Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb1c48d9-b04d-4d34-a180-fb24c624a8ee.roa
File:                     fb1c48d9-b04d-4d34-a180-fb24c624a8ee.roa (raw, json)
Hash identifier:          0+21ccU5jbhTdu0ihEl63se5HzbeUpX483N4jU9W/Dg=
Subject key identifier:   A8:00:44:41:70:CC:C2:6B:2A:55:1F:2B:53:DF:94:FC:92:39:4E:E4
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4A20D6374E8680BBA87AC72D707856F92B5E0F91
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb1c48d9-b04d-4d34-a180-fb24c624a8ee.roa
Signing time:             Mon 02 Oct 2023 00:00:00 +0000
ROA not before:           Mon 02 Oct 2023 00:00:00 +0000
ROA not after:            Mon 06 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:20:d6:37:4e:86:80:bb:a8:7a:c7:2d:70:78:56:f9:2b:5e:0f:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  2 00:00:00 2023 GMT
            Not After : Nov  6 23:59:59 2023 GMT
        Subject: serialNumber=f97d00a36434887d0a28547dfcc5c27b9d839126cea3a76b0b1d5836178e358f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:02:14:16:cb:81:1b:cd:8e:6b:40:f7:7c:83:
                    69:36:4d:20:67:e2:a4:13:d5:0c:e4:ec:88:29:15:
                    0f:67:ee:8f:0a:f6:3c:5e:88:99:4c:40:9a:fa:f8:
                    20:64:3e:87:81:83:bd:5f:63:4b:86:cf:1c:38:18:
                    16:58:88:19:fa:1d:70:8e:75:69:cc:90:2f:77:3d:
                    a1:2d:32:01:73:25:67:ae:b6:24:ec:9a:d9:3e:25:
                    9f:01:1b:8c:b8:aa:43:fc:fe:97:e5:13:4f:2a:3f:
                    f1:75:fd:8c:26:e1:e9:a8:88:fd:31:2e:8e:29:63:
                    af:ce:90:38:00:24:15:0a:e7:ec:87:2b:85:83:26:
                    72:95:85:9a:bb:51:ad:29:64:a0:e6:c5:f5:19:15:
                    56:e5:f6:2f:69:5c:a2:40:9a:02:7b:37:04:d3:48:
                    3d:95:ae:11:0f:e4:cb:05:87:b8:58:da:9e:10:3e:
                    05:ba:76:b6:9c:dc:20:28:eb:a4:f1:20:b3:33:b4:
                    c2:05:b0:d8:eb:60:76:6d:96:1e:cc:2a:97:01:2c:
                    98:ae:b3:76:ce:ea:c1:3e:56:93:c0:c0:04:dd:db:
                    be:c5:e8:fe:74:6d:89:71:1c:fb:67:c9:3c:2a:8d:
                    5a:ad:2c:95:31:27:d2:db:51:65:45:8d:62:89:8c:
                    2a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:00:44:41:70:CC:C2:6B:2A:55:1F:2B:53:DF:94:FC:92:39:4E:E4
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb1c48d9-b04d-4d34-a180-fb24c624a8ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:d5:87:41:1d:5b:ba:12:64:7a:48:c1:c2:82:7f:1c:fd:c9:
         8d:f0:6f:09:db:28:73:4a:0a:76:74:fa:0a:56:2a:c8:a7:88:
         4a:c7:46:a9:96:77:db:6c:c4:84:12:bd:61:9f:85:97:0c:29:
         b1:77:56:57:ce:bb:2c:84:13:e5:70:af:c0:21:9a:87:5a:05:
         10:28:65:c9:7f:a5:36:01:b3:98:60:29:f5:c5:62:b0:d9:7d:
         75:12:70:1d:b7:07:6d:17:9c:bd:69:8c:89:9d:62:ba:bb:55:
         a5:34:1e:88:35:a1:33:4b:53:bb:9c:ec:5b:09:a1:32:83:ad:
         4c:02:d4:8f:8c:03:90:7b:b8:d0:5d:09:e1:f1:ca:67:87:98:
         d0:bf:dd:b0:2f:63:a0:28:7b:c1:8c:82:f3:8c:b7:ea:8f:ed:
         23:65:c8:02:7f:c5:39:98:11:8d:68:d7:46:40:3c:b2:3e:bf:
         17:99:0b:b3:cc:6a:ad:a7:33:e8:84:27:0a:fb:36:84:23:1b:
         34:d0:db:84:15:fb:cb:cd:c1:71:0e:42:e0:7c:6e:28:65:22:
         f8:da:09:92:10:18:65:2a:0c:52:b3:6b:4c:c1:f4:85:50:f2:
         93:ca:0c:9c:e4:72:fc:fe:aa:f1:8c:c5:51:a8:ab:31:d1:18:
         da:41:f0:b0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSiDWN06GgLuoesctcHhW+SteD5EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDAyMDAwMDAwWhcNMjMxMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmOTdkMDBhMzY0MzQ4ODdkMGEyODU0N2RmY2M1YzI3Yjlk
ODM5MTI2Y2VhM2E3NmIwYjFkNTgzNjE3OGUzNThmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3AhQWy4EbzY5rQPd8g2k2TSBn4qQT1Qzk7IgpFQ9n7o8K
9jxeiJlMQJr6+CBkPoeBg71fY0uGzxw4GBZYiBn6HXCOdWnMkC93PaEtMgFzJWeu
tiTsmtk+JZ8BG4y4qkP8/pflE08qP/F1/Ywm4emoiP0xLo4pY6/OkDgAJBUK5+yH
K4WDJnKVhZq7Ua0pZKDmxfUZFVbl9i9pXKJAmgJ7NwTTSD2VrhEP5MsFh7hY2p4Q
PgW6drac3CAo66TxILMztMIFsNjrYHZtlh7MKpcBLJius3bO6sE+VpPAwATd277F
6P50bYlxHPtnyTwqjVqtLJUxJ9LbUWVFjWKJjCp1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqABEQXDMwmsqVR8rU9+U/JI5TuQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZiMWM0OGQ5LWIwNGQtNGQzNC1hMTgwLWZiMjRjNjI0YThlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAILVh0EdW7oSZHpIwcKCfxz9yY3w
bwnbKHNKCnZ0+gpWKsiniErHRqmWd9tsxIQSvWGfhZcMKbF3VlfOuyyEE+Vwr8Ah
modaBRAoZcl/pTYBs5hgKfXFYrDZfXUScB23B20XnL1pjImdYrq7VaU0Hog1oTNL
U7uc7FsJoTKDrUwC1I+MA5B7uNBdCeHxymeHmNC/3bAvY6Aoe8GMgvOMt+qP7SNl
yAJ/xTmYEY1o10ZAPLI+vxeZC7PMaq2nM+iEJwr7NoQjGzTQ24QV+8vNwXEOQuB8
bihlIvjaCZIQGGUqDFKza0zB9IVQ8pPKDJzkcvz+qvGMxVGoqzHRGNpB8LA=
-----END CERTIFICATE-----