Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e2cb8769-6625-4363-8f0c-51d7d6e59d32.roa
File:                     e2cb8769-6625-4363-8f0c-51d7d6e59d32.roa (raw, json)
Hash identifier:          wFfvw79XRJJoKWDLKUw36V90/x7cnDlU4J3gMhoGa18=
Subject key identifier:   97:3D:45:3E:86:CE:1D:3D:44:94:24:7A:41:51:83:23:D8:D1:BF:20
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       57E0AD5873A3E1C44110F591F5C820732F5836CA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e2cb8769-6625-4363-8f0c-51d7d6e59d32.roa
Signing time:             Sat 11 Nov 2023 00:00:00 +0000
ROA not before:           Sat 11 Nov 2023 00:00:00 +0000
ROA not after:            Sat 16 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:e0:ad:58:73:a3:e1:c4:41:10:f5:91:f5:c8:20:73:2f:58:36:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 11 00:00:00 2023 GMT
            Not After : Dec 16 23:59:59 2023 GMT
        Subject: serialNumber=8614a10a6736849ab13298ec7b93db3e15ac3a9805a159fd82c9d86a79aa028c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:77:56:18:76:5a:32:ff:d5:37:cb:2d:21:1e:
                    1d:3d:e4:5d:29:73:a9:f0:7f:1c:3c:82:25:39:75:
                    f8:37:f3:7d:10:db:4e:dc:2f:f9:06:67:71:2c:0d:
                    7f:f4:69:15:75:12:d0:a0:c1:af:40:5b:37:3b:8a:
                    3b:bf:bb:04:a7:2f:d8:ba:48:46:9c:f8:b0:36:44:
                    eb:48:48:c3:24:70:9a:33:40:1b:3f:59:65:cd:52:
                    65:4a:68:7e:a3:89:62:5d:d4:fe:ed:54:a8:0e:a1:
                    d6:e5:da:08:ee:c4:c0:87:72:e6:0c:dd:e6:d7:2d:
                    61:d1:db:98:e3:38:e2:d1:68:62:ed:26:0b:db:f0:
                    74:ab:aa:ef:20:a4:0c:68:3c:aa:07:ec:00:95:5d:
                    16:53:f7:b3:e6:31:2c:02:fc:04:fc:a9:0c:00:7d:
                    b6:18:d7:e3:5c:cf:e8:1b:a8:33:76:32:32:32:90:
                    5c:6b:ce:8b:92:ef:5a:fd:0e:8a:c3:a6:de:e3:aa:
                    9e:cc:ee:ce:2e:ec:11:47:ee:01:eb:00:31:fb:f9:
                    73:e1:e5:da:8d:ed:88:de:d3:1b:37:af:2d:40:85:
                    fb:fd:6f:e3:76:e0:14:b6:4d:9f:38:51:2c:54:b9:
                    d2:49:a2:9c:7c:37:e4:21:95:78:a0:3e:11:61:60:
                    32:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:3D:45:3E:86:CE:1D:3D:44:94:24:7A:41:51:83:23:D8:D1:BF:20
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e2cb8769-6625-4363-8f0c-51d7d6e59d32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:2d:06:18:57:c4:c2:99:41:ee:84:2a:fe:7e:8e:dc:b7:a7:
         d8:14:dd:ba:f9:60:90:2d:30:67:1c:6b:98:eb:22:08:76:c2:
         57:b6:50:8c:e0:2e:2e:44:be:cf:32:13:bf:38:8b:80:7d:8b:
         00:24:47:f5:9d:7f:84:ff:04:0b:fb:46:bd:2b:36:08:df:a5:
         fd:4e:7c:21:bf:d8:1b:d3:8a:b7:e1:a3:af:31:36:67:9e:c2:
         f0:ff:11:d8:f3:ff:09:0e:63:8a:3b:fc:89:1b:14:9c:ac:49:
         5d:32:97:87:7c:4e:fb:f0:28:69:0d:d3:40:79:7d:b1:13:06:
         90:a6:4f:0c:47:17:40:5c:41:41:9b:44:82:a9:e1:be:0f:98:
         c3:3a:62:2c:db:dc:a9:9c:d7:71:c9:3f:48:54:40:63:ad:da:
         e8:7c:05:97:ff:63:7e:98:f7:e0:49:d5:00:df:75:87:aa:47:
         4b:5c:79:fd:76:ff:39:59:9e:cd:cb:20:bb:e9:8c:59:c0:2e:
         74:91:f2:37:4a:ec:41:bf:2d:01:22:57:da:97:40:39:45:ac:
         82:01:20:88:8e:03:48:74:56:69:5e:00:3e:bc:6b:c3:31:82:
         26:58:d6:46:95:f5:3c:1f:b1:06:fb:27:63:6f:72:2e:29:f7:
         90:13:e2:a4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV+CtWHOj4cRBEPWR9cggcy9YNsowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTExMDAwMDAwWhcNMjMxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjE0YTEwYTY3MzY4NDlhYjEzMjk4ZWM3YjkzZGIzZTE1
YWMzYTk4MDVhMTU5ZmQ4MmM5ZDg2YTc5YWEwMjhjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDwd1YYdloy/9U3yy0hHh095F0pc6nwfxw8giU5dfg3830Q
207cL/kGZ3EsDX/0aRV1EtCgwa9AWzc7iju/uwSnL9i6SEac+LA2ROtISMMkcJoz
QBs/WWXNUmVKaH6jiWJd1P7tVKgOodbl2gjuxMCHcuYM3ebXLWHR25jjOOLRaGLt
Jgvb8HSrqu8gpAxoPKoH7ACVXRZT97PmMSwC/AT8qQwAfbYY1+Ncz+gbqDN2MjIy
kFxrzouS71r9DorDpt7jqp7M7s4u7BFH7gHrADH7+XPh5dqN7Yje0xs3ry1Ahfv9
b+N24BS2TZ84USxUudJJopx8N+QhlXigPhFhYDJlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlz1FPobOHT1ElCR6QVGDI9jRvyAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2UyY2I4NzY5LTY2MjUtNDM2My04ZjBjLTUxZDdkNmU1OWQzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEstBhhXxMKZQe6EKv5+jty3p9gU
3br5YJAtMGcca5jrIgh2wle2UIzgLi5Evs8yE784i4B9iwAkR/Wdf4T/BAv7Rr0r
Ngjfpf1OfCG/2BvTirfho68xNmeewvD/Edjz/wkOY4o7/IkbFJysSV0yl4d8Tvvw
KGkN00B5fbETBpCmTwxHF0BcQUGbRIKp4b4PmMM6Yizb3Kmc13HJP0hUQGOt2uh8
BZf/Y36Y9+BJ1QDfdYeqR0tcef12/zlZns3LILvpjFnALnSR8jdK7EG/LQEiV9qX
QDlFrIIBIIiOA0h0VmleAD68a8MxgiZY1kaV9TwfsQb7J2Nvci4p95AT4qQ=
-----END CERTIFICATE-----