Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/57875e5c-858b-456f-bcad-981083c25753.roa
File:                     57875e5c-858b-456f-bcad-981083c25753.roa (raw, json)
Hash identifier:          DKmG+3C6g141F51xUblaQTBYnfYw/Q1Fr+PDP8LIg5M=
Subject key identifier:   8F:87:D0:EE:23:D9:FA:66:78:A7:D7:D9:C3:D9:BB:71:90:AE:E3:41
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       05D25F87B04C9856BBE120A8890C1F8141A598E0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/57875e5c-858b-456f-bcad-981083c25753.roa
Signing time:             Thu 26 Oct 2023 00:00:00 +0000
ROA not before:           Thu 26 Oct 2023 00:00:00 +0000
ROA not after:            Thu 30 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:d2:5f:87:b0:4c:98:56:bb:e1:20:a8:89:0c:1f:81:41:a5:98:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 26 00:00:00 2023 GMT
            Not After : Nov 30 23:59:59 2023 GMT
        Subject: serialNumber=830ba1d85d87282a97e3d19d38f0856b53cdecd3b0954cc20055c979836394b5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:42:92:d4:ee:24:00:17:e4:52:79:0e:b5:35:
                    93:be:d1:58:2f:01:cd:48:11:16:75:e4:52:88:b5:
                    3b:04:3d:5c:af:65:76:d5:2b:18:25:1e:34:65:5d:
                    ba:44:0f:83:64:0e:cc:f3:2a:37:af:dd:71:ef:f0:
                    0b:26:e4:a4:2d:c9:0c:04:df:fc:ce:c1:3b:7e:58:
                    2a:38:48:73:ca:35:c5:18:c8:99:40:2d:37:f1:df:
                    28:c5:9d:00:c6:be:dd:6b:a1:51:59:52:5f:51:a3:
                    2d:ef:23:e6:bb:ce:5d:62:2b:bf:53:e0:31:7d:5f:
                    0e:4c:89:39:e7:4f:1c:69:54:55:f7:35:ee:4b:fb:
                    f0:b7:a6:c3:b8:9e:2b:5e:18:88:b4:0c:6d:81:4e:
                    21:ae:69:a9:6d:8e:c3:dc:d8:71:4f:25:33:1f:88:
                    b1:d5:92:39:87:18:c3:52:bb:46:f7:4c:2c:10:aa:
                    05:34:c9:f3:d9:cd:b1:22:cc:dd:6c:fb:04:3b:0e:
                    60:f2:d9:e2:ae:6f:61:a9:26:13:71:05:e5:c3:e8:
                    03:7a:ec:34:b1:e6:18:09:e8:ea:37:5e:49:5c:f6:
                    2c:36:88:fb:ad:ab:41:4d:88:dc:53:df:3f:84:a6:
                    96:f7:b0:bb:6c:3d:fc:c7:c7:99:22:8a:bc:e0:68:
                    67:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:87:D0:EE:23:D9:FA:66:78:A7:D7:D9:C3:D9:BB:71:90:AE:E3:41
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/57875e5c-858b-456f-bcad-981083c25753.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:2e:03:24:1d:8a:b6:93:85:35:c5:68:85:01:bf:c7:50:e2:
         cc:41:33:c4:c5:e2:51:9f:26:b2:7b:b6:15:fb:58:d7:3a:92:
         c6:f0:8e:9d:8e:56:d5:35:f2:2e:ef:7f:ad:00:66:d6:ae:2c:
         43:02:ab:4c:fa:dc:7b:d9:4b:6f:ca:25:ec:02:e6:a1:d4:9c:
         c6:5c:51:0f:6b:6d:aa:a9:98:35:e7:60:11:e6:a0:a9:86:1a:
         e3:ee:cf:ac:74:c5:f0:94:30:97:44:5d:cc:8d:43:dd:2a:74:
         94:b7:44:52:20:fa:ec:3a:0f:a6:9a:3b:d6:f0:65:f6:d7:ea:
         0b:bf:c4:dc:d0:d0:03:ad:2a:6e:df:bc:89:c2:87:b0:bf:3d:
         01:4d:a1:f3:ac:3e:76:f9:05:1f:f2:72:dc:78:00:69:d5:40:
         c0:21:b6:27:6a:4d:30:ce:2b:f6:07:e2:9d:60:94:98:6b:a8:
         b2:58:43:1c:e9:cf:8d:f1:76:c5:f2:fd:b4:dc:48:fa:aa:f2:
         a8:4d:8a:7c:fb:4b:e0:d9:67:05:b9:16:c7:de:38:79:5f:9d:
         e6:22:0a:07:a2:b1:57:84:58:2f:be:d1:a3:ab:4b:4c:8e:c7:
         c3:88:29:50:48:c2:6b:9b:08:20:6c:7a:23:f2:7c:2a:00:eb:
         81:59:2b:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBdJfh7BMmFa74SCoiQwfgUGlmOAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI2MDAwMDAwWhcNMjMxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MzBiYTFkODVkODcyODJhOTdlM2QxOWQzOGYwODU2YjUz
Y2RlY2QzYjA5NTRjYzIwMDU1Yzk3OTgzNjM5NGI1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcQpLU7iQAF+RSeQ61NZO+0VgvAc1IERZ15FKItTsEPVyv
ZXbVKxglHjRlXbpED4NkDszzKjev3XHv8Asm5KQtyQwE3/zOwTt+WCo4SHPKNcUY
yJlALTfx3yjFnQDGvt1roVFZUl9Roy3vI+a7zl1iK79T4DF9Xw5MiTnnTxxpVFX3
Ne5L+/C3psO4niteGIi0DG2BTiGuaaltjsPc2HFPJTMfiLHVkjmHGMNSu0b3TCwQ
qgU0yfPZzbEizN1s+wQ7DmDy2eKub2GpJhNxBeXD6AN67DSx5hgJ6Oo3Xklc9iw2
iPutq0FNiNxT3z+Eppb3sLtsPfzHx5kiirzgaGeHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUj4fQ7iPZ+mZ4p9fZw9m7cZCu40EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU3ODc1ZTVjLTg1OGItNDU2Zi1iY2FkLTk4MTA4M2MyNTc1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG8uAyQdiraThTXFaIUBv8dQ4sxB
M8TF4lGfJrJ7thX7WNc6ksbwjp2OVtU18i7vf60AZtauLEMCq0z63HvZS2/KJewC
5qHUnMZcUQ9rbaqpmDXnYBHmoKmGGuPuz6x0xfCUMJdEXcyNQ90qdJS3RFIg+uw6
D6aaO9bwZfbX6gu/xNzQ0AOtKm7fvInCh7C/PQFNofOsPnb5BR/yctx4AGnVQMAh
tidqTTDOK/YH4p1glJhrqLJYQxzpz43xdsXy/bTcSPqq8qhNinz7S+DZZwW5Fsfe
OHlfneYiCgeisVeEWC++0aOrS0yOx8OIKVBIwmubCCBseiPyfCoA64FZKxQ=
-----END CERTIFICATE-----