Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/79a16763-9d20-44b9-914e-c6babb43af3c.roa
File:                     79a16763-9d20-44b9-914e-c6babb43af3c.roa (raw, json)
Hash identifier:          BSwjRBN7XijdNLD7lqecYjW/ZkVpQgDwNaBQLWGhn7o=
Subject key identifier:   2C:AB:D5:8B:85:24:C4:71:80:0F:FA:F4:20:E1:59:07:7E:76:5C:1C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7618F95560EEE7F3C57747516243425A3D2234F7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/79a16763-9d20-44b9-914e-c6babb43af3c.roa
Signing time:             Sat 07 Oct 2023 00:00:00 +0000
ROA not before:           Sat 07 Oct 2023 00:00:00 +0000
ROA not after:            Sat 11 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:18:f9:55:60:ee:e7:f3:c5:77:47:51:62:43:42:5a:3d:22:34:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  7 00:00:00 2023 GMT
            Not After : Nov 11 23:59:59 2023 GMT
        Subject: serialNumber=03a21ba194dbdc9e635190ae3d3e6cbe9ff6dec039abf10779ca921df7273ff3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:82:b6:50:ad:59:6a:94:44:4e:f8:7d:ca:b2:
                    aa:20:f3:e4:7f:39:50:31:59:7e:f8:a0:4e:2b:03:
                    c2:94:1b:84:45:1e:d9:45:2a:00:13:0a:9b:a4:d0:
                    8d:b8:05:73:63:b1:f8:f1:8d:9a:49:d3:1e:a6:54:
                    55:d3:3e:c6:d8:08:1e:e3:39:e5:8b:ab:7b:98:67:
                    70:18:56:9a:68:22:22:c0:2a:4c:14:10:34:f4:39:
                    e7:c1:f1:13:d2:4d:0a:a2:4f:47:7c:eb:c4:3a:0c:
                    de:00:ff:37:7d:63:22:a4:9e:43:45:7c:0e:68:87:
                    19:2c:e3:02:d5:8e:07:e9:f3:76:79:d0:6c:e6:89:
                    86:09:d1:11:96:f0:f8:35:c9:ea:10:fd:de:bc:12:
                    f9:80:f4:94:d6:1a:b9:f2:16:53:ff:46:61:2e:7b:
                    e7:21:db:17:21:a1:d6:ef:76:55:3d:b2:4d:b6:c6:
                    c6:a9:4a:99:5a:44:d8:5b:b9:27:78:d0:53:8c:97:
                    c5:be:23:27:9e:40:54:96:00:f5:77:85:ad:8d:a0:
                    89:f9:d8:13:df:29:39:e2:fa:9f:6d:05:b4:ca:35:
                    22:ef:57:7d:71:83:d4:f7:f5:aa:f9:ad:b4:a2:ad:
                    56:fb:2b:3b:2d:5c:9e:d6:67:0d:c6:b8:2f:ba:86:
                    b8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:AB:D5:8B:85:24:C4:71:80:0F:FA:F4:20:E1:59:07:7E:76:5C:1C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/79a16763-9d20-44b9-914e-c6babb43af3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:7e:6d:3c:f6:b9:5e:dc:16:20:a0:29:3b:5e:b8:c5:ef:78:
         c3:b4:99:1d:5b:69:90:7e:9c:16:53:79:8e:6d:27:2b:88:65:
         cb:b6:c5:d7:ef:f7:c8:58:3a:a7:e4:7a:e8:eb:00:8e:e1:ad:
         92:8b:b5:60:70:8b:a8:bf:0f:1b:8d:f4:a6:84:04:81:fa:a0:
         fb:50:25:cb:b6:fe:00:18:3f:4f:70:95:6b:59:5d:04:06:91:
         df:a1:e5:f1:67:98:09:67:da:f6:e6:28:9b:66:9e:25:76:01:
         21:58:f2:05:bb:83:b5:b9:0e:1a:e9:98:03:05:4e:90:f2:7f:
         01:7b:6d:a7:64:f8:12:81:50:dc:68:71:c6:4a:48:ab:7d:d1:
         af:ed:67:50:9f:3a:6d:f4:7a:90:d1:88:b2:a5:98:0b:0a:f6:
         05:81:cc:64:35:37:c8:a8:39:36:c9:2a:17:19:c3:60:fb:8c:
         4e:71:a4:4d:62:14:bf:8a:69:6b:76:06:85:fe:b6:8e:3e:04:
         9e:8e:d9:a0:ed:dd:89:8a:a5:13:63:6c:ce:4d:3f:81:18:29:
         e9:63:d3:78:9f:9a:8d:35:65:8f:91:a8:e1:5a:d0:12:f1:3d:
         5d:43:ad:d4:8a:ec:ce:d6:34:42:fd:ed:0b:d9:e9:9d:5c:b7:
         60:9c:57:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdhj5VWDu5/PFd0dRYkNCWj0iNPcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDA3MDAwMDAwWhcNMjMxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0AwM2EyMWJhMTk0ZGJkYzllNjM1MTkwYWUzZDNlNmNiZTlm
ZjZkZWMwMzlhYmYxMDc3OWNhOTIxZGY3MjczZmYzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCGgrZQrVlqlERO+H3Ksqog8+R/OVAxWX74oE4rA8KUG4RF
HtlFKgATCpuk0I24BXNjsfjxjZpJ0x6mVFXTPsbYCB7jOeWLq3uYZ3AYVppoIiLA
KkwUEDT0OefB8RPSTQqiT0d868Q6DN4A/zd9YyKknkNFfA5ohxks4wLVjgfp83Z5
0GzmiYYJ0RGW8Pg1yeoQ/d68EvmA9JTWGrnyFlP/RmEue+ch2xchodbvdlU9sk22
xsapSplaRNhbuSd40FOMl8W+IyeeQFSWAPV3ha2NoIn52BPfKTni+p9tBbTKNSLv
V31xg9T39ar5rbSirVb7KzstXJ7WZw3GuC+6hrirAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULKvVi4UkxHGAD/r0IOFZB352XBwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc5YTE2NzYzLTlkMjAtNDRiOS05MTRlLWM2YmFiYjQzYWYzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACV+bTz2uV7cFiCgKTteuMXveMO0
mR1baZB+nBZTeY5tJyuIZcu2xdfv98hYOqfkeujrAI7hrZKLtWBwi6i/DxuN9KaE
BIH6oPtQJcu2/gAYP09wlWtZXQQGkd+h5fFnmAln2vbmKJtmniV2ASFY8gW7g7W5
DhrpmAMFTpDyfwF7badk+BKBUNxoccZKSKt90a/tZ1CfOm30epDRiLKlmAsK9gWB
zGQ1N8ioOTbJKhcZw2D7jE5xpE1iFL+KaWt2BoX+to4+BJ6O2aDt3YmKpRNjbM5N
P4EYKelj03ifmo01ZY+RqOFa0BLxPV1DrdSK7M7WNEL97QvZ6Z1ct2CcV+g=
-----END CERTIFICATE-----