Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/203b312e-d1a9-4f20-82c6-47bd2a1abd03.roa
File:                     203b312e-d1a9-4f20-82c6-47bd2a1abd03.roa (raw, json)
Hash identifier:          CbDMalhsNxXeFrpr8T3aCEXs6Aq9evonm6SBMkIcg2w=
Subject key identifier:   63:33:98:C7:16:AD:A4:55:07:8A:CF:D4:2D:C3:D5:76:76:8C:3E:33
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       126ECBB0650E20B1A8A10A3549EF81AF68D4BD18
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/203b312e-d1a9-4f20-82c6-47bd2a1abd03.roa
Signing time:             Tue 26 Sep 2023 00:00:00 +0000
ROA not before:           Tue 26 Sep 2023 00:00:00 +0000
ROA not after:            Tue 31 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:6e:cb:b0:65:0e:20:b1:a8:a1:0a:35:49:ef:81:af:68:d4:bd:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 26 00:00:00 2023 GMT
            Not After : Oct 31 23:59:59 2023 GMT
        Subject: serialNumber=ea9de3b700e38441feb3edec3b9bf98752f73d881dd6873bd92324579565e7c2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:90:70:e3:c0:3d:99:fe:56:62:89:25:e8:15:
                    21:91:2b:7a:c6:79:c1:0e:1f:94:19:d2:c2:c7:1e:
                    f2:d1:d5:07:05:d3:5d:b0:c1:f5:b3:fb:b5:60:8f:
                    dc:46:f7:0e:d3:66:a6:b4:de:a5:15:9c:e0:7f:91:
                    7d:93:b0:03:18:cc:2e:1d:84:21:0f:ff:55:58:b4:
                    c5:89:00:c3:f5:6d:d1:f0:50:1f:6c:d9:5b:e1:9b:
                    64:c1:54:a0:e4:b8:28:6f:4c:78:6c:24:8a:c6:fb:
                    d5:d1:f3:84:b3:92:4e:b3:6c:8c:70:f7:82:51:6d:
                    d7:e4:d3:1d:34:bc:32:c2:64:66:5e:77:48:05:6c:
                    d3:47:48:c5:04:aa:fa:cf:ba:b4:62:3a:9a:04:ee:
                    49:05:29:52:2f:1a:09:05:2a:ce:19:57:f0:28:59:
                    51:24:bb:45:ed:19:13:ca:5d:49:b4:22:39:13:74:
                    44:7c:05:bb:ac:d7:97:69:dc:95:df:c3:4a:56:47:
                    47:92:00:3f:bd:e7:97:cf:8e:3a:1a:72:c8:d4:e4:
                    25:35:de:fc:a9:53:78:55:69:42:5e:01:cc:24:ed:
                    f0:a4:7c:fc:96:ca:37:ed:d2:e8:87:e5:94:86:b4:
                    07:df:db:7c:7a:23:6e:a2:60:16:54:65:60:50:b7:
                    5c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:33:98:C7:16:AD:A4:55:07:8A:CF:D4:2D:C3:D5:76:76:8C:3E:33
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/203b312e-d1a9-4f20-82c6-47bd2a1abd03.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:9a:a1:02:05:4e:6d:96:47:cd:fe:0f:b2:63:fe:d0:ff:c6:
         f5:dc:87:35:03:63:94:32:6c:fe:16:0b:c9:aa:89:db:7c:3c:
         60:41:e4:40:29:41:7b:d7:f8:27:de:ba:41:93:12:ba:5f:67:
         89:1a:cc:f9:52:b7:dd:26:88:37:ab:44:7b:5b:61:6e:3a:91:
         05:b5:5b:29:bb:bf:4f:75:e7:6d:0f:cb:1b:ef:55:da:6e:a8:
         71:18:9f:ab:35:8b:4c:a7:1d:04:4e:28:eb:1d:4e:c5:76:02:
         a5:01:26:36:a7:33:ff:39:a6:8f:fe:d4:bc:95:4f:6b:84:b0:
         ab:38:c2:25:fb:bf:7b:45:c3:1d:b7:15:5c:da:12:4e:1e:bd:
         c7:2b:8c:e4:25:bd:ad:65:ff:4d:5a:b1:b3:03:94:c0:dc:cc:
         d6:e7:9a:6f:e7:fd:1a:ed:23:fa:5d:a6:25:6f:aa:29:f7:95:
         04:1c:14:44:4c:c9:54:8f:ed:25:e4:99:11:6a:66:8e:ac:9d:
         1d:c6:52:d1:33:d3:a2:01:bc:3d:07:8b:26:70:1c:fb:4c:9c:
         45:32:a8:bd:aa:3d:5e:94:d5:7b:10:ed:6e:73:94:2a:e4:41:
         fc:e4:01:ff:eb:9d:7a:f7:2b:27:0c:70:06:90:73:0d:8f:55:
         9e:b2:02:84
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEm7LsGUOILGooQo1Se+Br2jUvRgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI2MDAwMDAwWhcNMjMxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTlkZTNiNzAwZTM4NDQxZmViM2VkZWMzYjliZjk4NzUy
ZjczZDg4MWRkNjg3M2JkOTIzMjQ1Nzk1NjVlN2MyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYkHDjwD2Z/lZiiSXoFSGRK3rGecEOH5QZ0sLHHvLR1QcF
012wwfWz+7Vgj9xG9w7TZqa03qUVnOB/kX2TsAMYzC4dhCEP/1VYtMWJAMP1bdHw
UB9s2Vvhm2TBVKDkuChvTHhsJIrG+9XR84Szkk6zbIxw94JRbdfk0x00vDLCZGZe
d0gFbNNHSMUEqvrPurRiOpoE7kkFKVIvGgkFKs4ZV/AoWVEku0XtGRPKXUm0IjkT
dER8Bbus15dp3JXfw0pWR0eSAD+955fPjjoacsjU5CU13vypU3hVaUJeAcwk7fCk
fPyWyjft0uiH5ZSGtAff23x6I26iYBZUZWBQt1wfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYzOYxxatpFUHis/ULcPVdnaMPjMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIwM2IzMTJlLWQxYTktNGYyMC04MmM2LTQ3YmQyYTFhYmQwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI+aoQIFTm2WR83+D7Jj/tD/xvXc
hzUDY5QybP4WC8mqidt8PGBB5EApQXvX+CfeukGTErpfZ4kazPlSt90miDerRHtb
YW46kQW1Wym7v091520PyxvvVdpuqHEYn6s1i0ynHQROKOsdTsV2AqUBJjanM/85
po/+1LyVT2uEsKs4wiX7v3tFwx23FVzaEk4evccrjOQlva1l/01asbMDlMDczNbn
mm/n/RrtI/pdpiVvqin3lQQcFERMyVSP7SXkmRFqZo6snR3GUtEz06IBvD0HiyZw
HPtMnEUyqL2qPV6U1XsQ7W5zlCrkQfzkAf/rnXr3KycMcAaQcw2PVZ6yAoQ=
-----END CERTIFICATE-----