Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a7e896ba-aaad-4ab8-9602-3ef035f2b8e5.roa
File:                     a7e896ba-aaad-4ab8-9602-3ef035f2b8e5.roa (raw, json)
Hash identifier:          sC+6QLML9ZC+TQYmK3YoOu5q4Gl2Rjy66G4uBhtnca8=
Subject key identifier:   4C:48:27:8F:6C:BC:6E:A6:08:0A:69:EB:09:48:01:CB:A3:4B:6F:03
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3283108F974E45B8BDF3EF3BE769345ACE2741DA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a7e896ba-aaad-4ab8-9602-3ef035f2b8e5.roa
Signing time:             Sun 08 Oct 2023 00:00:00 +0000
ROA not before:           Sun 08 Oct 2023 00:00:00 +0000
ROA not after:            Sun 12 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:83:10:8f:97:4e:45:b8:bd:f3:ef:3b:e7:69:34:5a:ce:27:41:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  8 00:00:00 2023 GMT
            Not After : Nov 12 23:59:59 2023 GMT
        Subject: serialNumber=717007482dc0203b12734d6bda256aeb0aa109234c67c50de245bba7336f2c52, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ca:97:10:d3:80:0d:ff:be:55:c8:ec:f1:8e:
                    73:bb:50:e0:91:7a:4e:f8:85:e3:e2:43:c9:61:27:
                    3d:37:9b:40:d2:a5:4f:04:4d:1c:6c:c9:ea:c4:1c:
                    a4:54:55:ab:63:c5:13:12:52:8a:23:f4:ba:e3:98:
                    13:c0:7a:85:95:91:6e:61:98:05:c6:85:00:75:64:
                    67:95:38:1c:c7:9b:fe:02:39:1c:3f:5a:a6:56:93:
                    49:da:ee:6e:34:e2:61:3a:41:28:33:b6:09:d9:0c:
                    45:b2:79:13:a1:54:9f:52:d2:9f:c8:59:bb:34:9a:
                    9d:eb:77:44:87:12:02:f0:c9:7f:bb:65:e5:70:9e:
                    d7:49:90:85:75:16:7c:f9:31:43:67:88:32:79:44:
                    50:fa:34:6a:fc:5b:f4:19:5e:c8:92:e1:e6:61:75:
                    26:23:32:f0:ed:5e:67:39:fc:24:15:a1:cf:dd:aa:
                    58:34:3e:a1:7c:1f:d2:4a:75:f9:a5:5c:25:38:5a:
                    c7:67:8b:96:bb:8d:fd:6d:cc:9e:e3:88:5b:84:36:
                    ac:a7:a8:c6:c9:02:23:bf:d8:0f:ca:a4:67:54:75:
                    35:1e:78:ce:96:da:42:ee:bf:72:82:71:78:f4:e0:
                    55:ba:90:10:85:a4:f8:e4:f6:88:9d:c8:4b:76:23:
                    02:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:48:27:8F:6C:BC:6E:A6:08:0A:69:EB:09:48:01:CB:A3:4B:6F:03
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a7e896ba-aaad-4ab8-9602-3ef035f2b8e5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:66:cb:0d:c6:8d:1b:8f:c6:55:80:cb:b6:d8:40:78:dd:3b:
         7d:60:eb:70:ac:9a:b1:62:ea:b2:b1:d1:3f:36:05:9c:23:20:
         5b:e9:6f:85:01:d3:04:1b:c4:7a:26:6e:77:96:1d:1c:c3:06:
         d8:9f:3a:88:77:cd:ca:4a:a2:c1:db:54:f5:a1:38:b0:34:31:
         0e:59:a8:30:22:67:3d:6c:62:63:1d:ce:5e:e0:9a:0a:84:4d:
         5f:be:89:9f:a2:0f:8e:d6:61:7c:de:45:31:2b:4b:a8:b6:59:
         59:e2:e2:c1:a8:c7:77:76:30:fb:59:93:08:9a:1c:21:31:ef:
         32:e3:be:f2:19:30:32:a5:3e:7b:c3:68:ed:9a:07:95:40:b1:
         4e:ca:4d:db:ba:9d:0d:cc:c5:a1:b6:6b:1f:da:9f:0d:e2:95:
         1c:6a:5d:74:02:ef:fa:a0:53:93:d6:5c:1d:6d:c3:d8:71:d6:
         b8:61:06:49:8d:2e:09:3b:51:43:33:92:e3:4f:5d:56:15:42:
         a8:d7:ba:c8:ab:0a:3b:66:9d:95:1f:cd:bf:98:d5:e8:a2:5b:
         1c:ba:06:a0:2d:2b:1a:63:98:97:d8:08:bf:ca:f9:ab:5a:c6:
         b8:54:c1:20:ea:80:65:ce:8e:44:67:62:63:43:96:49:fe:a6:
         c5:9b:39:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMoMQj5dORbi98+8752k0Ws4nQdowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDA4MDAwMDAwWhcNMjMxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MTcwMDc0ODJkYzAyMDNiMTI3MzRkNmJkYTI1NmFlYjBh
YTEwOTIzNGM2N2M1MGRlMjQ1YmJhNzMzNmYyYzUyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJypcQ04AN/75VyOzxjnO7UOCRek74hePiQ8lhJz03m0DS
pU8ETRxsyerEHKRUVatjxRMSUooj9LrjmBPAeoWVkW5hmAXGhQB1ZGeVOBzHm/4C
ORw/WqZWk0na7m404mE6QSgztgnZDEWyeROhVJ9S0p/IWbs0mp3rd0SHEgLwyX+7
ZeVwntdJkIV1Fnz5MUNniDJ5RFD6NGr8W/QZXsiS4eZhdSYjMvDtXmc5/CQVoc/d
qlg0PqF8H9JKdfmlXCU4Wsdni5a7jf1tzJ7jiFuENqynqMbJAiO/2A/KpGdUdTUe
eM6W2kLuv3KCcXj04FW6kBCFpPjk9oidyEt2IwIlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTEgnj2y8bqYICmnrCUgBy6NLbwMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E3ZTg5NmJhLWFhYWQtNGFiOC05NjAyLTNlZjAzNWYyYjhlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADJmyw3GjRuPxlWAy7bYQHjdO31g
63CsmrFi6rKx0T82BZwjIFvpb4UB0wQbxHombneWHRzDBtifOoh3zcpKosHbVPWh
OLA0MQ5ZqDAiZz1sYmMdzl7gmgqETV++iZ+iD47WYXzeRTErS6i2WVni4sGox3d2
MPtZkwiaHCEx7zLjvvIZMDKlPnvDaO2aB5VAsU7KTdu6nQ3MxaG2ax/anw3ilRxq
XXQC7/qgU5PWXB1tw9hx1rhhBkmNLgk7UUMzkuNPXVYVQqjXusirCjtmnZUfzb+Y
1eiiWxy6BqAtKxpjmJfYCL/K+ataxrhUwSDqgGXOjkRnYmNDlkn+psWbOWo=
-----END CERTIFICATE-----