Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b879d71e-87a7-4b54-97f8-91c3e94d3882.roa
File:                     b879d71e-87a7-4b54-97f8-91c3e94d3882.roa (raw, json)
Hash identifier:          rYLL1tkIYrqtMm4FelYXHoUUs4Nuan592eYSxT8ZStE=
Subject key identifier:   D0:8D:D0:71:B5:5E:9D:32:6B:51:C7:0A:19:47:47:40:78:01:CA:B8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       73ABE537F92D290ED987790F37E96660DA7722D1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b879d71e-87a7-4b54-97f8-91c3e94d3882.roa
Signing time:             Sun 22 Oct 2023 00:00:00 +0000
ROA not before:           Sun 22 Oct 2023 00:00:00 +0000
ROA not after:            Sun 26 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:ab:e5:37:f9:2d:29:0e:d9:87:79:0f:37:e9:66:60:da:77:22:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 22 00:00:00 2023 GMT
            Not After : Nov 26 23:59:59 2023 GMT
        Subject: serialNumber=559565bd0114c2962df319dec41eed4ae0e8fc5f6d7022d73e2d867072d33a1e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f2:ec:75:e4:48:0e:af:67:db:c5:7e:c9:95:
                    d1:b9:86:af:62:be:0d:53:4d:22:1d:85:b8:28:37:
                    22:d2:1a:1b:55:3a:9a:58:b6:d9:50:7c:f7:d4:0f:
                    7e:1d:bf:f8:db:c6:56:fb:a2:9a:d8:2b:a6:2d:6e:
                    13:20:5d:53:c6:37:8f:3b:d6:50:ed:b7:2c:e8:9f:
                    ad:47:fa:31:47:7e:7b:5d:36:91:d3:3c:03:93:37:
                    ba:ef:24:db:a6:45:8e:8d:5a:84:2c:a4:51:e8:55:
                    11:19:97:f0:f8:a8:95:8a:19:75:3d:9a:1f:98:01:
                    ab:06:b6:e2:29:a0:d4:ab:60:1d:8b:b7:69:a9:30:
                    8f:76:0a:fe:52:41:7d:ce:23:ca:b6:c7:6c:6b:09:
                    91:92:25:4d:8e:19:ba:ae:f3:d4:20:eb:38:21:9a:
                    58:51:5f:63:39:2d:97:8f:c1:b9:dc:4d:60:bb:65:
                    85:19:a7:94:a9:b7:92:11:ad:a3:26:44:d7:e6:c5:
                    75:a9:6c:f0:2b:41:06:dd:9a:7b:f5:d0:da:0b:3b:
                    3c:83:01:d2:cf:78:17:22:63:19:a8:97:c8:7b:cd:
                    75:c9:67:31:78:ad:7c:31:e0:e3:f2:4a:bd:7d:f9:
                    3c:f6:f7:39:32:7b:aa:1c:47:b3:4b:f5:1c:d6:87:
                    9f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:8D:D0:71:B5:5E:9D:32:6B:51:C7:0A:19:47:47:40:78:01:CA:B8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b879d71e-87a7-4b54-97f8-91c3e94d3882.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:94:e9:ee:f7:b2:14:58:10:e9:6c:18:3c:f3:80:10:69:9e:
         a6:65:a6:32:6e:30:9f:80:cd:66:29:e1:28:24:b5:88:2f:17:
         1b:fd:5d:26:68:ad:2f:17:76:3f:b9:17:b2:20:7f:04:92:99:
         2b:18:47:44:48:3c:20:29:3a:93:9a:34:49:7d:eb:e7:e7:d1:
         51:96:9f:34:bf:52:e3:40:49:06:e3:71:41:43:ed:7f:a8:5e:
         e8:20:08:8f:6b:fe:13:f7:f7:2f:84:5d:1e:59:43:a9:45:95:
         86:e2:bb:44:0d:d2:2f:75:f9:b0:4c:86:cd:a5:a9:27:e0:04:
         92:eb:8a:96:d4:da:f5:6a:e8:20:c8:f2:00:e5:e4:18:1a:f8:
         7f:8f:53:82:c8:17:a8:61:fb:35:c5:73:d1:cd:a5:e7:48:60:
         4a:03:7f:a0:5b:8b:11:26:ec:66:60:0c:aa:bf:1a:15:f0:dd:
         39:d8:8a:e6:03:22:36:89:ae:cc:6d:30:7e:1d:8b:a0:e5:38:
         5e:97:c7:ba:25:09:97:98:6b:a7:92:bf:fe:45:28:9e:80:32:
         b3:f1:2c:f0:aa:84:59:75:d6:56:bb:4d:1e:1d:63:03:45:bd:
         81:47:64:e9:90:15:53:39:c6:f4:13:f5:56:67:80:61:d2:7d:
         26:9c:72:4b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc6vlN/ktKQ7Zh3kPN+lmYNp3ItEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDIyMDAwMDAwWhcNMjMxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NTk1NjViZDAxMTRjMjk2MmRmMzE5ZGVjNDFlZWQ0YWUw
ZThmYzVmNmQ3MDIyZDczZTJkODY3MDcyZDMzYTFlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ8ux15EgOr2fbxX7JldG5hq9ivg1TTSIdhbgoNyLSGhtV
OppYttlQfPfUD34dv/jbxlb7oprYK6YtbhMgXVPGN4871lDttyzon61H+jFHfntd
NpHTPAOTN7rvJNumRY6NWoQspFHoVREZl/D4qJWKGXU9mh+YAasGtuIpoNSrYB2L
t2mpMI92Cv5SQX3OI8q2x2xrCZGSJU2OGbqu89Qg6zghmlhRX2M5LZePwbncTWC7
ZYUZp5Spt5IRraMmRNfmxXWpbPArQQbdmnv10NoLOzyDAdLPeBciYxmol8h7zXXJ
ZzF4rXwx4OPySr19+Tz29zkye6ocR7NL9RzWh59DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0I3QcbVenTJrUccKGUdHQHgByrgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I4NzlkNzFlLTg3YTctNGI1NC05N2Y4LTkxYzNlOTRkMzg4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGmU6e73shRYEOlsGDzzgBBpnqZl
pjJuMJ+AzWYp4SgktYgvFxv9XSZorS8Xdj+5F7IgfwSSmSsYR0RIPCApOpOaNEl9
6+fn0VGWnzS/UuNASQbjcUFD7X+oXuggCI9r/hP39y+EXR5ZQ6lFlYbiu0QN0i91
+bBMhs2lqSfgBJLripbU2vVq6CDI8gDl5Bga+H+PU4LIF6hh+zXFc9HNpedIYEoD
f6BbixEm7GZgDKq/GhXw3TnYiuYDIjaJrsxtMH4di6DlOF6Xx7olCZeYa6eSv/5F
KJ6AMrPxLPCqhFl11la7TR4dYwNFvYFHZOmQFVM5xvQT9VZngGHSfSaccks=
-----END CERTIFICATE-----