Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f23e5bf4-18e7-441c-84c9-d026970cb91b.roa
File:                     f23e5bf4-18e7-441c-84c9-d026970cb91b.roa (raw, json)
Hash identifier:          BzXd0u6jBMjxEr+8Oul+EzDIRLBrejocgYuvmQXoWx8=
Subject key identifier:   36:4F:CA:3A:67:06:75:72:89:81:FE:D3:36:11:21:0E:1D:A0:12:8A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3F44E82F11B070D1E356C72653261FD99F023256
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f23e5bf4-18e7-441c-84c9-d026970cb91b.roa
Signing time:             Tue 12 Sep 2023 00:00:00 +0000
ROA not before:           Tue 12 Sep 2023 00:00:00 +0000
ROA not after:            Tue 17 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:44:e8:2f:11:b0:70:d1:e3:56:c7:26:53:26:1f:d9:9f:02:32:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 12 00:00:00 2023 GMT
            Not After : Oct 17 23:59:59 2023 GMT
        Subject: serialNumber=014831233321a790a5f962910c0ec93c77e727ea4cd57ba6c4645f5e822a2337, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0d:a2:97:29:c6:02:eb:1f:46:a5:c5:aa:1e:
                    1a:ce:97:ae:3c:f9:7e:81:61:fd:ff:58:92:ec:0d:
                    fe:c9:8a:cd:46:1c:f6:f1:2f:2f:27:9e:61:5e:23:
                    37:33:82:c3:e0:fa:d8:1c:cc:b7:06:e2:b6:20:30:
                    26:c7:8a:cd:84:94:85:62:99:cb:25:d2:ce:82:bd:
                    8d:98:c7:ba:c7:14:19:96:5c:33:f9:e5:69:ea:e6:
                    d4:77:ec:11:45:7f:37:72:a1:9f:a7:d6:0b:a7:56:
                    01:e8:33:11:5b:41:01:c2:a6:91:b4:5e:6c:10:be:
                    82:78:bd:34:2f:a0:96:e8:e9:55:0a:38:b3:7a:f5:
                    16:39:8b:51:bc:07:43:f3:24:1a:fc:28:05:24:2f:
                    10:3c:10:67:74:7f:b0:4a:58:95:4a:4a:20:b7:28:
                    14:47:d0:2f:2c:2a:e5:41:aa:85:ff:3e:67:d6:a7:
                    d4:5c:3a:62:52:da:85:f3:c1:ec:21:71:9d:68:e8:
                    a2:26:9c:47:d9:6e:4b:5e:9c:cf:0f:32:a7:89:0c:
                    86:7e:9c:5b:53:ed:e8:fd:f9:c8:b4:83:3e:39:2f:
                    8e:4d:3e:08:7b:d6:6a:3a:80:a1:04:22:52:3c:52:
                    d8:9d:22:fb:fa:01:b2:b0:b7:8e:95:83:f2:c7:b4:
                    3b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:4F:CA:3A:67:06:75:72:89:81:FE:D3:36:11:21:0E:1D:A0:12:8A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f23e5bf4-18e7-441c-84c9-d026970cb91b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:26:d9:3c:3b:9d:d9:9c:57:02:61:ad:78:28:38:4a:2d:51:
         f3:29:44:82:ee:73:6e:63:ee:32:24:a6:a7:6f:bb:30:83:87:
         33:e7:b8:7a:9e:72:75:a5:5d:5f:ea:48:40:46:0e:18:ce:1a:
         14:03:fc:0f:d9:b9:ec:5a:9c:51:76:82:30:4c:c7:aa:f8:97:
         af:85:c0:1a:2b:ba:be:cb:6c:a4:e1:12:48:e6:46:15:09:8c:
         c6:53:35:a6:38:e9:91:5d:dc:34:d0:5f:45:a4:ee:07:d4:5c:
         57:48:ae:5e:64:47:96:a4:9d:28:c9:d3:b6:0b:6a:ca:c6:df:
         2c:d9:80:8a:9e:28:96:55:99:db:2d:d2:19:b9:6e:29:bb:cc:
         e4:e1:38:a7:7d:be:7e:8c:04:c5:d4:d4:a5:8e:e3:82:ad:bd:
         3a:f6:08:b8:26:b2:6b:bf:51:67:12:97:03:2a:34:c9:13:58:
         fb:eb:b8:33:87:a4:f6:c1:ca:ad:79:ae:ec:60:f2:fd:4e:15:
         ba:b2:ba:01:3d:c6:a1:c0:60:64:9e:5a:69:e4:31:54:f9:0a:
         a4:46:29:51:ca:0b:92:65:c0:fe:8d:dd:71:20:4d:8e:5e:e4:
         9b:4b:54:d5:4e:93:df:0f:a8:03:2b:3d:5e:05:fe:6a:6f:50:
         96:d0:b3:74
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP0ToLxGwcNHjVscmUyYf2Z8CMlYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTEyMDAwMDAwWhcNMjMxMDE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMTQ4MzEyMzMzMjFhNzkwYTVmOTYyOTEwYzBlYzkzYzc3
ZTcyN2VhNGNkNTdiYTZjNDY0NWY1ZTgyMmEyMzM3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4DaKXKcYC6x9GpcWqHhrOl648+X6BYf3/WJLsDf7Jis1G
HPbxLy8nnmFeIzczgsPg+tgczLcG4rYgMCbHis2ElIVimcsl0s6CvY2Yx7rHFBmW
XDP55Wnq5tR37BFFfzdyoZ+n1gunVgHoMxFbQQHCppG0XmwQvoJ4vTQvoJbo6VUK
OLN69RY5i1G8B0PzJBr8KAUkLxA8EGd0f7BKWJVKSiC3KBRH0C8sKuVBqoX/PmfW
p9RcOmJS2oXzwewhcZ1o6KImnEfZbktenM8PMqeJDIZ+nFtT7ej9+ci0gz45L45N
Pgh71mo6gKEEIlI8UtidIvv6AbKwt46Vg/LHtDsrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNk/KOmcGdXKJgf7TNhEhDh2gEoowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2YyM2U1YmY0LTE4ZTctNDQxYy04NGM5LWQwMjY5NzBjYjkxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEom2Tw7ndmcVwJhrXgoOEotUfMp
RILuc25j7jIkpqdvuzCDhzPnuHqecnWlXV/qSEBGDhjOGhQD/A/ZuexanFF2gjBM
x6r4l6+FwBorur7LbKThEkjmRhUJjMZTNaY46ZFd3DTQX0Wk7gfUXFdIrl5kR5ak
nSjJ07YLasrG3yzZgIqeKJZVmdst0hm5bim7zOThOKd9vn6MBMXU1KWO44KtvTr2
CLgmsmu/UWcSlwMqNMkTWPvruDOHpPbByq15ruxg8v1OFbqyugE9xqHAYGSeWmnk
MVT5CqRGKVHKC5JlwP6N3XEgTY5e5JtLVNVOk98PqAMrPV4F/mpvUJbQs3Q=
-----END CERTIFICATE-----