Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0aa60f2a-b485-449d-bd16-e55dba32cdc3.roa
File:                     0aa60f2a-b485-449d-bd16-e55dba32cdc3.roa (raw, json)
Hash identifier:          uwA0QBOLUTOdkgxkkfmeN3aC5OLouM8JDShGaT3mmLA=
Subject key identifier:   89:10:96:59:A4:20:8D:F6:A5:7D:BE:0E:E2:A2:18:CC:C6:ED:C9:EA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       04D8DE0E9319F67C6821F2F344F8A546998BDE6E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0aa60f2a-b485-449d-bd16-e55dba32cdc3.roa
Signing time:             Thu 05 Oct 2023 00:00:00 +0000
ROA not before:           Thu 05 Oct 2023 00:00:00 +0000
ROA not after:            Thu 09 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:d8:de:0e:93:19:f6:7c:68:21:f2:f3:44:f8:a5:46:99:8b:de:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  5 00:00:00 2023 GMT
            Not After : Nov  9 23:59:59 2023 GMT
        Subject: serialNumber=1dba364c6231bdf1d52f2066624a8b7cb82c2a3ab6ac726f74ec70119d79eb19, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c3:00:ea:bb:9c:02:e7:94:f2:a4:0f:3b:d3:
                    a4:bb:24:2c:0b:81:fa:2c:8e:32:a8:03:8d:32:14:
                    0b:68:2a:0d:3d:04:c1:21:49:09:53:d9:df:96:01:
                    eb:fe:fe:6e:26:9f:38:b5:52:94:56:ca:f4:8b:d6:
                    4b:dc:62:dc:8a:36:8f:cb:c2:26:e4:ed:b0:cf:d8:
                    df:82:79:6d:94:fa:b1:9c:00:0a:2c:1a:3c:61:f3:
                    76:f4:4c:74:91:81:16:a7:03:95:d3:f7:57:e2:f5:
                    52:20:fa:9a:77:66:4e:57:39:8d:29:04:00:b9:97:
                    49:32:0d:8a:37:c6:af:12:09:30:d3:66:05:35:cc:
                    c4:bf:08:82:6a:71:6f:6e:75:cd:04:d5:ef:83:82:
                    73:e1:eb:ff:ee:0b:ab:36:66:ff:6e:f1:35:cc:d2:
                    a4:ad:c7:04:c9:de:e2:45:7e:fe:ea:dd:5b:e1:5a:
                    44:9e:f8:c7:68:77:1f:c1:bd:a3:b6:e5:f1:f0:7c:
                    8d:aa:42:92:62:e6:e7:42:af:be:5b:fc:44:63:a9:
                    4c:4a:f2:ef:f0:0d:29:96:62:8c:04:c1:a4:aa:60:
                    86:aa:96:86:57:66:fe:16:ae:2a:58:db:df:f0:39:
                    bb:df:1d:46:6f:18:48:06:dc:8e:87:99:5f:16:a3:
                    ad:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:10:96:59:A4:20:8D:F6:A5:7D:BE:0E:E2:A2:18:CC:C6:ED:C9:EA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0aa60f2a-b485-449d-bd16-e55dba32cdc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:05:33:7f:d3:93:7f:88:9c:d4:f6:d4:5e:80:2b:69:df:63:
         ee:bb:a4:9a:59:d6:53:81:e3:f8:2d:a9:3f:98:db:64:59:38:
         e3:2d:dc:23:3f:98:c7:b7:b4:66:43:0c:54:68:7f:23:c2:48:
         10:4b:18:9e:61:59:1c:93:e9:7a:15:9b:bc:13:5f:59:5e:98:
         94:99:0a:46:de:49:68:cc:bf:cf:99:e7:90:3e:2a:9b:f3:1b:
         0b:7b:8f:62:ab:ed:ff:48:e4:5b:36:cc:35:d2:c7:aa:ee:40:
         94:55:5f:95:1a:a9:f6:e4:1c:c5:7a:90:ba:42:62:43:47:e1:
         2b:f5:80:c3:03:74:8c:36:db:53:da:d1:d5:54:60:73:98:79:
         78:5f:46:ff:a1:5d:b4:4c:56:c3:77:45:89:eb:fb:49:78:02:
         d2:7d:0c:bb:55:11:ae:ce:77:d4:0b:b2:34:7b:1e:75:a7:a1:
         83:5d:26:02:d9:86:f2:46:31:4a:e7:16:dd:57:be:b1:9d:b9:
         83:3a:21:6b:b8:ce:3c:a3:93:f2:36:09:31:b4:44:1a:30:c1:
         d2:68:34:ce:c6:19:63:0a:2a:1e:d1:59:4d:ed:90:55:b4:c5:
         ad:1f:24:8a:da:17:72:d1:4f:d2:6e:32:e8:53:c7:97:78:ed:
         19:07:ea:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBNjeDpMZ9nxoIfLzRPilRpmL3m4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDA1MDAwMDAwWhcNMjMxMTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZGJhMzY0YzYyMzFiZGYxZDUyZjIwNjY2MjRhOGI3Y2I4
MmMyYTNhYjZhYzcyNmY3NGVjNzAxMTlkNzllYjE5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmwwDqu5wC55TypA8706S7JCwLgfosjjKoA40yFAtoKg09
BMEhSQlT2d+WAev+/m4mnzi1UpRWyvSL1kvcYtyKNo/Lwibk7bDP2N+CeW2U+rGc
AAosGjxh83b0THSRgRanA5XT91fi9VIg+pp3Zk5XOY0pBAC5l0kyDYo3xq8SCTDT
ZgU1zMS/CIJqcW9udc0E1e+DgnPh6//uC6s2Zv9u8TXM0qStxwTJ3uJFfv7q3Vvh
WkSe+Mdodx/BvaO25fHwfI2qQpJi5udCr75b/ERjqUxK8u/wDSmWYowEwaSqYIaq
loZXZv4WripY29/wObvfHUZvGEgG3I6HmV8Wo625AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiRCWWaQgjfalfb4O4qIYzMbtyeowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBhYTYwZjJhLWI0ODUtNDQ5ZC1iZDE2LWU1NWRiYTMyY2RjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAcFM3/Tk3+InNT21F6AK2nfY+67
pJpZ1lOB4/gtqT+Y22RZOOMt3CM/mMe3tGZDDFRofyPCSBBLGJ5hWRyT6XoVm7wT
X1lemJSZCkbeSWjMv8+Z55A+KpvzGwt7j2Kr7f9I5Fs2zDXSx6ruQJRVX5Uaqfbk
HMV6kLpCYkNH4Sv1gMMDdIw221Pa0dVUYHOYeXhfRv+hXbRMVsN3RYnr+0l4AtJ9
DLtVEa7Od9QLsjR7HnWnoYNdJgLZhvJGMUrnFt1XvrGduYM6IWu4zjyjk/I2CTG0
RBowwdJoNM7GGWMKKh7RWU3tkFW0xa0fJIraF3LRT9JuMuhTx5d47RkH6m4=
-----END CERTIFICATE-----