Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/198952df-e292-4785-b988-a32bcc87f7b0.roa
File:                     198952df-e292-4785-b988-a32bcc87f7b0.roa (raw, json)
Hash identifier:          umySbFkzozMR0XkLAN+lgkBA0OyXFuQPrVsppnDNFmY=
Subject key identifier:   27:6B:F3:C7:7B:B0:3E:CF:A8:C4:CC:F8:78:04:28:0A:E9:8B:57:99
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1FB1DF88DC58DC0754ED00B4628E09D5A925F80A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/198952df-e292-4785-b988-a32bcc87f7b0.roa
Signing time:             Tue 10 Oct 2023 00:00:00 +0000
ROA not before:           Tue 10 Oct 2023 00:00:00 +0000
ROA not after:            Tue 14 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:b1:df:88:dc:58:dc:07:54:ed:00:b4:62:8e:09:d5:a9:25:f8:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 10 00:00:00 2023 GMT
            Not After : Nov 14 23:59:59 2023 GMT
        Subject: serialNumber=5e20d68ebd93ba8fddd00c0488edac730a0fb353d999c6219bd9f4e7881065a2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c0:e2:a0:63:1b:f1:a1:1c:12:b8:d1:df:96:
                    bd:43:03:5d:18:df:c3:38:d3:82:f2:d9:55:4d:89:
                    df:b6:b4:3e:8c:0b:db:eb:89:b3:31:17:37:32:12:
                    c3:36:41:b9:c4:3f:e5:74:e8:ec:5f:c8:03:21:74:
                    a3:10:9f:2c:37:3a:10:80:23:45:ed:08:53:91:c3:
                    f8:49:79:9e:6c:b5:41:4b:ee:ed:f3:46:ef:8a:77:
                    24:ee:7e:ac:ab:f3:57:41:b7:45:1b:98:7b:df:ab:
                    6e:b9:e7:d3:b6:91:1e:d0:81:c5:d8:4e:3f:4d:55:
                    a3:8b:4d:08:ed:2d:bb:e7:4a:3f:3a:55:ad:43:26:
                    99:cc:6c:47:7a:2d:b5:81:2a:dc:13:0e:bf:cb:1b:
                    50:e9:09:8a:cb:73:b1:78:07:f9:fc:03:6d:b1:2a:
                    67:4b:77:9a:bd:d7:30:87:aa:f6:af:8f:ab:4f:10:
                    df:37:94:82:e7:94:a0:0f:5a:a3:ee:61:cf:83:6f:
                    f3:d3:39:70:0f:a4:b8:4a:7f:b3:0b:05:e9:55:c8:
                    57:3d:1e:7d:d6:38:6e:f1:87:ee:64:cb:66:e9:94:
                    f7:4f:bd:c4:d8:2b:46:d3:60:eb:b8:b7:ca:bc:0e:
                    69:57:60:7b:4a:c3:53:1f:b5:4f:cf:20:16:ac:24:
                    15:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:6B:F3:C7:7B:B0:3E:CF:A8:C4:CC:F8:78:04:28:0A:E9:8B:57:99
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/198952df-e292-4785-b988-a32bcc87f7b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:2b:4a:95:36:6d:4f:f4:22:b2:06:1e:37:43:4b:f0:4b:6f:
         38:34:db:62:63:9a:36:4c:0b:6e:7b:a7:93:0b:7e:88:ba:a8:
         8a:be:90:20:89:d2:59:aa:1e:89:af:84:e3:ba:2f:02:a0:5b:
         96:61:31:8d:9e:22:10:d0:e4:f8:aa:5f:00:92:1c:0f:5c:bd:
         2b:93:a1:d5:e7:8a:a6:1f:51:34:15:50:87:76:62:dd:71:5c:
         dc:6e:68:a6:cf:f9:10:7d:53:fe:1d:49:3e:fd:e1:ab:75:80:
         2b:70:24:35:87:e4:66:b7:85:bf:6e:d7:00:82:27:db:11:bf:
         38:5e:50:4c:5d:48:e0:ee:93:b8:dd:cf:a4:ae:3b:24:76:18:
         99:39:23:f3:b5:af:82:43:bd:44:de:a3:71:b0:90:c8:cf:be:
         40:3a:73:49:5b:72:d9:64:a1:b7:1b:21:b3:d1:f6:4e:0d:8c:
         bc:a1:be:a9:5e:4b:0a:6b:bf:3d:59:50:54:e4:f7:a5:67:84:
         d7:78:2e:94:ab:40:64:0c:89:79:3c:01:47:99:28:36:a4:58:
         5a:c9:9e:e1:39:53:2d:ab:fd:28:63:45:d5:69:40:d5:41:c9:
         32:f1:0f:20:d6:2c:54:60:90:7f:75:15:26:91:c4:4d:7b:60:
         ab:8d:be:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH7HfiNxY3AdU7QC0Yo4J1akl+AowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDEwMDAwMDAwWhcNMjMxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZTIwZDY4ZWJkOTNiYThmZGRkMDBjMDQ4OGVkYWM3MzBh
MGZiMzUzZDk5OWM2MjE5YmQ5ZjRlNzg4MTA2NWEyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3wOKgYxvxoRwSuNHflr1DA10Y38M404Ly2VVNid+2tD6M
C9vribMxFzcyEsM2QbnEP+V06OxfyAMhdKMQnyw3OhCAI0XtCFORw/hJeZ5stUFL
7u3zRu+KdyTufqyr81dBt0UbmHvfq26559O2kR7QgcXYTj9NVaOLTQjtLbvnSj86
Va1DJpnMbEd6LbWBKtwTDr/LG1DpCYrLc7F4B/n8A22xKmdLd5q91zCHqvavj6tP
EN83lILnlKAPWqPuYc+Db/PTOXAPpLhKf7MLBelVyFc9Hn3WOG7xh+5ky2bplPdP
vcTYK0bTYOu4t8q8DmlXYHtKw1MftU/PIBasJBUfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJ2vzx3uwPs+oxMz4eAQoCumLV5kwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE5ODk1MmRmLWUyOTItNDc4NS1iOTg4LWEzMmJjYzg3ZjdiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADwrSpU2bU/0IrIGHjdDS/BLbzg0
22JjmjZMC257p5MLfoi6qIq+kCCJ0lmqHomvhOO6LwKgW5ZhMY2eIhDQ5PiqXwCS
HA9cvSuTodXniqYfUTQVUId2Yt1xXNxuaKbP+RB9U/4dST794at1gCtwJDWH5Ga3
hb9u1wCCJ9sRvzheUExdSODuk7jdz6SuOyR2GJk5I/O1r4JDvUTeo3GwkMjPvkA6
c0lbctlkobcbIbPR9k4NjLyhvqleSwprvz1ZUFTk96VnhNd4LpSrQGQMiXk8AUeZ
KDakWFrJnuE5Uy2r/ShjRdVpQNVByTLxDyDWLFRgkH91FSaRxE17YKuNvns=
-----END CERTIFICATE-----