Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e943dbb6-1e65-4fd6-85dd-13595df2e948.roa
File:                     e943dbb6-1e65-4fd6-85dd-13595df2e948.roa (raw, json)
Hash identifier:          5zf3RsAzAd6m3tXwBkeIqWrMHxR6iHmW1wPNP5ICJpM=
Subject key identifier:   A7:18:30:C6:AD:6B:F9:6E:5D:90:22:C3:56:57:34:82:36:0A:BC:2F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       08237CB874126DEFEE72D36FBDD546CCAE241484
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e943dbb6-1e65-4fd6-85dd-13595df2e948.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:23:7c:b8:74:12:6d:ef:ee:72:d3:6f:bd:d5:46:cc:ae:24:14:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=18a452fbe1b7ddc7a444304b60dc7f248d3d1939e3fc3d6dae374c907724a536, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:42:99:23:f1:6d:2a:4d:18:a2:20:fc:02:0f:
                    3a:fd:7e:97:ba:76:53:a8:41:01:f1:be:dc:01:33:
                    9c:ef:18:76:ae:53:3f:0a:2f:2f:b2:43:b3:16:66:
                    27:6c:8f:21:78:18:91:0c:02:90:c3:dd:3f:51:a3:
                    e5:35:38:3e:06:ed:c1:87:b2:09:b2:f0:1e:41:ec:
                    9b:f2:e9:91:f5:2b:86:08:ce:9a:53:3d:2a:70:11:
                    bd:e5:4f:e4:4a:0f:f3:9d:d6:e8:73:55:a2:9d:92:
                    06:21:63:c0:38:6c:18:50:50:88:5c:80:f1:98:49:
                    64:bf:45:24:df:a4:2c:bf:43:6e:7f:76:16:fc:62:
                    a3:24:76:e5:fe:f1:8d:6f:a9:44:ca:f5:a6:dd:e7:
                    68:f5:84:b3:e7:2d:9f:09:4e:39:82:a3:7c:b9:9a:
                    f1:2c:5c:bd:2a:ed:78:09:41:a2:b3:5f:1a:aa:91:
                    ad:8f:84:a3:af:c7:cb:51:a7:c2:3f:7f:d1:13:18:
                    0b:d8:e5:88:9e:8d:93:64:03:4f:02:6c:da:8e:19:
                    ce:a4:ba:bb:4b:29:8d:05:9f:e8:ae:e1:e7:ad:2a:
                    c0:2b:ba:29:d1:df:04:1d:05:f2:ea:3f:60:f6:00:
                    c0:4d:37:f2:9b:92:fb:77:86:ab:3a:c4:f6:aa:af:
                    54:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:18:30:C6:AD:6B:F9:6E:5D:90:22:C3:56:57:34:82:36:0A:BC:2F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e943dbb6-1e65-4fd6-85dd-13595df2e948.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:72:da:ab:00:5f:e4:d2:c1:92:ed:83:eb:f1:e1:5c:bf:28:
         69:76:eb:5d:39:8e:d0:82:05:f5:ab:12:5f:0c:a8:0e:3f:1e:
         4d:00:40:b6:05:96:ee:1c:2e:57:af:d9:1e:94:62:72:33:df:
         1d:81:cc:62:0f:b6:ab:d6:88:90:74:09:9d:8e:cb:b7:34:eb:
         a3:c8:d6:66:97:56:c7:5a:cf:c2:4f:b1:1f:b9:b7:da:af:b5:
         e7:d0:bc:3d:b8:ff:b4:97:10:cb:0c:98:43:2e:8a:79:a3:e8:
         fb:66:e4:7c:00:85:3f:d7:23:64:ba:d0:76:10:27:c1:ef:c4:
         3d:fe:be:3f:dd:13:eb:6d:ac:35:80:1d:10:55:9c:a6:a0:0e:
         c4:17:6c:bd:90:58:f5:59:05:2c:19:c1:e0:24:15:a4:47:e4:
         15:c1:95:31:ed:f5:fd:aa:4b:3a:1b:e0:d0:e4:dd:86:40:3e:
         62:27:d3:27:f7:e4:48:39:eb:6a:19:27:f4:95:6b:fa:e1:28:
         83:94:e9:5f:16:cd:7b:fe:de:c5:cd:1f:06:27:8b:29:5e:d1:
         aa:dc:d1:55:b6:1e:a9:bc:13:46:9d:97:1b:fb:b5:be:6c:7c:
         79:34:4d:fd:09:75:b9:54:63:4f:fd:49:4b:d7:d1:d9:25:89:
         10:78:18:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCCN8uHQSbe/uctNvvdVGzK4kFIQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE4MDAwMDAwWhcNMjMxMDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxOGE0NTJmYmUxYjdkZGM3YTQ0NDMwNGI2MGRjN2YyNDhk
M2QxOTM5ZTNmYzNkNmRhZTM3NGM5MDc3MjRhNTM2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaQpkj8W0qTRiiIPwCDzr9fpe6dlOoQQHxvtwBM5zvGHau
Uz8KLy+yQ7MWZidsjyF4GJEMApDD3T9Ro+U1OD4G7cGHsgmy8B5B7Jvy6ZH1K4YI
zppTPSpwEb3lT+RKD/Od1uhzVaKdkgYhY8A4bBhQUIhcgPGYSWS/RSTfpCy/Q25/
dhb8YqMkduX+8Y1vqUTK9abd52j1hLPnLZ8JTjmCo3y5mvEsXL0q7XgJQaKzXxqq
ka2PhKOvx8tRp8I/f9ETGAvY5YiejZNkA08CbNqOGc6kurtLKY0Fn+iu4eetKsAr
uinR3wQdBfLqP2D2AMBNN/Kbkvt3hqs6xPaqr1TnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpxgwxq1r+W5dkCLDVlc0gjYKvC8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U5NDNkYmI2LTFlNjUtNGZkNi04NWRkLTEzNTk1ZGYyZTk0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAE1y2qsAX+TSwZLtg+vx4Vy/KGl2
6105jtCCBfWrEl8MqA4/Hk0AQLYFlu4cLlev2R6UYnIz3x2BzGIPtqvWiJB0CZ2O
y7c066PI1maXVsdaz8JPsR+5t9qvtefQvD24/7SXEMsMmEMuinmj6Ptm5HwAhT/X
I2S60HYQJ8HvxD3+vj/dE+ttrDWAHRBVnKagDsQXbL2QWPVZBSwZweAkFaRH5BXB
lTHt9f2qSzob4NDk3YZAPmIn0yf35Eg562oZJ/SVa/rhKIOU6V8WzXv+3sXNHwYn
iyle0arc0VW2Hqm8E0adlxv7tb5sfHk0Tf0JdblUY0/9SUvX0dkliRB4GE8=
-----END CERTIFICATE-----