Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dc346dc-837f-4ac2-8f07-6f20cecb6a8f.roa
File:                     7dc346dc-837f-4ac2-8f07-6f20cecb6a8f.roa (raw, json)
Hash identifier:          9ErD9IIA9pczlc3XX/wefeunpSH9E/nH4BJnYLXpLkk=
Subject key identifier:   45:CF:6A:79:8D:44:8B:22:C4:D0:16:DC:6E:C8:C0:9F:17:A8:EA:C6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0C6D7BAEE02B81B194B8EAFDE7232C0E9F7BA472
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dc346dc-837f-4ac2-8f07-6f20cecb6a8f.roa
Signing time:             Thu 21 Sep 2023 00:00:00 +0000
ROA not before:           Thu 21 Sep 2023 00:00:00 +0000
ROA not after:            Thu 26 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:6d:7b:ae:e0:2b:81:b1:94:b8:ea:fd:e7:23:2c:0e:9f:7b:a4:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 21 00:00:00 2023 GMT
            Not After : Oct 26 23:59:59 2023 GMT
        Subject: serialNumber=b16ed6709301cb16bb70ac806704a688e40db8daf37d425db73e84b01acc8894, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:33:b2:4a:4c:dc:d1:cd:d5:aa:21:af:cc:6c:
                    8e:59:7a:7f:6f:5f:e6:05:bc:da:0f:84:82:f0:80:
                    7c:cc:6e:1b:98:89:50:b5:0e:cf:aa:5e:25:55:89:
                    0c:8f:a9:d5:64:75:aa:57:e8:1c:a8:04:a4:6a:a0:
                    0c:a1:87:fb:68:e8:88:e9:70:b3:09:6c:c2:1b:3d:
                    03:d6:5c:80:45:60:5b:6b:80:1e:87:ef:22:e7:48:
                    c3:95:6b:e6:50:02:8c:4b:e4:54:63:8d:6a:58:16:
                    d9:87:7c:7c:c7:72:44:bd:8b:42:aa:ee:ea:1e:cb:
                    59:02:8a:65:45:11:fc:4e:78:1f:c4:52:25:cd:ce:
                    2d:be:c5:86:cc:cf:10:97:4d:2c:51:88:d5:f9:a0:
                    11:93:32:58:fc:2a:b8:fd:78:94:ce:93:10:6c:9e:
                    bc:ac:0d:aa:02:e6:f0:18:dd:ad:af:ba:f1:c8:1c:
                    60:49:a9:46:2f:89:24:6f:07:e0:b7:6f:03:e0:2d:
                    ae:4d:ac:5a:28:f5:5e:78:b1:5c:60:dc:25:97:8b:
                    6d:f7:50:47:72:0d:41:61:54:40:2e:54:e8:d4:aa:
                    16:b2:99:55:df:d7:be:4f:1b:84:0b:e8:62:0d:7e:
                    09:54:d6:20:a4:11:8b:b0:ee:b4:80:b9:02:6a:9b:
                    67:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:CF:6A:79:8D:44:8B:22:C4:D0:16:DC:6E:C8:C0:9F:17:A8:EA:C6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dc346dc-837f-4ac2-8f07-6f20cecb6a8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:fa:20:e3:c5:ab:0f:58:01:ac:2f:f7:a3:8a:51:15:9c:1b:
         cc:5c:3b:8d:ab:e4:be:e9:b5:8a:1d:84:3e:2f:e0:55:ce:21:
         95:a6:97:3d:47:f1:02:78:db:06:3c:60:32:98:58:34:71:38:
         3d:a5:13:89:89:aa:95:d5:cf:51:e0:84:87:af:f5:70:71:da:
         8e:18:0b:99:8c:38:db:6c:75:2a:7a:c3:51:6c:39:fc:ff:ae:
         3f:03:3a:14:bd:23:50:ce:c9:ab:0e:96:55:01:8a:cc:69:38:
         f7:03:7b:3f:d7:29:44:5d:59:84:a5:fa:1e:aa:ec:bc:cb:84:
         37:0f:2e:ac:8b:df:f2:d1:23:b3:e2:4b:21:8d:68:e2:7c:09:
         17:34:08:43:7d:cb:ec:84:19:83:52:f2:ce:41:cb:a9:c4:fe:
         5d:53:7f:9d:20:07:91:42:2f:a8:fb:52:50:fd:e8:6a:f3:23:
         ac:f7:26:58:14:66:18:d2:80:30:b8:0b:3a:06:96:56:2a:69:
         89:cf:c6:1f:72:f0:d4:04:a2:3e:01:d0:38:c5:3a:53:05:0a:
         5e:77:27:f5:43:60:ad:41:e3:27:ac:f7:1f:54:da:7b:cd:c8:
         73:22:2c:ad:67:34:83:be:43:d6:61:ee:20:01:54:54:ea:22:
         98:1d:34:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDG17ruArgbGUuOr95yMsDp97pHIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIxMDAwMDAwWhcNMjMxMDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMTZlZDY3MDkzMDFjYjE2YmI3MGFjODA2NzA0YTY4OGU0
MGRiOGRhZjM3ZDQyNWRiNzNlODRiMDFhY2M4ODk0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsM7JKTNzRzdWqIa/MbI5Zen9vX+YFvNoPhILwgHzMbhuY
iVC1Ds+qXiVViQyPqdVkdapX6ByoBKRqoAyhh/to6IjpcLMJbMIbPQPWXIBFYFtr
gB6H7yLnSMOVa+ZQAoxL5FRjjWpYFtmHfHzHckS9i0Kq7uoey1kCimVFEfxOeB/E
UiXNzi2+xYbMzxCXTSxRiNX5oBGTMlj8Krj9eJTOkxBsnrysDaoC5vAY3a2vuvHI
HGBJqUYviSRvB+C3bwPgLa5NrFoo9V54sVxg3CWXi233UEdyDUFhVEAuVOjUqhay
mVXf175PG4QL6GINfglU1iCkEYuw7rSAuQJqm2erAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURc9qeY1EiyLE0BbcbsjAnxeo6sYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdkYzM0NmRjLTgzN2YtNGFjMi04ZjA3LTZmMjBjZWNiNmE4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIH6IOPFqw9YAawv96OKURWcG8xc
O42r5L7ptYodhD4v4FXOIZWmlz1H8QJ42wY8YDKYWDRxOD2lE4mJqpXVz1HghIev
9XBx2o4YC5mMONtsdSp6w1FsOfz/rj8DOhS9I1DOyasOllUBisxpOPcDez/XKURd
WYSl+h6q7LzLhDcPLqyL3/LRI7PiSyGNaOJ8CRc0CEN9y+yEGYNS8s5By6nE/l1T
f50gB5FCL6j7UlD96GrzI6z3JlgUZhjSgDC4CzoGllYqaYnPxh9y8NQEoj4B0DjF
OlMFCl53J/VDYK1B4yes9x9U2nvNyHMiLK1nNIO+Q9Zh7iABVFTqIpgdNFQ=
-----END CERTIFICATE-----