
         e9:81:6f:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQgbJiXbK2zD+BSJW0LzY1TRYd4UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE4MDAwMDAwWhcNMjMxMDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZjNlNjA3MmFkY2JhNzE2MTFjYTI5MzhhM2M5MGMxMDAx
M2UxOGRjNmY5YzM5OWMyYzNlNDRiZTEwY2ZlNjdkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDITx8uXgwmUZD/SGRusCwNx77aU0NjyyqCxOK1bmLEaYSQ
deYfEPYNwsDo3/0pQk9ZuliKnVjCyX/0n2oBrQ1c0xc9TEgExzVTrOE4/9rePCWe
i0v/OTsaeM7XAnIUGwrOcr3bHsnHy8GD4WQV/5zxRpk8N7SqT5xj5EDknMmtz/X7
iaIXS4SHtsEeYjTATjHQSmJnoFrJsuHX9FwtvpLLI9AK2jRMlNnaGiVADei29XGK
6dqsgQnKMrAbfcLZTDY6nIRZeoTrN+zUpxggrS+pqoGMOhMGnU/5BQo3QkFcVQTq
SxUWpYyHnb86mr+hBkGND+ZvQ+7tuUcnHf2CfEpBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbq3Z2lE0UuWMJz2fotvSxzQbLCMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2UxMjQ3NjA3LTE0NDQtNDMwOS1iNWMwLWM3ZDNhODRiYjc3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGQyL3fcODnF99Wz3r6jXWTO1PHf
OvaHpXl4J5q7gwlG/EKXColfZhWvJI8cnocGNL5xjtToicajEaBgaL+/ZgS7dtUg
SUpqteAjedsKFy8OEc0OB6Q7rTYUsbypnfuJ6BD6E8nFzauZjnJb5vQLzVYjaT8K
HLIbeOkWfd07soU1SvV3XoWq/1bJpd3j3P/L+geMGvQQXOh2+Lag2NPLLtitK8RJ
dS4X1aMcgN1l+5ZqZcFuSDQsUEx96nebs3NMSGwgMHyhhFPakFvIMIvmrTueO4TG
tJ5Gz84tvURiAqf0zy5JwSeJ8IxxtgAUOdpggeDwlYiw0eCbnSM8COmBbyU=
-----END CERTIFICATE-----