Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f1d4b27f-fdde-4793-9e39-e0021af3f4db.roa
File:                     f1d4b27f-fdde-4793-9e39-e0021af3f4db.roa (raw, json)
Hash identifier:          fhThvAbqqpIInQzuQV7pFsQUZhH48AHFtjdGjUEX3ig=
Subject key identifier:   3A:0C:24:24:25:3A:FE:79:7D:AD:B4:0A:EE:98:58:E9:CA:51:30:0F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       52884098FB829C9A041FB4FE9E4FA396F5F9DDE2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f1d4b27f-fdde-4793-9e39-e0021af3f4db.roa
Signing time:             Mon 25 Sep 2023 00:00:00 +0000
ROA not before:           Mon 25 Sep 2023 00:00:00 +0000
ROA not after:            Mon 30 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:88:40:98:fb:82:9c:9a:04:1f:b4:fe:9e:4f:a3:96:f5:f9:dd:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 25 00:00:00 2023 GMT
            Not After : Oct 30 23:59:59 2023 GMT
        Subject: serialNumber=175e86b0fe010b440fcc6937284211c1fa6138f45493d8b870fe8e5d5330ce1c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:35:d2:3c:12:c3:2c:38:f4:5b:a3:0f:34:25:
                    81:4d:ad:be:cc:f4:64:0c:8d:18:4f:4b:71:58:6f:
                    e7:54:8a:48:b2:50:4f:5e:42:27:8b:e7:52:64:10:
                    70:bd:9c:2d:c9:49:5d:77:5c:81:71:09:f3:3f:c4:
                    5f:64:2c:b1:73:af:ef:9f:26:7f:cf:34:ed:67:94:
                    f8:8f:e5:99:44:7e:68:79:9d:24:99:56:67:c5:84:
                    af:9b:99:39:de:7b:1d:7e:fb:58:52:25:5c:08:3e:
                    50:f9:90:c9:27:c8:06:b2:ac:c2:b8:ee:b9:f8:48:
                    db:c9:73:8f:47:32:24:08:e5:04:b1:ce:f1:14:a0:
                    7e:82:23:2b:03:d2:0b:93:e5:b7:3b:7b:27:78:cd:
                    bc:2b:22:90:38:40:36:2f:da:c3:9b:78:91:a4:d2:
                    f5:b5:cf:75:e3:c1:e0:95:d9:25:18:f8:99:d0:40:
                    c3:16:cd:85:dc:15:fa:8f:86:b3:d4:08:1f:9a:9a:
                    1b:76:4f:81:28:e4:85:03:05:8d:db:27:f7:da:06:
                    83:44:37:7b:07:c6:ac:88:02:c6:03:7f:ec:ec:b8:
                    69:07:10:f4:a3:25:a3:e3:db:74:7e:14:d3:02:76:
                    b0:a0:7d:83:a3:3c:82:6e:d4:53:fe:e0:41:5f:b5:
                    cc:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:0C:24:24:25:3A:FE:79:7D:AD:B4:0A:EE:98:58:E9:CA:51:30:0F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f1d4b27f-fdde-4793-9e39-e0021af3f4db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:3f:00:a4:2f:67:44:da:da:77:e1:07:f0:36:d2:4d:9c:7d:
         6f:cf:f8:44:bf:c0:50:28:f8:13:79:74:07:bb:63:26:9e:6c:
         94:82:e6:b8:b3:12:88:bd:ed:a7:9a:d3:fd:60:91:b2:87:47:
         83:06:29:d0:0c:97:a2:26:ef:d4:ca:ab:10:74:70:43:c7:ca:
         c9:b0:ff:31:94:28:ef:6f:f7:87:5b:4d:10:54:ce:cc:6b:5d:
         ab:bf:a2:03:ad:98:b4:2b:d1:70:d0:c6:8c:c7:0f:a9:75:bf:
         28:ab:38:d2:9f:4e:0d:30:a3:32:2c:57:7d:c1:63:03:ac:c2:
         7d:65:25:df:a1:3c:d0:68:90:db:b7:ac:1d:9a:3d:bb:20:6c:
         44:b7:41:68:3d:70:c2:c1:03:03:f8:92:a7:fd:b6:71:7b:41:
         cf:a4:4f:7d:33:93:26:db:e0:96:a9:34:15:d5:dc:d6:5f:22:
         97:ae:6c:3a:4b:bc:ec:dd:c8:5f:c3:f3:b9:63:06:f0:92:e0:
         78:d4:01:d4:aa:e4:40:b6:4a:89:f5:9e:bf:3b:53:4b:c3:01:
         5d:84:53:d0:df:4d:4f:8f:cc:47:10:e3:35:5c:e2:92:8d:f2:
         d3:aa:10:49:1f:6c:ad:1a:a8:98:97:1d:32:81:b3:e5:01:82:
         f4:39:ea:cb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUohAmPuCnJoEH7T+nk+jlvX53eIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI1MDAwMDAwWhcNMjMxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNzVlODZiMGZlMDEwYjQ0MGZjYzY5MzcyODQyMTFjMWZh
NjEzOGY0NTQ5M2Q4Yjg3MGZlOGU1ZDUzMzBjZTFjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDINdI8EsMsOPRbow80JYFNrb7M9GQMjRhPS3FYb+dUikiy
UE9eQieL51JkEHC9nC3JSV13XIFxCfM/xF9kLLFzr++fJn/PNO1nlPiP5ZlEfmh5
nSSZVmfFhK+bmTneex1++1hSJVwIPlD5kMknyAayrMK47rn4SNvJc49HMiQI5QSx
zvEUoH6CIysD0guT5bc7eyd4zbwrIpA4QDYv2sObeJGk0vW1z3XjweCV2SUY+JnQ
QMMWzYXcFfqPhrPUCB+amht2T4Eo5IUDBY3bJ/faBoNEN3sHxqyIAsYDf+zsuGkH
EPSjJaPj23R+FNMCdrCgfYOjPIJu1FP+4EFftcwFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOgwkJCU6/nl9rbQK7phY6cpRMA8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2YxZDRiMjdmLWZkZGUtNDc5My05ZTM5LWUwMDIxYWYzZjRkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAs/AKQvZ0Ta2nfhB/A20k2cfW/P
+ES/wFAo+BN5dAe7YyaebJSC5rizEoi97aea0/1gkbKHR4MGKdAMl6Im79TKqxB0
cEPHysmw/zGUKO9v94dbTRBUzsxrXau/ogOtmLQr0XDQxozHD6l1vyirONKfTg0w
ozIsV33BYwOswn1lJd+hPNBokNu3rB2aPbsgbES3QWg9cMLBAwP4kqf9tnF7Qc+k
T30zkybb4JapNBXV3NZfIpeubDpLvOzdyF/D87ljBvCS4HjUAdSq5EC2Son1nr87
U0vDAV2EU9DfTU+PzEcQ4zVc4pKN8tOqEEkfbK0aqJiXHTKBs+UBgvQ56ss=
-----END CERTIFICATE-----