Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/68025601-94e8-4074-b479-2dae9cc755f0.roa
File:                     68025601-94e8-4074-b479-2dae9cc755f0.roa (raw, json)
Hash identifier:          hLQAlsHWWi1Y1WmD6HzVTfjjnG6FNu8mVAtik8E8sYI=
Subject key identifier:   3C:63:D6:D2:AF:D3:5E:69:F4:18:A8:23:8C:A3:7F:6B:59:90:E2:BE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       29DB994FD0618091B970C3EDF101208FB6F29A30
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/68025601-94e8-4074-b479-2dae9cc755f0.roa
Signing time:             Sat 14 Oct 2023 00:00:00 +0000
ROA not before:           Sat 14 Oct 2023 00:00:00 +0000
ROA not after:            Sat 18 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:db:99:4f:d0:61:80:91:b9:70:c3:ed:f1:01:20:8f:b6:f2:9a:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 14 00:00:00 2023 GMT
            Not After : Nov 18 23:59:59 2023 GMT
        Subject: serialNumber=9c31721912a919e9111b57bec0f25ab22c8c28a922fa28e45aba00febd61266d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:bd:72:f4:76:ae:23:ed:be:14:69:fc:e0:c6:
                    b7:eb:1a:1b:5f:be:9f:27:ff:23:3c:d6:af:67:ad:
                    d6:f4:01:57:9c:8c:6c:4e:8c:f6:b8:01:cc:5f:7b:
                    9f:82:0e:dc:92:6d:1e:9b:f2:16:1e:d5:04:ff:ec:
                    7a:eb:ca:ed:7b:0e:0b:12:1f:20:cd:83:96:96:60:
                    04:4f:da:06:5e:d6:ff:44:75:b3:95:55:bb:ad:d9:
                    fe:a0:b0:6c:89:45:29:4d:59:58:1e:a0:7a:63:d1:
                    1a:0e:dc:99:bb:a4:04:98:33:4d:92:06:3b:96:c9:
                    8a:19:a2:90:38:84:8e:a2:34:a1:5f:e1:b3:9e:48:
                    fa:ad:da:cf:a0:e0:c9:20:40:d5:67:84:43:ef:23:
                    47:c4:43:b4:15:92:b5:f1:7c:b8:d3:ae:49:c8:ec:
                    78:bd:2c:b4:86:c0:c7:2d:70:9e:c8:d0:56:b1:23:
                    80:ff:5c:54:19:c8:b7:b2:40:6f:5a:c3:dc:8b:20:
                    af:58:d8:ea:47:06:66:0a:6a:58:0d:58:14:e8:7c:
                    0f:e9:b3:eb:09:a4:db:33:e8:5b:26:bf:5c:1f:38:
                    bd:29:2d:e6:d2:81:2b:aa:5c:61:43:64:64:c8:d1:
                    54:ad:05:89:16:80:9b:88:ea:6a:ba:f8:66:ea:54:
                    fe:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:63:D6:D2:AF:D3:5E:69:F4:18:A8:23:8C:A3:7F:6B:59:90:E2:BE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/68025601-94e8-4074-b479-2dae9cc755f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:4d:90:ad:ee:6c:65:7a:3b:bf:b1:fc:e6:b3:c2:1d:21:bc:
         8f:bc:28:60:6e:03:fa:ea:14:13:a1:04:c5:6c:9f:61:42:6d:
         09:a0:f7:d4:ad:a6:db:ea:03:36:9b:26:d0:29:25:ff:51:04:
         fb:61:20:05:1c:c5:bd:d3:ed:e7:ff:5f:31:09:37:f1:b7:1c:
         fa:a8:76:56:3e:22:2f:0a:d8:12:43:bb:37:66:ab:55:2f:01:
         0d:db:c1:f8:e1:5e:9d:04:6a:63:d5:6c:2d:2e:b2:df:53:83:
         ce:4e:1c:76:88:4c:11:ae:ea:5a:13:78:43:94:0e:a9:0e:56:
         6f:d6:ac:ae:bd:fa:e3:c7:21:62:5c:b6:be:dd:b9:bf:0a:69:
         8e:ac:16:53:e4:1f:0d:5b:74:bd:70:c2:0f:ab:9f:d8:72:d5:
         e6:65:e4:87:79:1b:97:70:c4:d9:6f:4f:42:b6:30:87:b7:4a:
         d2:63:bf:4b:6c:4d:86:7b:99:ff:b5:d8:7f:d0:b7:3e:64:ca:
         9c:0e:32:c6:c0:16:72:be:df:98:92:ec:ac:d6:0c:74:6d:62:
         9d:61:cd:14:d8:fd:f0:00:f6:9d:ed:9b:a6:ec:fb:dd:4f:db:
         ec:f9:36:16:d7:a7:47:d1:19:61:d3:44:94:bb:60:be:b8:25:
         0a:9d:1d:80
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKduZT9BhgJG5cMPt8QEgj7bymjAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE0MDAwMDAwWhcNMjMxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YzMxNzIxOTEyYTkxOWU5MTExYjU3YmVjMGYyNWFiMjJj
OGMyOGE5MjJmYTI4ZTQ1YWJhMDBmZWJkNjEyNjZkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjvXL0dq4j7b4UafzgxrfrGhtfvp8n/yM81q9nrdb0AVec
jGxOjPa4Acxfe5+CDtySbR6b8hYe1QT/7Hrryu17DgsSHyDNg5aWYARP2gZe1v9E
dbOVVbut2f6gsGyJRSlNWVgeoHpj0RoO3Jm7pASYM02SBjuWyYoZopA4hI6iNKFf
4bOeSPqt2s+g4MkgQNVnhEPvI0fEQ7QVkrXxfLjTrknI7Hi9LLSGwMctcJ7I0Fax
I4D/XFQZyLeyQG9aw9yLIK9Y2OpHBmYKalgNWBTofA/ps+sJpNsz6Fsmv1wfOL0p
LebSgSuqXGFDZGTI0VStBYkWgJuI6mq6+GbqVP6vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPGPW0q/TXmn0GKgjjKN/a1mQ4r4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY4MDI1NjAxLTk0ZTgtNDA3NC1iNDc5LTJkYWU5Y2M3NTVmMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHpNkK3ubGV6O7+x/Oazwh0hvI+8
KGBuA/rqFBOhBMVsn2FCbQmg99StptvqAzabJtApJf9RBPthIAUcxb3T7ef/XzEJ
N/G3HPqodlY+Ii8K2BJDuzdmq1UvAQ3bwfjhXp0EamPVbC0ust9Tg85OHHaITBGu
6loTeEOUDqkOVm/WrK69+uPHIWJctr7dub8KaY6sFlPkHw1bdL1wwg+rn9hy1eZl
5Id5G5dwxNlvT0K2MIe3StJjv0tsTYZ7mf+12H/Qtz5kypwOMsbAFnK+35iS7KzW
DHRtYp1hzRTY/fAA9p3tm6bs+91P2+z5NhbXp0fRGWHTRJS7YL64JQqdHYA=
-----END CERTIFICATE-----