Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb4fd4e2-f328-4af1-8792-ecd8845997c3.roa
File:                     fb4fd4e2-f328-4af1-8792-ecd8845997c3.roa (raw, json)
Hash identifier:          ZBHIZ/iiVbgeEv022003eTcOt55j3tfTc/Py1joleQY=
Subject key identifier:   66:FC:65:BE:F9:E1:B5:69:02:B6:8D:6D:AE:72:78:0F:52:7D:24:84
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2F3E2D3E45F13F6E5B8346CB753F12DD71147B41
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb4fd4e2-f328-4af1-8792-ecd8845997c3.roa
Signing time:             Fri 10 Nov 2023 00:00:00 +0000
ROA not before:           Fri 10 Nov 2023 00:00:00 +0000
ROA not after:            Fri 15 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:3e:2d:3e:45:f1:3f:6e:5b:83:46:cb:75:3f:12:dd:71:14:7b:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 10 00:00:00 2023 GMT
            Not After : Dec 15 23:59:59 2023 GMT
        Subject: serialNumber=4b58cbb3f40afa791959873323da930132ba47f0173ad764603bf1a513b054e2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:79:4a:49:f9:ac:9b:28:35:b9:ac:ae:3d:0a:
                    e2:76:ae:3f:2b:c2:62:d7:ee:e0:be:2b:0d:65:4c:
                    4a:68:89:8e:fc:ac:d9:60:66:1c:b0:f1:91:be:ed:
                    28:18:46:90:72:27:14:19:3c:58:13:0d:ca:13:92:
                    36:4c:fc:60:82:a1:2e:ea:a5:c6:48:0b:4d:eb:33:
                    18:03:4e:9b:fe:8e:12:38:44:6b:4f:63:ec:bd:a2:
                    89:b6:cf:6e:b8:d8:cf:d8:67:73:68:61:14:65:88:
                    d0:25:14:66:2a:04:4c:44:8f:a2:bf:54:bb:02:fe:
                    c5:a1:c2:92:1a:6b:cf:19:9d:cb:61:1d:a5:17:07:
                    99:cf:64:32:09:b8:41:db:e3:a9:7f:76:cb:c9:d4:
                    15:a0:49:47:a1:3d:fc:9c:5f:25:86:8d:54:04:46:
                    13:98:b0:0d:ae:01:98:69:2c:34:79:ee:0d:a5:32:
                    9b:fc:35:92:73:e0:d6:89:a1:29:66:53:90:70:a8:
                    23:cc:81:7c:5d:62:1a:02:a5:19:f3:5c:e8:89:83:
                    6c:66:49:e3:e8:e3:f2:a3:1f:55:2a:4d:49:46:f3:
                    50:b7:51:19:d9:56:08:22:9e:83:92:ab:d4:db:0e:
                    c1:60:a2:b6:65:06:ff:67:3c:f9:aa:62:74:89:24:
                    5b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:FC:65:BE:F9:E1:B5:69:02:B6:8D:6D:AE:72:78:0F:52:7D:24:84
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb4fd4e2-f328-4af1-8792-ecd8845997c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:cb:39:28:85:7e:9b:8f:73:c7:4a:d4:28:07:09:ff:cd:d1:
         f4:1e:d9:dd:66:40:06:08:e1:bd:77:56:05:cc:a9:ed:c2:e8:
         40:de:51:dd:f0:62:a1:00:53:4d:e7:9f:36:d0:ae:3c:93:6c:
         26:a8:53:d3:f3:bd:e9:3b:d1:1d:da:a7:a9:7b:42:3d:af:72:
         5e:7c:92:f8:54:2c:67:4e:63:b3:63:f0:35:31:bd:41:85:80:
         0b:62:c2:26:ad:ca:e8:38:f8:be:b9:51:5b:21:de:42:12:0e:
         27:dd:e3:81:c7:45:27:f1:84:c1:05:40:a3:2b:72:b7:3f:09:
         aa:21:e4:13:0b:61:e5:3a:ba:81:b3:ab:95:10:d1:0d:a3:4b:
         01:70:45:06:6f:05:94:c4:6b:cc:57:6d:2f:e9:e9:7d:c1:2f:
         d0:43:e4:99:26:11:87:29:87:81:3a:b9:44:70:86:cd:3b:d2:
         da:6a:d4:08:18:2e:e8:64:db:82:fb:f5:b0:3b:59:40:2a:5d:
         96:ad:11:87:d6:86:99:10:80:95:ad:69:ba:d0:60:40:13:97:
         36:8b:76:ea:48:6f:36:a2:f7:85:4e:fb:bc:e3:95:62:02:ae:
         80:ea:87:37:a1:8b:aa:10:cb:a7:9b:cd:68:15:58:d8:38:db:
         cc:81:fb:89
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULz4tPkXxP25bg0bLdT8S3XEUe0EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTEwMDAwMDAwWhcNMjMxMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YjU4Y2JiM2Y0MGFmYTc5MTk1OTg3MzMyM2RhOTMwMTMy
YmE0N2YwMTczYWQ3NjQ2MDNiZjFhNTEzYjA1NGUyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjeUpJ+aybKDW5rK49CuJ2rj8rwmLX7uC+Kw1lTEpoiY78
rNlgZhyw8ZG+7SgYRpByJxQZPFgTDcoTkjZM/GCCoS7qpcZIC03rMxgDTpv+jhI4
RGtPY+y9oom2z2642M/YZ3NoYRRliNAlFGYqBExEj6K/VLsC/sWhwpIaa88Zncth
HaUXB5nPZDIJuEHb46l/dsvJ1BWgSUehPfycXyWGjVQERhOYsA2uAZhpLDR57g2l
Mpv8NZJz4NaJoSlmU5BwqCPMgXxdYhoCpRnzXOiJg2xmSePo4/KjH1UqTUlG81C3
URnZVgginoOSq9TbDsFgorZlBv9nPPmqYnSJJFsLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZvxlvvnhtWkCto1trnJ4D1J9JIQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZiNGZkNGUyLWYzMjgtNGFmMS04NzkyLWVjZDg4NDU5OTdjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJjLOSiFfpuPc8dK1CgHCf/N0fQe
2d1mQAYI4b13VgXMqe3C6EDeUd3wYqEAU03nnzbQrjyTbCaoU9Pzvek70R3ap6l7
Qj2vcl58kvhULGdOY7Nj8DUxvUGFgAtiwiatyug4+L65UVsh3kISDifd44HHRSfx
hMEFQKMrcrc/Caoh5BMLYeU6uoGzq5UQ0Q2jSwFwRQZvBZTEa8xXbS/p6X3BL9BD
5JkmEYcph4E6uURwhs070tpq1AgYLuhk24L79bA7WUAqXZatEYfWhpkQgJWtabrQ
YEATlzaLdupIbzai94VO+7zjlWICroDqhzehi6oQy6ebzWgVWNg428yB+4k=
-----END CERTIFICATE-----