Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d189fd2-3029-49a2-969b-b53846c8551b.roa
File:                     9d189fd2-3029-49a2-969b-b53846c8551b.roa (raw, json)
Hash identifier:          NPVZk/LysQYP79QjdbnNKyDyEQAnvOwUaZv0+dkhpX4=
Subject key identifier:   93:93:FE:1D:2D:AF:83:87:51:F8:90:AA:60:C2:FE:1E:C0:81:64:14
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       64F0365FEFCB6BD37E99C44135ACC756F7BA7C7F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d189fd2-3029-49a2-969b-b53846c8551b.roa
Signing time:             Wed 20 Sep 2023 00:00:00 +0000
ROA not before:           Wed 20 Sep 2023 00:00:00 +0000
ROA not after:            Wed 25 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:f0:36:5f:ef:cb:6b:d3:7e:99:c4:41:35:ac:c7:56:f7:ba:7c:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 20 00:00:00 2023 GMT
            Not After : Oct 25 23:59:59 2023 GMT
        Subject: serialNumber=48abfac06b3d594b3c621fcd84cb09df77c44cf3cfa871b1454e98aeba076e64, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:49:3d:10:f3:5e:f3:6f:02:ed:f0:11:49:05:
                    8d:db:52:33:75:49:ab:34:bd:e7:a1:d2:b7:4a:ea:
                    91:b3:fa:d2:74:67:96:03:0e:b2:88:c6:91:07:29:
                    62:48:ab:f2:ad:ee:ea:ff:cb:82:64:af:73:b7:c3:
                    8b:cd:78:27:a4:9d:b3:29:23:36:0b:93:e5:a7:55:
                    10:ca:55:39:d7:89:60:71:cc:b0:d1:9e:c8:98:4c:
                    fa:57:a8:d5:94:1b:76:4d:e4:b5:f1:d2:29:3e:52:
                    aa:04:c0:16:c8:1f:9b:61:2a:51:22:47:76:6e:60:
                    9f:b7:d0:bc:c0:4f:70:63:3b:ae:bf:9a:9b:47:63:
                    35:12:1d:ab:dd:4b:e3:12:f6:f2:00:19:b3:0c:1f:
                    b7:e2:02:ed:9a:b4:76:a9:1f:87:65:34:26:61:be:
                    cd:9f:b1:7a:58:0d:73:e1:7b:92:b3:54:a9:d3:7e:
                    b3:1e:94:79:b1:60:49:79:90:23:b5:ae:a9:d8:3a:
                    3e:bd:4e:4d:3c:af:f7:27:17:da:95:60:84:81:5b:
                    4b:28:af:da:db:31:65:24:09:4e:b1:12:33:01:85:
                    f4:d9:21:11:16:7d:9f:ea:bc:13:50:75:7c:dc:bc:
                    76:8c:42:80:f1:1b:93:cf:59:f7:ed:f4:ac:1a:aa:
                    30:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:93:FE:1D:2D:AF:83:87:51:F8:90:AA:60:C2:FE:1E:C0:81:64:14
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d189fd2-3029-49a2-969b-b53846c8551b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:b5:e7:4c:92:11:46:f8:0e:40:7f:67:47:d4:81:4b:2e:d0:
         3f:02:a9:a3:66:ea:72:38:91:03:d8:5e:76:4c:28:f7:77:e4:
         68:0d:2e:c7:63:53:4c:b1:eb:87:65:80:e7:92:e5:41:66:d8:
         3b:2c:0f:54:c1:10:cb:7e:c1:17:8f:cd:30:8d:a5:d0:f1:60:
         66:ea:92:b6:66:1d:48:bd:d9:e7:e1:7f:4a:b4:a1:cb:8e:30:
         77:1f:91:06:b2:ff:09:80:4e:de:4e:f3:c0:1f:33:4b:fd:ad:
         c5:6f:25:7e:40:cf:85:3b:b0:3b:4f:48:66:55:16:7e:02:36:
         2f:d2:63:60:7d:b2:d9:1b:df:0f:80:d0:e3:2a:90:c4:d6:c5:
         cb:21:3b:da:a6:db:37:4f:97:41:f0:6a:f4:d4:63:3c:5c:db:
         55:90:2f:11:7d:dd:fb:7c:97:91:85:05:72:0e:55:ec:e3:79:
         43:38:05:7a:3d:e9:ab:9a:9e:8e:df:43:79:42:99:7b:2f:d9:
         f7:a2:8b:5b:0a:60:86:31:e4:e0:20:54:11:6a:f1:f6:36:3e:
         32:82:fe:d4:6b:b0:71:b3:ef:a3:7b:42:1e:8f:9d:e1:f7:04:
         b2:db:36:dd:98:02:1b:d5:e6:3b:a5:6a:1e:24:7e:3f:55:ec:
         41:d7:e8:9a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZPA2X+/La9N+mcRBNazHVve6fH8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIwMDAwMDAwWhcNMjMxMDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OGFiZmFjMDZiM2Q1OTRiM2M2MjFmY2Q4NGNiMDlkZjc3
YzQ0Y2YzY2ZhODcxYjE0NTRlOThhZWJhMDc2ZTY0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYST0Q817zbwLt8BFJBY3bUjN1Sas0veeh0rdK6pGz+tJ0
Z5YDDrKIxpEHKWJIq/Kt7ur/y4Jkr3O3w4vNeCeknbMpIzYLk+WnVRDKVTnXiWBx
zLDRnsiYTPpXqNWUG3ZN5LXx0ik+UqoEwBbIH5thKlEiR3ZuYJ+30LzAT3BjO66/
mptHYzUSHavdS+MS9vIAGbMMH7fiAu2atHapH4dlNCZhvs2fsXpYDXPhe5KzVKnT
frMelHmxYEl5kCO1rqnYOj69Tk08r/cnF9qVYISBW0sor9rbMWUkCU6xEjMBhfTZ
IREWfZ/qvBNQdXzcvHaMQoDxG5PPWfft9KwaqjDfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUk5P+HS2vg4dR+JCqYML+HsCBZBQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlkMTg5ZmQyLTMwMjktNDlhMi05NjliLWI1Mzg0NmM4NTUxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADu150ySEUb4DkB/Z0fUgUsu0D8C
qaNm6nI4kQPYXnZMKPd35GgNLsdjU0yx64dlgOeS5UFm2DssD1TBEMt+wRePzTCN
pdDxYGbqkrZmHUi92efhf0q0ocuOMHcfkQay/wmATt5O88AfM0v9rcVvJX5Az4U7
sDtPSGZVFn4CNi/SY2B9stkb3w+A0OMqkMTWxcshO9qm2zdPl0HwavTUYzxc21WQ
LxF93ft8l5GFBXIOVezjeUM4BXo96auano7fQ3lCmXsv2feii1sKYIYx5OAgVBFq
8fY2PjKC/tRrsHGz76N7Qh6PneH3BLLbNt2YAhvV5julah4kfj9V7EHX6Jo=
-----END CERTIFICATE-----