Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/80402449-3433-4635-8870-29db11f8db7c.roa
File:                     80402449-3433-4635-8870-29db11f8db7c.roa (raw, json)
Hash identifier:          WXLOPRrwn6TzSp3lUlNemZBEhamMhfM/w70DU5EQCsM=
Subject key identifier:   42:23:95:AE:A9:80:05:DE:BA:03:B2:C6:A9:42:08:0D:2E:42:E1:28
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       20563EAA850695C7390153804EDFBCD9AB55BB1C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/80402449-3433-4635-8870-29db11f8db7c.roa
Signing time:             Mon 23 Oct 2023 00:00:00 +0000
ROA not before:           Mon 23 Oct 2023 00:00:00 +0000
ROA not after:            Mon 27 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:56:3e:aa:85:06:95:c7:39:01:53:80:4e:df:bc:d9:ab:55:bb:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 23 00:00:00 2023 GMT
            Not After : Nov 27 23:59:59 2023 GMT
        Subject: serialNumber=3c7bc343609c1c9d78149af380317647853bc4aac21854857ad552536dc18893, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ce:2e:f3:e2:0f:e5:30:fc:76:59:94:2e:9b:
                    6f:35:d0:80:26:1b:c1:d5:91:55:79:e1:b0:13:46:
                    d9:1f:71:c8:5d:c1:dd:cd:f7:7d:af:60:78:e5:cd:
                    03:62:d9:33:63:e1:18:27:a3:1a:15:63:f6:55:0f:
                    be:5f:6c:d6:4b:a0:ba:1f:aa:97:f5:91:d8:73:63:
                    93:8c:9d:24:35:77:4d:fa:92:2a:bd:19:35:ab:d5:
                    f0:a4:08:87:06:61:e5:c4:05:52:4c:b5:dc:72:49:
                    26:e3:8e:61:6a:54:28:fd:9d:db:18:ca:44:98:3b:
                    25:f2:1a:3c:92:59:40:97:c9:13:79:50:ad:e0:a8:
                    71:d1:74:3a:7d:84:f1:af:0b:cd:13:e4:2b:54:77:
                    5f:eb:29:ff:25:5b:96:9f:60:91:9d:34:fa:ee:4e:
                    51:ac:3a:6f:81:24:ec:ad:c8:52:56:ec:2d:af:1c:
                    2d:22:5b:45:b7:11:ad:f9:07:30:c5:75:3d:33:b3:
                    cb:5b:c9:dc:b7:66:64:55:7b:a3:a3:13:80:1f:6f:
                    b0:b5:0a:80:6b:4a:2e:aa:d1:14:11:7e:8c:8a:89:
                    97:02:1d:44:b9:83:80:2a:09:b9:51:4e:58:d8:a5:
                    bd:9d:fd:a6:29:b3:8a:05:6c:fc:2a:dd:83:b2:0b:
                    a4:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:23:95:AE:A9:80:05:DE:BA:03:B2:C6:A9:42:08:0D:2E:42:E1:28
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/80402449-3433-4635-8870-29db11f8db7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:1d:27:ec:3d:97:ae:2a:10:cd:03:c5:f0:24:0e:89:be:06:
         12:66:29:0e:06:3a:b4:7e:e0:8c:ff:ad:d4:87:49:b1:2c:94:
         ce:f6:76:83:61:93:68:4b:67:2b:d3:ac:39:84:5e:66:e6:25:
         a6:cc:25:d0:59:ec:1a:fb:dd:ac:b1:a9:61:27:95:a1:80:ab:
         7c:8e:5c:2b:20:67:60:bb:c8:48:a4:62:c2:29:68:92:b4:91:
         34:b6:2a:5a:02:19:94:fa:11:ef:3b:9c:93:22:d5:02:29:be:
         02:e5:7b:d4:b9:c9:48:e3:65:10:43:ab:e6:26:d5:be:5e:6b:
         ea:fd:b2:5d:d8:b7:3a:f6:cb:92:68:83:de:ae:73:64:db:4a:
         59:e4:67:d7:84:a5:a5:eb:c4:6d:c4:2a:f7:59:11:cd:f7:9d:
         b3:23:b4:96:c9:82:39:f9:00:56:0b:7e:71:83:48:81:36:e4:
         35:9b:9b:14:78:d0:b1:b9:04:b4:83:8c:6e:4b:fe:6a:2b:69:
         0d:28:26:e1:f4:1c:51:d0:30:9e:80:44:82:72:a1:a8:90:94:
         af:9c:83:bc:76:9d:e3:26:b6:99:ca:93:65:6c:f5:d8:e3:d2:
         2f:f0:94:c9:78:6c:22:0c:95:d5:18:39:0d:bf:9b:67:af:4f:
         78:bf:0c:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIFY+qoUGlcc5AVOATt+82atVuxwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDIzMDAwMDAwWhcNMjMxMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzdiYzM0MzYwOWMxYzlkNzgxNDlhZjM4MDMxNzY0Nzg1
M2JjNGFhYzIxODU0ODU3YWQ1NTI1MzZkYzE4ODkzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1zi7z4g/lMPx2WZQum2810IAmG8HVkVV54bATRtkfcchd
wd3N932vYHjlzQNi2TNj4RgnoxoVY/ZVD75fbNZLoLofqpf1kdhzY5OMnSQ1d036
kiq9GTWr1fCkCIcGYeXEBVJMtdxySSbjjmFqVCj9ndsYykSYOyXyGjySWUCXyRN5
UK3gqHHRdDp9hPGvC80T5CtUd1/rKf8lW5afYJGdNPruTlGsOm+BJOytyFJW7C2v
HC0iW0W3Ea35BzDFdT0zs8tbydy3ZmRVe6OjE4Afb7C1CoBrSi6q0RQRfoyKiZcC
HUS5g4AqCblRTljYpb2d/aYps4oFbPwq3YOyC6RDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQiOVrqmABd66A7LGqUIIDS5C4SgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgwNDAyNDQ5LTM0MzMtNDYzNS04ODcwLTI5ZGIxMWY4ZGI3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG8dJ+w9l64qEM0DxfAkDom+BhJm
KQ4GOrR+4Iz/rdSHSbEslM72doNhk2hLZyvTrDmEXmbmJabMJdBZ7Br73ayxqWEn
laGAq3yOXCsgZ2C7yEikYsIpaJK0kTS2KloCGZT6Ee87nJMi1QIpvgLle9S5yUjj
ZRBDq+Ym1b5ea+r9sl3Ytzr2y5Jog96uc2TbSlnkZ9eEpaXrxG3EKvdZEc33nbMj
tJbJgjn5AFYLfnGDSIE25DWbmxR40LG5BLSDjG5L/moraQ0oJuH0HFHQMJ6ARIJy
oaiQlK+cg7x2neMmtpnKk2Vs9djj0i/wlMl4bCIMldUYOQ2/m2evT3i/DPg=
-----END CERTIFICATE-----