Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/57f5c16d-0559-49c3-80ca-925b1265f638.roa
File:                     57f5c16d-0559-49c3-80ca-925b1265f638.roa (raw, json)
Hash identifier:          iieux/ud1oOZOVqBMadpF6MNXMX7X2xvTUp5GTPloR8=
Subject key identifier:   B4:2B:31:F8:E9:C4:4E:10:F4:59:B8:20:E9:73:9D:3E:CE:8F:50:A2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       26F8485E36E2E34FC5A9A354F870768859A0A5DA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/57f5c16d-0559-49c3-80ca-925b1265f638.roa
Signing time:             Sat 28 Oct 2023 00:00:00 +0000
ROA not before:           Sat 28 Oct 2023 00:00:00 +0000
ROA not after:            Sat 02 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:f8:48:5e:36:e2:e3:4f:c5:a9:a3:54:f8:70:76:88:59:a0:a5:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 28 00:00:00 2023 GMT
            Not After : Dec  2 23:59:59 2023 GMT
        Subject: serialNumber=fdf4bc6b86645dfcc9849b2c0cc324f55d550c427227536ed80d82fc599b631f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:2e:66:69:19:65:d7:f3:2f:15:ee:31:ef:a1:
                    63:79:cc:ff:1c:30:e7:ce:4d:a1:61:b4:a4:4f:52:
                    74:70:00:e5:4c:69:02:8c:cf:1d:c0:61:80:06:19:
                    16:cc:17:73:f1:d4:ed:31:0b:49:91:b5:7a:7a:e5:
                    d3:42:ac:02:46:96:d7:ff:ed:11:ea:80:4f:37:ad:
                    fe:4c:3c:fe:d4:9e:1f:68:d2:f1:b7:1b:91:6c:95:
                    29:28:e2:b3:dc:5d:5d:e1:5a:59:65:b5:9c:e9:c8:
                    2e:c2:94:bb:13:2a:a0:0e:1e:d8:1a:ed:81:b6:c7:
                    ba:69:22:4b:58:0d:8d:d8:8b:b4:cc:af:80:51:2d:
                    ee:89:b7:ca:c5:d0:06:9d:7a:2d:82:58:b2:0f:1e:
                    81:0b:73:96:5d:9a:2e:9c:58:c1:be:b1:1a:02:af:
                    b5:19:4b:e1:7e:5d:60:3a:35:97:29:27:f7:09:74:
                    e5:3c:55:28:a5:d5:7f:57:7c:6b:24:0c:26:b6:56:
                    00:43:a2:11:b0:2a:27:66:7b:6c:c2:f9:0e:7f:1b:
                    40:30:34:df:e3:55:15:ec:0b:6b:38:1e:ea:99:b7:
                    8c:01:8e:71:90:d9:34:08:d0:d4:73:df:6e:9a:1c:
                    1b:7e:33:a6:50:ae:0b:20:20:c5:76:a2:5f:cb:58:
                    47:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:2B:31:F8:E9:C4:4E:10:F4:59:B8:20:E9:73:9D:3E:CE:8F:50:A2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/57f5c16d-0559-49c3-80ca-925b1265f638.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:9c:f1:8e:1a:4e:e7:8d:54:88:29:25:c8:e6:79:8c:cb:36:
         26:d5:3c:d8:bb:7f:8c:96:f1:86:b0:0d:90:76:09:51:1d:d2:
         b4:09:be:13:af:bd:65:4d:87:28:ca:ab:de:5c:67:5d:75:fa:
         8b:09:2c:e3:4a:56:d4:53:01:29:d3:97:ac:cd:f0:6a:26:1f:
         9b:1e:11:08:16:06:0f:ad:b0:82:7f:dc:f2:ee:25:04:f0:0a:
         fc:99:fd:ee:24:b3:f9:a3:54:0b:29:a2:b6:9a:0f:6d:8f:0a:
         68:98:ec:34:5e:5f:4f:f2:88:32:61:89:d9:13:d8:f3:39:60:
         f9:e5:76:69:ab:99:c1:5c:e0:e4:58:d5:0e:d7:45:aa:64:ad:
         82:47:c6:60:6e:b9:c2:81:53:3d:af:b5:44:f1:5c:b1:f9:6d:
         23:58:fe:b3:14:7f:f8:6e:3b:5f:48:61:f1:78:d6:17:0d:50:
         b8:a6:51:a6:f4:e5:23:8b:56:3a:3c:bb:4d:23:db:c4:fe:2b:
         e0:66:e1:ad:32:38:25:0b:08:4d:78:f8:2a:73:fb:cb:59:2a:
         85:53:42:48:30:dd:d6:d4:91:24:54:7a:b4:3c:86:85:2d:88:
         c9:cd:0d:3e:e6:0b:4b:60:80:5a:b6:a9:6b:8e:ca:32:8c:44:
         ad:96:be:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJvhIXjbi40/FqaNU+HB2iFmgpdowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI4MDAwMDAwWhcNMjMxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZGY0YmM2Yjg2NjQ1ZGZjYzk4NDliMmMwY2MzMjRmNTVk
NTUwYzQyNzIyNzUzNmVkODBkODJmYzU5OWI2MzFmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSLmZpGWXX8y8V7jHvoWN5zP8cMOfOTaFhtKRPUnRwAOVM
aQKMzx3AYYAGGRbMF3Px1O0xC0mRtXp65dNCrAJGltf/7RHqgE83rf5MPP7Unh9o
0vG3G5FslSko4rPcXV3hWllltZzpyC7ClLsTKqAOHtga7YG2x7ppIktYDY3Yi7TM
r4BRLe6Jt8rF0Aadei2CWLIPHoELc5Zdmi6cWMG+sRoCr7UZS+F+XWA6NZcpJ/cJ
dOU8VSil1X9XfGskDCa2VgBDohGwKidme2zC+Q5/G0AwNN/jVRXsC2s4HuqZt4wB
jnGQ2TQI0NRz326aHBt+M6ZQrgsgIMV2ol/LWEe3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtCsx+OnEThD0Wbgg6XOdPs6PUKIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU3ZjVjMTZkLTA1NTktNDljMy04MGNhLTkyNWIxMjY1ZjYzOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJuc8Y4aTueNVIgpJcjmeYzLNibV
PNi7f4yW8YawDZB2CVEd0rQJvhOvvWVNhyjKq95cZ111+osJLONKVtRTASnTl6zN
8GomH5seEQgWBg+tsIJ/3PLuJQTwCvyZ/e4ks/mjVAsporaaD22PCmiY7DReX0/y
iDJhidkT2PM5YPnldmmrmcFc4ORY1Q7XRapkrYJHxmBuucKBUz2vtUTxXLH5bSNY
/rMUf/huO19IYfF41hcNULimUab05SOLVjo8u00j28T+K+Bm4a0yOCULCE14+Cpz
+8tZKoVTQkgw3dbUkSRUerQ8hoUtiMnNDT7mC0tggFq2qWuOyjKMRK2WviU=
-----END CERTIFICATE-----