Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/610196ed-60d6-4af3-86cd-4a9346956235.roa
File:                     610196ed-60d6-4af3-86cd-4a9346956235.roa (raw, json)
Hash identifier:          /x7izC99M+ThBy4hqKEkrobQOVq3KngCKTt7Cz1BnOQ=
Subject key identifier:   65:2A:17:E8:B3:0A:B8:74:E0:FC:3F:B6:4E:51:09:72:3A:30:91:A5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       26D47A792A74853859BD93130A5BA4158DBE55BC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/610196ed-60d6-4af3-86cd-4a9346956235.roa
Signing time:             Mon 02 Oct 2023 00:00:00 +0000
ROA not before:           Mon 02 Oct 2023 00:00:00 +0000
ROA not after:            Mon 06 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:d4:7a:79:2a:74:85:38:59:bd:93:13:0a:5b:a4:15:8d:be:55:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  2 00:00:00 2023 GMT
            Not After : Nov  6 23:59:59 2023 GMT
        Subject: serialNumber=e732ed9a018098dc963c48f61290ab36591afd31fc6c928b8eba2a51f999d80f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f7:31:46:c1:85:a9:51:5b:a8:f0:ec:9f:90:
                    20:c6:cb:73:48:2b:bb:60:c1:94:fb:6c:da:00:ff:
                    a4:a0:18:ce:ea:60:33:05:91:62:52:36:42:b8:34:
                    f8:4a:b4:de:58:7e:b0:af:17:eb:0c:c7:ec:d2:27:
                    f9:e7:a2:1e:ff:4e:33:2a:d2:21:8d:48:77:74:1b:
                    05:dd:a0:71:df:ee:25:f0:17:64:00:d3:36:98:c1:
                    62:65:ce:28:de:21:47:a2:6d:3e:01:f3:20:0d:6e:
                    13:56:19:20:1b:48:9e:53:ba:bb:ee:a3:dc:6b:3e:
                    d1:46:68:49:0a:ea:bb:96:a9:f2:b6:2a:68:2f:53:
                    7d:ab:6e:4a:d3:25:5b:cc:5f:c8:5c:b0:f4:16:29:
                    c8:9d:11:77:c2:9b:f4:bc:be:be:48:a1:ef:78:8f:
                    e9:c6:33:65:3a:67:e0:82:90:3b:30:be:ff:e1:c0:
                    f7:fa:6a:a8:80:bd:e6:27:5c:14:b4:05:60:d4:60:
                    dc:8a:ea:69:96:bc:b8:49:9e:3c:7a:5d:fe:c5:85:
                    5a:52:3e:65:b3:a5:66:b4:9d:64:4e:66:f2:c4:ae:
                    d2:8a:e1:34:73:e1:b0:4e:08:43:31:8c:1f:9f:14:
                    25:30:c8:41:c5:78:8a:74:48:8b:0e:94:f9:51:30:
                    58:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:2A:17:E8:B3:0A:B8:74:E0:FC:3F:B6:4E:51:09:72:3A:30:91:A5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/610196ed-60d6-4af3-86cd-4a9346956235.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:0e:61:67:a1:80:83:d1:91:2a:0e:d2:79:64:cf:ea:2e:b7:
         08:6f:fe:79:83:d8:bc:8c:59:a6:eb:d3:a3:37:16:93:3e:5b:
         7e:3f:80:c3:4e:67:c3:8f:84:37:fb:53:d3:e5:d2:53:68:26:
         e5:88:37:b6:61:65:76:31:df:53:6d:c9:00:08:51:08:1b:51:
         84:8f:55:38:fe:f6:df:48:0e:1f:6f:a4:7f:73:e4:f1:2b:8a:
         60:bf:5f:4a:10:43:6c:48:78:7b:dc:75:6c:95:38:c8:4b:f0:
         7c:58:aa:4c:1e:d7:c6:b3:f9:d7:6d:e7:d4:69:2e:68:82:d5:
         45:f4:eb:e6:4e:89:50:68:12:e1:27:43:e1:c6:2f:48:74:c5:
         83:36:aa:56:0a:72:ff:ed:2b:0b:f9:c0:ca:7c:d1:47:db:7d:
         eb:8e:c8:45:f7:66:6b:42:de:44:bf:33:f4:e5:a0:28:8c:6f:
         32:2e:d4:a8:5b:ca:02:c9:40:dc:87:24:f2:70:2b:ae:1a:c1:
         43:5a:19:80:29:fd:82:75:ca:9c:f1:ca:95:0a:5c:b4:fd:0e:
         3e:16:e5:f6:48:fa:29:a6:fb:27:10:eb:ed:db:6e:68:11:ff:
         96:7c:56:dd:00:b5:0f:4d:fb:77:08:ba:f9:82:6d:d0:df:48:
         4f:ae:1e:89
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJtR6eSp0hThZvZMTClukFY2+VbwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDAyMDAwMDAwWhcNMjMxMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNzMyZWQ5YTAxODA5OGRjOTYzYzQ4ZjYxMjkwYWIzNjU5
MWFmZDMxZmM2YzkyOGI4ZWJhMmE1MWY5OTlkODBmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd9zFGwYWpUVuo8OyfkCDGy3NIK7tgwZT7bNoA/6SgGM7q
YDMFkWJSNkK4NPhKtN5YfrCvF+sMx+zSJ/nnoh7/TjMq0iGNSHd0GwXdoHHf7iXw
F2QA0zaYwWJlzijeIUeibT4B8yANbhNWGSAbSJ5Turvuo9xrPtFGaEkK6ruWqfK2
KmgvU32rbkrTJVvMX8hcsPQWKcidEXfCm/S8vr5Ioe94j+nGM2U6Z+CCkDswvv/h
wPf6aqiAveYnXBS0BWDUYNyK6mmWvLhJnjx6Xf7FhVpSPmWzpWa0nWROZvLErtKK
4TRz4bBOCEMxjB+fFCUwyEHFeIp0SIsOlPlRMFitAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZSoX6LMKuHTg/D+2TlEJcjowkaUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYxMDE5NmVkLTYwZDYtNGFmMy04NmNkLTRhOTM0Njk1NjIzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEQOYWehgIPRkSoO0nlkz+outwhv
/nmD2LyMWabr06M3FpM+W34/gMNOZ8OPhDf7U9Pl0lNoJuWIN7ZhZXYx31NtyQAI
UQgbUYSPVTj+9t9IDh9vpH9z5PErimC/X0oQQ2xIeHvcdWyVOMhL8HxYqkwe18az
+ddt59RpLmiC1UX06+ZOiVBoEuEnQ+HGL0h0xYM2qlYKcv/tKwv5wMp80UfbfeuO
yEX3ZmtC3kS/M/TloCiMbzIu1KhbygLJQNyHJPJwK64awUNaGYAp/YJ1ypzxypUK
XLT9Dj4W5fZI+imm+ycQ6+3bbmgR/5Z8Vt0AtQ9N+3cIuvmCbdDfSE+uHok=
-----END CERTIFICATE-----