Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/38014d2c-4f52-4202-b04d-6ea254448484.roa
File:                     38014d2c-4f52-4202-b04d-6ea254448484.roa (raw, json)
Hash identifier:          Ix9MdtV0lOQdlM+M+APe+dgDS4YOqi+fHJqeDD9WMK8=
Subject key identifier:   1D:78:F5:19:6A:E1:41:03:5C:12:3C:E0:A9:FB:FB:B5:02:F7:FE:69
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1DBBB337A3E2541EB8D49D1D496C0E7132FFB024
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/38014d2c-4f52-4202-b04d-6ea254448484.roa
Signing time:             Tue 19 Sep 2023 00:00:00 +0000
ROA not before:           Tue 19 Sep 2023 00:00:00 +0000
ROA not after:            Tue 24 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:bb:b3:37:a3:e2:54:1e:b8:d4:9d:1d:49:6c:0e:71:32:ff:b0:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 19 00:00:00 2023 GMT
            Not After : Oct 24 23:59:59 2023 GMT
        Subject: serialNumber=96eeb7bdcb4875d81997fc229942dfc8573b994ca688a7c28b086ca2060cf5ac, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:99:c7:fb:37:03:a3:1f:58:6c:da:a8:d0:66:
                    2a:5f:83:ae:6c:19:46:56:ac:be:0d:96:97:3c:17:
                    90:a3:4f:99:38:9c:c0:95:5e:10:29:d7:26:35:2b:
                    e0:0d:29:e0:e8:1d:64:cc:49:e9:b1:22:06:3a:46:
                    43:d2:ec:f4:32:98:76:d1:dc:ab:e2:87:f3:32:c7:
                    12:48:41:47:a2:6f:19:c9:b2:cf:97:b4:cb:86:1b:
                    09:a3:d4:75:f1:eb:21:19:81:d6:50:fc:8f:bf:dc:
                    96:7a:b2:a8:9f:8e:1e:76:07:b0:90:d2:9b:db:11:
                    dd:b5:f8:99:d7:17:25:3d:a7:e9:36:0b:fb:ca:11:
                    e2:af:11:45:8c:63:80:d7:9e:85:8b:15:b9:e9:1c:
                    90:a3:b5:ae:81:fa:55:26:09:ad:21:16:21:83:e5:
                    9a:b4:37:eb:34:22:5d:2f:dc:87:e1:9e:42:d1:11:
                    38:54:1f:89:c3:54:cc:69:0f:74:39:43:a3:89:50:
                    46:9e:dd:98:93:9a:b4:6a:b2:45:dd:fa:52:1d:77:
                    93:2d:78:bd:2d:9e:33:c5:05:00:e7:3d:4d:22:aa:
                    40:5a:a4:fe:e5:6d:d8:e7:6b:ed:b1:8f:76:71:65:
                    d9:0b:93:d1:3f:97:41:87:8b:e7:87:c8:06:93:13:
                    34:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:78:F5:19:6A:E1:41:03:5C:12:3C:E0:A9:FB:FB:B5:02:F7:FE:69
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/38014d2c-4f52-4202-b04d-6ea254448484.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:ca:cd:db:c7:44:56:63:a5:34:73:f4:fc:a1:ba:b2:7c:e3:
         d1:40:b3:31:8d:de:9c:5a:77:5d:84:01:2e:7c:6e:9e:18:ba:
         cf:a4:44:b9:c5:65:a1:33:93:81:2e:fe:74:48:cc:1a:37:f2:
         a0:46:3e:56:74:25:34:63:cb:62:07:3b:7f:c7:f3:bc:2a:39:
         46:5f:eb:1b:1c:6d:ac:d2:35:9b:10:34:ec:2c:65:f2:63:3a:
         cf:99:82:84:f1:15:1f:04:17:f4:4c:f0:56:8b:b7:a5:39:15:
         3a:3a:4a:84:ee:93:d4:a1:d1:05:7e:49:78:03:1b:04:5e:f4:
         ba:a4:54:43:06:88:fe:7d:1d:41:b9:8d:25:79:6f:3f:20:58:
         09:f9:63:e1:7b:cc:d3:65:4b:ad:c8:c5:51:e8:e1:8b:fc:9d:
         de:ea:c3:f8:7c:03:74:c1:0c:77:7a:38:d5:37:23:6a:37:b8:
         35:60:e6:71:ef:ab:7a:d6:a8:b4:26:a9:5a:dd:30:a0:16:a0:
         03:b3:2d:6e:0f:bb:db:7c:33:d5:9f:ce:b9:e2:c3:0d:21:d6:
         8f:0d:6e:77:37:49:ff:66:b7:bc:29:95:af:3e:11:36:a2:18:
         01:32:89:67:08:bf:63:e6:b5:51:1e:2e:7d:40:77:cc:63:c2:
         37:a4:7b:23
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHbuzN6PiVB641J0dSWwOcTL/sCQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE5MDAwMDAwWhcNMjMxMDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NmVlYjdiZGNiNDg3NWQ4MTk5N2ZjMjI5OTQyZGZjODU3
M2I5OTRjYTY4OGE3YzI4YjA4NmNhMjA2MGNmNWFjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQComcf7NwOjH1hs2qjQZipfg65sGUZWrL4Nlpc8F5CjT5k4
nMCVXhAp1yY1K+ANKeDoHWTMSemxIgY6RkPS7PQymHbR3Kvih/MyxxJIQUeibxnJ
ss+XtMuGGwmj1HXx6yEZgdZQ/I+/3JZ6sqifjh52B7CQ0pvbEd21+JnXFyU9p+k2
C/vKEeKvEUWMY4DXnoWLFbnpHJCjta6B+lUmCa0hFiGD5Zq0N+s0Il0v3IfhnkLR
EThUH4nDVMxpD3Q5Q6OJUEae3ZiTmrRqskXd+lIdd5MteL0tnjPFBQDnPU0iqkBa
pP7lbdjna+2xj3ZxZdkLk9E/l0GHi+eHyAaTEzTVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHXj1GWrhQQNcEjzgqfv7tQL3/mkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM4MDE0ZDJjLTRmNTItNDIwMi1iMDRkLTZlYTI1NDQ0ODQ4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH3KzdvHRFZjpTRz9PyhurJ849FA
szGN3pxad12EAS58bp4Yus+kRLnFZaEzk4Eu/nRIzBo38qBGPlZ0JTRjy2IHO3/H
87wqOUZf6xscbazSNZsQNOwsZfJjOs+ZgoTxFR8EF/RM8FaLt6U5FTo6SoTuk9Sh
0QV+SXgDGwRe9LqkVEMGiP59HUG5jSV5bz8gWAn5Y+F7zNNlS63IxVHo4Yv8nd7q
w/h8A3TBDHd6ONU3I2o3uDVg5nHvq3rWqLQmqVrdMKAWoAOzLW4Pu9t8M9Wfzrni
ww0h1o8Nbnc3Sf9mt7wpla8+ETaiGAEyiWcIv2PmtVEeLn1Ad8xjwjekeyM=
-----END CERTIFICATE-----