Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4b4ad57e-7624-408b-ab22-c72650e20b50.roa
File:                     4b4ad57e-7624-408b-ab22-c72650e20b50.roa (raw, json)
Hash identifier:          nBsEvxxmZ4/yT7395kXIEuNZ20Qd640G7eG+NzyVdg0=
Subject key identifier:   62:35:EE:B0:CB:F3:EB:26:9C:F5:59:B9:F4:54:90:8D:20:E3:59:01
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       106E404DC769FB796058027236166A91858199C8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4b4ad57e-7624-408b-ab22-c72650e20b50.roa
Signing time:             Fri 29 Sep 2023 00:00:00 +0000
ROA not before:           Fri 29 Sep 2023 00:00:00 +0000
ROA not after:            Fri 03 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:6e:40:4d:c7:69:fb:79:60:58:02:72:36:16:6a:91:85:81:99:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 29 00:00:00 2023 GMT
            Not After : Nov  3 23:59:59 2023 GMT
        Subject: serialNumber=114daf580d48b5de4f98ff73efe22bec8e84d2dccd6c2641527af9d58fbd47f1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9f:de:dd:fc:3c:a4:84:4c:54:b4:f5:02:de:
                    0c:ae:e2:50:2c:f9:02:6a:a2:f8:dd:8c:b9:3f:ea:
                    5d:b5:86:28:16:af:4a:80:94:58:d8:b8:a9:d0:35:
                    c8:5e:b4:e3:26:7c:e0:bc:62:7b:f4:f9:dd:26:6e:
                    89:e1:8f:92:6a:eb:e3:6f:60:d7:b2:90:03:62:cb:
                    d2:70:91:be:6d:a2:a5:78:e0:e7:77:40:ed:3b:f2:
                    b4:e8:f6:eb:a4:09:cf:19:74:80:ee:a7:6f:d6:1c:
                    65:d2:fa:70:fe:4d:eb:7f:d4:ce:a7:a2:f6:bf:8d:
                    70:b8:28:ab:1e:27:55:3c:c6:d7:f6:dd:82:09:21:
                    a5:96:b2:ad:67:cf:69:89:89:d8:d4:09:c5:91:2d:
                    91:a7:e9:9a:a2:55:93:b6:07:70:7f:3e:de:15:4b:
                    31:f1:be:f6:e0:5d:f9:14:aa:2f:66:ab:eb:6b:4c:
                    c0:93:13:96:91:a8:0a:4a:8b:9a:55:66:d7:4b:66:
                    17:47:6a:0b:7b:b6:f5:03:26:de:5e:28:8b:6a:0a:
                    e7:c2:0c:21:9f:80:46:dc:db:4f:d5:8d:5b:85:a3:
                    ce:67:22:af:5f:13:71:82:49:9d:ca:89:d7:83:0d:
                    2d:04:79:e8:cc:20:92:1d:ad:2a:13:e4:3e:4e:df:
                    b2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:35:EE:B0:CB:F3:EB:26:9C:F5:59:B9:F4:54:90:8D:20:E3:59:01
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4b4ad57e-7624-408b-ab22-c72650e20b50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:d0:39:bb:6f:73:b6:2a:f7:b6:a0:0b:16:d2:8d:1d:3a:0f:
         16:1a:c5:c0:81:82:81:e5:45:46:11:9b:5c:f9:64:fc:70:be:
         97:77:c4:31:68:34:29:0c:bd:36:a4:c5:55:66:da:0e:32:2c:
         a5:a2:35:9a:84:dd:b4:1b:d8:d1:d0:41:8e:2d:17:d6:dd:38:
         d7:1e:fb:f6:6f:67:10:e7:2b:4e:40:90:3b:29:58:f6:94:4a:
         4e:ac:10:ed:16:b0:72:5b:0c:42:86:14:c5:a5:4d:40:c1:21:
         dc:e7:38:4b:5a:97:ec:09:53:e3:d0:de:d8:c6:a0:c7:2d:54:
         17:d2:3b:4b:74:b3:78:5d:b1:5a:f3:73:18:6f:33:95:41:3d:
         5c:de:3f:e7:99:be:12:94:35:81:15:18:b7:ad:fc:e4:00:27:
         8c:fd:5b:5a:8c:ec:c3:e6:74:77:1a:04:ee:57:6c:62:48:df:
         02:63:4e:70:af:74:b1:1e:1a:e9:eb:9d:21:8e:b9:22:b2:ff:
         34:2d:5b:bf:31:f6:df:a4:78:4f:fc:c4:13:d6:4b:cd:da:1b:
         42:40:60:e7:7b:c0:76:0b:5a:37:c0:60:ca:99:19:49:c3:b2:
         bf:74:ee:15:ca:e7:d9:b2:be:39:4a:f9:d7:e9:d2:4b:b2:bb:
         00:62:f1:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEG5ATcdp+3lgWAJyNhZqkYWBmcgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTI5MDAwMDAwWhcNMjMxMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMTRkYWY1ODBkNDhiNWRlNGY5OGZmNzNlZmUyMmJlYzhl
ODRkMmRjY2Q2YzI2NDE1MjdhZjlkNThmYmQ0N2YxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAn97d/DykhExUtPUC3gyu4lAs+QJqovjdjLk/6l21higW
r0qAlFjYuKnQNchetOMmfOC8Ynv0+d0mbonhj5Jq6+NvYNeykANiy9Jwkb5toqV4
4Od3QO078rTo9uukCc8ZdIDup2/WHGXS+nD+Tet/1M6nova/jXC4KKseJ1U8xtf2
3YIJIaWWsq1nz2mJidjUCcWRLZGn6ZqiVZO2B3B/Pt4VSzHxvvbgXfkUqi9mq+tr
TMCTE5aRqApKi5pVZtdLZhdHagt7tvUDJt5eKItqCufCDCGfgEbc20/VjVuFo85n
Iq9fE3GCSZ3KideDDS0EeejMIJIdrSoT5D5O37ItAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYjXusMvz6yac9Vm59FSQjSDjWQEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRiNGFkNTdlLTc2MjQtNDA4Yi1hYjIyLWM3MjY1MGUyMGI1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALPQObtvc7Yq97agCxbSjR06DxYa
xcCBgoHlRUYRm1z5ZPxwvpd3xDFoNCkMvTakxVVm2g4yLKWiNZqE3bQb2NHQQY4t
F9bdONce+/ZvZxDnK05AkDspWPaUSk6sEO0WsHJbDEKGFMWlTUDBIdznOEtal+wJ
U+PQ3tjGoMctVBfSO0t0s3hdsVrzcxhvM5VBPVzeP+eZvhKUNYEVGLet/OQAJ4z9
W1qM7MPmdHcaBO5XbGJI3wJjTnCvdLEeGunrnSGOuSKy/zQtW78x9t+keE/8xBPW
S83aG0JAYOd7wHYLWjfAYMqZGUnDsr907hXK59myvjlK+dfp0kuyuwBi8ZI=
-----END CERTIFICATE-----