Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2e2b4d0f-472e-404a-84d2-16db017ed703.roa
File:                     2e2b4d0f-472e-404a-84d2-16db017ed703.roa (raw, json)
Hash identifier:          pQcgmsLDTbIWa73eRDVFUil8OxmTzO2fEqbO8egnVng=
Subject key identifier:   C2:A5:7A:82:B2:03:05:45:5F:62:57:B1:B6:C4:4E:AD:A7:CC:A3:EB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       36E4D598E5B1CDA2329833DB97815BDA6B43AF21
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2e2b4d0f-472e-404a-84d2-16db017ed703.roa
Signing time:             Thu 07 Sep 2023 00:00:00 +0000
ROA not before:           Thu 07 Sep 2023 00:00:00 +0000
ROA not after:            Thu 12 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:e4:d5:98:e5:b1:cd:a2:32:98:33:db:97:81:5b:da:6b:43:af:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  7 00:00:00 2023 GMT
            Not After : Oct 12 23:59:59 2023 GMT
        Subject: serialNumber=95a6c6e4fe7ec539754cccd38b51141517de3ebb4c8185e634bee8a9c76e4f27, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ce:e6:26:6e:ee:a2:4c:93:c8:8f:6d:f2:e6:
                    68:f8:96:ac:43:84:d6:3a:f1:43:61:16:f5:2c:a2:
                    3d:d4:18:55:5c:27:2e:9d:10:e1:95:60:be:85:4f:
                    18:72:7e:99:d4:6e:a2:45:87:46:67:78:cb:00:01:
                    24:6d:a6:20:2e:f8:b4:89:50:50:ec:88:1a:0e:1e:
                    d9:95:09:75:40:ba:bf:62:57:cc:69:37:f2:b0:0a:
                    6a:40:38:ea:95:ef:88:3c:84:c3:cf:63:49:4e:bb:
                    7a:bd:90:aa:d1:e4:bd:ab:56:cb:b9:2f:4b:fb:20:
                    62:21:18:84:14:2e:f0:ca:19:da:8e:f2:5c:fa:9c:
                    ab:87:75:de:fe:d7:e1:e9:f7:1e:03:76:2c:1c:bb:
                    e7:70:fb:e2:f1:f9:c3:74:1b:f8:15:9f:55:ed:fa:
                    41:c4:75:e3:07:75:58:7e:78:01:e6:2e:b9:c1:40:
                    64:35:67:cc:e5:1e:1f:d4:8e:9d:44:7d:f0:8a:33:
                    8f:15:46:27:ec:87:32:ba:5a:1f:ed:2c:2a:a5:28:
                    d9:1b:1b:e0:c9:c9:86:da:00:01:8f:2b:9a:1b:30:
                    22:0b:54:cc:c4:68:9a:32:39:d4:89:bc:8b:15:0a:
                    3a:dc:69:7a:79:02:92:88:c5:57:83:47:bb:96:13:
                    ca:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A5:7A:82:B2:03:05:45:5F:62:57:B1:B6:C4:4E:AD:A7:CC:A3:EB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2e2b4d0f-472e-404a-84d2-16db017ed703.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:71:6e:11:1a:98:a7:1b:10:f0:9a:da:c4:9f:e8:a4:c5:8b:
         04:16:b0:88:16:24:79:bb:0c:5e:32:1a:b7:21:f5:f0:9e:96:
         df:34:2f:81:7f:bb:d8:2e:0c:f5:5b:58:94:e9:cd:35:d3:d2:
         0d:89:52:e4:17:60:37:50:ed:ff:e8:ec:26:84:bb:a0:1c:3c:
         90:ec:57:15:02:a7:3a:62:f6:fd:d4:a0:d3:a3:89:f5:2f:c1:
         44:5c:60:e5:8e:33:ae:be:ab:fd:75:25:bc:a1:34:5e:7f:c3:
         1e:e5:8e:5c:a5:7a:83:32:67:44:59:00:52:9d:00:c4:50:a7:
         33:8a:f0:7a:a6:d0:ca:ee:40:b8:58:2c:66:15:4d:44:33:9e:
         48:1a:17:29:f0:57:8e:da:90:9a:ae:9e:81:4d:c6:08:16:56:
         91:f5:ea:8f:b4:2d:bb:0c:0e:5c:7b:64:ab:be:ff:9d:5c:9e:
         ac:ad:5f:d7:e4:47:e6:28:c2:9e:ed:e3:9d:a7:69:09:a6:78:
         de:7e:55:a0:5c:d2:12:de:1f:43:ff:6f:d9:ef:d3:c8:ba:ce:
         9f:34:a8:81:c0:a5:e6:13:e9:42:d8:bb:8c:3b:03:5d:97:4c:
         38:fe:d8:3e:49:68:4a:aa:72:df:8f:10:2d:ff:54:93:88:3f:
         05:75:92:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNuTVmOWxzaIymDPbl4Fb2mtDryEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA3MDAwMDAwWhcNMjMxMDEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NWE2YzZlNGZlN2VjNTM5NzU0Y2NjZDM4YjUxMTQxNTE3
ZGUzZWJiNGM4MTg1ZTYzNGJlZThhOWM3NmU0ZjI3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVzuYmbu6iTJPIj23y5mj4lqxDhNY68UNhFvUsoj3UGFVc
Jy6dEOGVYL6FTxhyfpnUbqJFh0ZneMsAASRtpiAu+LSJUFDsiBoOHtmVCXVAur9i
V8xpN/KwCmpAOOqV74g8hMPPY0lOu3q9kKrR5L2rVsu5L0v7IGIhGIQULvDKGdqO
8lz6nKuHdd7+1+Hp9x4Ddiwcu+dw++Lx+cN0G/gVn1Xt+kHEdeMHdVh+eAHmLrnB
QGQ1Z8zlHh/Ujp1EffCKM48VRifshzK6Wh/tLCqlKNkbG+DJyYbaAAGPK5obMCIL
VMzEaJoyOdSJvIsVCjrcaXp5ApKIxVeDR7uWE8qnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwqV6grIDBUVfYlextsROrafMo+swHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJlMmI0ZDBmLTQ3MmUtNDA0YS04NGQyLTE2ZGIwMTdlZDcwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIpxbhEamKcbEPCa2sSf6KTFiwQW
sIgWJHm7DF4yGrch9fCelt80L4F/u9guDPVbWJTpzTXT0g2JUuQXYDdQ7f/o7CaE
u6AcPJDsVxUCpzpi9v3UoNOjifUvwURcYOWOM66+q/11JbyhNF5/wx7ljlyleoMy
Z0RZAFKdAMRQpzOK8Hqm0MruQLhYLGYVTUQznkgaFynwV47akJqunoFNxggWVpH1
6o+0LbsMDlx7ZKu+/51cnqytX9fkR+Yowp7t452naQmmeN5+VaBc0hLeH0P/b9nv
08i6zp80qIHApeYT6ULYu4w7A12XTDj+2D5JaEqqct+PEC3/VJOIPwV1kkg=
-----END CERTIFICATE-----