Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea697f84-f05a-4c61-8557-73e1455325df.roa
File:                     ea697f84-f05a-4c61-8557-73e1455325df.roa (raw, json)
Hash identifier:          aHm3H+6pA4ytqjM/rXw3KiSu1h6HfUfGTaSVHwvXnCE=
Subject key identifier:   BA:7D:12:D2:E5:1D:C6:B1:BD:96:1C:86:55:B6:A5:7E:FF:88:FF:C3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       72DEAA76D026C30BCB28F4B0F41836C5554BDC41
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea697f84-f05a-4c61-8557-73e1455325df.roa
Signing time:             Mon 02 Oct 2023 00:00:00 +0000
ROA not before:           Mon 02 Oct 2023 00:00:00 +0000
ROA not after:            Mon 06 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:de:aa:76:d0:26:c3:0b:cb:28:f4:b0:f4:18:36:c5:55:4b:dc:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  2 00:00:00 2023 GMT
            Not After : Nov  6 23:59:59 2023 GMT
        Subject: serialNumber=a01e53232467f3e2f2c8126d5666e4d9f00d290c3b9eb495043ee8a2f1b54e98, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3a:f6:c5:8d:96:16:8d:69:a3:e7:05:da:7e:
                    b7:d6:65:a9:b6:9c:d8:ae:d3:0c:22:0a:b5:24:c2:
                    05:7e:35:71:99:94:78:05:4a:30:af:af:60:05:73:
                    54:28:e9:de:00:e6:90:67:cb:69:8a:77:5a:bf:87:
                    ac:f6:96:2f:a7:c3:c6:95:be:c1:aa:e6:82:d4:1e:
                    ac:ac:75:ec:de:a6:45:cf:44:cd:2f:09:c3:30:89:
                    40:89:f3:39:5f:9f:74:3c:78:fc:e5:bb:9f:4a:5d:
                    3c:c4:a7:84:35:24:4b:b5:c4:dc:a9:a7:e7:0f:4c:
                    dd:14:b9:81:17:01:e3:78:e3:99:01:62:18:95:af:
                    78:e7:62:11:44:75:ce:08:70:c4:d9:e0:ee:5f:fc:
                    2d:30:03:4a:e6:f4:a5:bc:e6:f9:f2:63:94:f2:c0:
                    3e:d2:e3:0c:75:da:d4:ae:a1:6d:94:6a:b4:a9:03:
                    d5:28:bd:6c:8b:e6:9d:bc:05:a0:b8:7b:19:fe:2c:
                    b7:48:c0:2e:10:65:45:17:19:81:8a:f1:e3:13:75:
                    49:db:be:10:52:79:1e:a6:a7:7b:cf:44:1b:16:9d:
                    95:ed:3c:a9:c7:89:60:df:32:37:40:b4:d1:b0:57:
                    fe:68:ab:17:7e:69:c2:8c:34:cd:0e:53:82:4a:7b:
                    1b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:7D:12:D2:E5:1D:C6:B1:BD:96:1C:86:55:B6:A5:7E:FF:88:FF:C3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea697f84-f05a-4c61-8557-73e1455325df.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:17:96:ac:0c:1c:61:48:7c:35:6b:43:44:78:ae:78:fe:a4:
         d2:34:ab:26:84:df:3c:35:75:75:ae:e6:e0:ec:fd:2e:d8:ad:
         bd:ad:bc:94:81:b1:36:3c:cf:33:2e:2a:39:ac:37:f7:c3:bc:
         89:94:3e:d0:1a:2b:6a:74:d6:db:a7:e7:18:37:fc:2c:9f:43:
         b9:75:55:ca:34:12:d3:4e:ad:f0:20:fd:83:c0:aa:13:a6:95:
         ef:4f:0e:aa:e7:d7:26:67:7e:75:d4:1b:41:73:78:99:cb:1b:
         59:ee:63:31:a2:8b:33:2f:b7:b3:b0:77:31:36:d1:27:1a:9c:
         b8:32:75:e9:70:86:f5:aa:20:3a:60:e6:ad:bf:cf:d0:80:33:
         6d:2a:21:59:c9:dc:d7:05:29:b4:c3:66:3f:0c:e9:fb:6d:24:
         1e:a0:cd:35:16:3a:14:cb:68:22:0c:15:ae:47:7c:a6:7a:0e:
         d1:aa:5b:6b:7e:3b:0b:05:32:66:0a:be:39:ad:2f:0f:ce:f8:
         67:8d:08:6e:ce:d1:60:8e:b7:77:c6:d1:d4:c2:3d:75:b5:86:
         2f:4a:36:08:4f:d0:78:93:b0:83:15:77:b8:7e:9a:3f:44:79:
         35:b0:05:b4:79:15:fe:61:ec:55:17:ab:78:f5:1c:c1:8c:d3:
         1c:90:4d:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUct6qdtAmwwvLKPSw9Bg2xVVL3EEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDAyMDAwMDAwWhcNMjMxMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMDFlNTMyMzI0NjdmM2UyZjJjODEyNmQ1NjY2ZTRkOWYw
MGQyOTBjM2I5ZWI0OTUwNDNlZThhMmYxYjU0ZTk4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoOvbFjZYWjWmj5wXafrfWZam2nNiu0wwiCrUkwgV+NXGZ
lHgFSjCvr2AFc1Qo6d4A5pBny2mKd1q/h6z2li+nw8aVvsGq5oLUHqysdezepkXP
RM0vCcMwiUCJ8zlfn3Q8ePzlu59KXTzEp4Q1JEu1xNypp+cPTN0UuYEXAeN445kB
YhiVr3jnYhFEdc4IcMTZ4O5f/C0wA0rm9KW85vnyY5TywD7S4wx12tSuoW2UarSp
A9UovWyL5p28BaC4exn+LLdIwC4QZUUXGYGK8eMTdUnbvhBSeR6mp3vPRBsWnZXt
PKnHiWDfMjdAtNGwV/5oqxd+acKMNM0OU4JKexuxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUun0S0uUdxrG9lhyGVbalfv+I/8MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VhNjk3Zjg0LWYwNWEtNGM2MS04NTU3LTczZTE0NTUzMjVkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGYXlqwMHGFIfDVrQ0R4rnj+pNI0
qyaE3zw1dXWu5uDs/S7Yrb2tvJSBsTY8zzMuKjmsN/fDvImUPtAaK2p01tun5xg3
/CyfQ7l1Vco0EtNOrfAg/YPAqhOmle9PDqrn1yZnfnXUG0FzeJnLG1nuYzGiizMv
t7OwdzE20ScanLgydelwhvWqIDpg5q2/z9CAM20qIVnJ3NcFKbTDZj8M6fttJB6g
zTUWOhTLaCIMFa5HfKZ6DtGqW2t+OwsFMmYKvjmtLw/O+GeNCG7O0WCOt3fG0dTC
PXW1hi9KNghP0HiTsIMVd7h+mj9EeTWwBbR5Ff5h7FUXq3j1HMGM0xyQTUc=
-----END CERTIFICATE-----