Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e73adb76-784c-4313-abbc-0a33db204da2.roa
File:                     e73adb76-784c-4313-abbc-0a33db204da2.roa (raw, json)
Hash identifier:          ocFrH2tha9IiDtmLEIjiRsZKvEWto5TmChVqAsijzS4=
Subject key identifier:   E9:C8:CA:AB:1F:B4:B7:F2:FC:8E:93:D9:4E:4B:DA:69:47:10:59:BA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       376E069AE0F39BA7599496597061D1ED2D00E4D8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e73adb76-784c-4313-abbc-0a33db204da2.roa
Signing time:             Mon 25 Sep 2023 00:00:00 +0000
ROA not before:           Mon 25 Sep 2023 00:00:00 +0000
ROA not after:            Mon 30 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:6e:06:9a:e0:f3:9b:a7:59:94:96:59:70:61:d1:ed:2d:00:e4:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 25 00:00:00 2023 GMT
            Not After : Oct 30 23:59:59 2023 GMT
        Subject: serialNumber=96f6d3e45106d923cd6759d138460d09a7920abe7fe0b516a5df7fc361bf9d5b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1c:ee:ce:37:71:51:c1:cf:08:ff:40:af:84:
                    8d:f7:35:c9:0d:39:cf:f2:1a:1f:ce:dd:7b:f7:5d:
                    bf:f8:19:fc:73:b1:d8:0b:59:68:b8:32:47:2d:77:
                    bc:60:2e:f1:0f:ad:4e:e4:24:fb:63:2a:5d:63:5c:
                    40:d5:e8:ee:3a:6e:e9:e5:bc:8b:22:1f:50:fd:85:
                    72:21:e6:6d:27:ca:0e:8d:30:8b:d2:88:37:52:ea:
                    0a:bf:9e:61:a7:28:59:43:26:60:16:1a:80:54:5a:
                    f6:b7:8b:f6:70:00:6b:45:f8:d3:02:f3:16:77:89:
                    e0:ad:79:3b:6c:00:3b:a1:b1:d3:52:cc:ad:fe:85:
                    cb:98:7c:74:76:a4:a0:37:8c:ee:26:3a:51:f8:91:
                    e1:7c:1d:ec:b4:70:35:51:b0:17:0f:0d:6e:ed:05:
                    92:66:03:74:3c:32:73:d9:1e:a4:72:17:28:7b:8d:
                    5d:b5:24:26:22:a5:df:40:58:a3:df:1e:d3:a4:60:
                    08:97:9f:a9:bb:01:b0:93:19:ef:18:2b:ef:e6:fa:
                    aa:43:e5:55:b2:6f:8e:6a:22:4d:70:d9:a5:a2:cf:
                    73:bf:48:d2:d4:1a:e9:27:c8:e1:57:30:8e:b9:8a:
                    2a:b1:83:a2:07:22:3e:06:be:48:3d:71:01:47:55:
                    9c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:C8:CA:AB:1F:B4:B7:F2:FC:8E:93:D9:4E:4B:DA:69:47:10:59:BA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e73adb76-784c-4313-abbc-0a33db204da2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:46:8c:02:b1:19:00:d4:54:5d:ea:23:d9:93:49:e6:15:a9:
         40:58:50:5a:eb:ef:49:30:a9:48:13:e7:32:4f:7d:27:f1:81:
         86:de:3d:29:45:65:b5:f8:fb:f1:01:5d:7f:94:d9:74:23:18:
         12:78:fb:ef:85:07:55:bc:16:54:e5:eb:83:14:89:31:5a:0f:
         e9:69:45:0d:ca:ce:32:b8:74:15:5e:a1:8d:87:5e:0b:74:28:
         82:62:23:14:aa:f3:5d:2d:65:c8:87:ed:e8:64:e8:06:dc:2c:
         ef:4f:e0:92:82:b6:60:d9:56:4c:a8:64:26:c9:29:8e:c3:c6:
         54:a6:40:fd:7d:10:9a:ad:12:45:f0:1f:60:44:1c:72:1f:4e:
         97:78:05:d2:f8:af:8f:9c:28:32:44:ed:12:01:11:f3:a7:5d:
         c4:49:5b:1b:07:b7:fd:c0:04:5e:45:c3:79:a6:89:38:9f:2e:
         e5:df:1a:9f:84:16:8e:41:88:61:08:f8:b3:ff:5e:bd:9c:c7:
         2c:97:e6:bf:8f:1f:4b:4e:f3:47:e9:85:f2:ea:12:b5:78:23:
         a6:59:97:cf:d9:01:dd:98:4d:43:b9:87:85:e1:83:3a:68:de:
         62:84:2f:dc:6a:44:e4:ee:17:31:a5:67:c3:fa:f7:52:80:eb:
         c6:8c:78:24
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN24GmuDzm6dZlJZZcGHR7S0A5NgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI1MDAwMDAwWhcNMjMxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NmY2ZDNlNDUxMDZkOTIzY2Q2NzU5ZDEzODQ2MGQwOWE3
OTIwYWJlN2ZlMGI1MTZhNWRmN2ZjMzYxYmY5ZDViMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7HO7ON3FRwc8I/0CvhI33NckNOc/yGh/O3Xv3Xb/4Gfxz
sdgLWWi4Mkctd7xgLvEPrU7kJPtjKl1jXEDV6O46bunlvIsiH1D9hXIh5m0nyg6N
MIvSiDdS6gq/nmGnKFlDJmAWGoBUWva3i/ZwAGtF+NMC8xZ3ieCteTtsADuhsdNS
zK3+hcuYfHR2pKA3jO4mOlH4keF8Hey0cDVRsBcPDW7tBZJmA3Q8MnPZHqRyFyh7
jV21JCYipd9AWKPfHtOkYAiXn6m7AbCTGe8YK+/m+qpD5VWyb45qIk1w2aWiz3O/
SNLUGuknyOFXMI65iiqxg6IHIj4Gvkg9cQFHVZyrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6cjKqx+0t/L8jpPZTkvaaUcQWbowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U3M2FkYjc2LTc4NGMtNDMxMy1hYmJjLTBhMzNkYjIwNGRhMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFFGjAKxGQDUVF3qI9mTSeYVqUBY
UFrr70kwqUgT5zJPfSfxgYbePSlFZbX4+/EBXX+U2XQjGBJ4+++FB1W8FlTl64MU
iTFaD+lpRQ3KzjK4dBVeoY2HXgt0KIJiIxSq810tZciH7ehk6AbcLO9P4JKCtmDZ
VkyoZCbJKY7DxlSmQP19EJqtEkXwH2BEHHIfTpd4BdL4r4+cKDJE7RIBEfOnXcRJ
WxsHt/3ABF5Fw3mmiTifLuXfGp+EFo5BiGEI+LP/Xr2cxyyX5r+PH0tO80fphfLq
ErV4I6ZZl8/ZAd2YTUO5h4Xhgzpo3mKEL9xqROTuFzGlZ8P691KA68aMeCQ=
-----END CERTIFICATE-----