Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb56d151-44f7-4a2c-8c46-aa40632bd89b.roa
File:                     bb56d151-44f7-4a2c-8c46-aa40632bd89b.roa (raw, json)
Hash identifier:          GpbS4OZ7+ami8EYx194QRi4DKJvdMIu7g05rwmiJh3c=
Subject key identifier:   ED:0A:85:C0:CB:E3:1C:07:82:A5:19:6A:45:1B:03:F4:7E:70:87:B3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5EC22247E9527FF8B8D4E94A180AF760AC0DE2D9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb56d151-44f7-4a2c-8c46-aa40632bd89b.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:c2:22:47:e9:52:7f:f8:b8:d4:e9:4a:18:0a:f7:60:ac:0d:e2:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=a6d9c2b316a5bff0176ae26f90be4627e8cbe7aaec9996117c80485241994cd3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:84:42:d7:e6:a3:1b:bd:33:9b:59:b1:94:e1:
                    33:c5:02:7e:5c:04:64:76:a2:de:9b:f0:cd:aa:78:
                    c7:f2:ab:1c:0d:61:32:d5:57:0e:fa:14:2d:c0:19:
                    3b:a6:f9:19:72:ff:9b:b3:e3:ab:86:49:48:ec:f3:
                    aa:41:96:08:3c:a7:ba:7e:d4:0b:81:35:d7:53:a7:
                    b7:95:56:25:1b:22:eb:5b:d4:86:79:b4:00:d1:20:
                    e7:b9:f2:52:65:15:4b:03:e0:8f:9c:91:25:43:f3:
                    6a:9a:75:12:97:88:82:f4:5c:69:b1:f9:70:4d:80:
                    e3:f3:df:d6:1c:c6:83:78:c7:5e:66:6a:3f:e5:cd:
                    4c:0b:94:81:31:d3:95:d7:d1:14:08:b9:de:16:8e:
                    41:3d:3d:d0:53:31:0f:1b:4d:03:ff:5d:34:72:42:
                    ff:1c:54:b1:f5:8f:cb:7c:ca:bf:5a:7a:1c:7b:aa:
                    c5:af:bf:62:f5:ec:b4:c4:6a:2f:e5:04:63:42:fe:
                    57:e2:1e:5f:d3:2c:bb:d5:8e:59:df:e6:d3:05:1e:
                    5d:cb:19:0f:f0:61:8b:4b:64:80:21:6e:43:26:56:
                    40:cf:c5:7d:78:35:2f:ee:cb:28:e0:b7:e4:ec:dd:
                    d4:2c:b6:6f:2b:88:af:2c:96:14:0a:c2:cf:5e:f0:
                    6b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:0A:85:C0:CB:E3:1C:07:82:A5:19:6A:45:1B:03:F4:7E:70:87:B3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb56d151-44f7-4a2c-8c46-aa40632bd89b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:45:37:30:7c:e1:13:fb:88:59:34:d1:6d:93:4e:02:d6:00:
         e6:cf:7d:38:76:9d:86:c0:18:35:e6:63:19:8f:e0:93:13:35:
         4c:a7:b6:60:c0:86:61:b1:e2:9f:4f:80:42:0b:7a:1c:10:e3:
         62:16:b0:c0:d1:57:f6:f4:ca:19:d6:43:60:4c:84:40:3a:0d:
         8e:95:72:a7:50:71:ef:bb:84:a6:1b:be:af:00:2a:ca:95:7a:
         43:75:da:33:e4:5a:9c:58:a0:0a:9b:9e:36:cb:a9:ca:60:e7:
         c6:c8:f3:df:63:6b:ed:aa:b6:4f:22:38:e7:3d:86:6c:d0:02:
         cf:d8:27:4c:49:cd:0e:03:a6:9f:c1:8c:d3:4b:7f:04:db:ec:
         b3:67:11:9c:e5:51:f3:f7:12:82:28:dd:8a:fd:fe:cf:3b:49:
         5c:d1:b2:81:4a:bd:50:44:b5:88:6b:74:39:85:a6:99:9d:63:
         16:26:f5:7a:b1:6d:1e:f4:f9:a9:5f:7c:cc:a2:60:63:5d:f7:
         6b:54:d8:de:1f:7d:7b:5e:b5:19:67:2a:4f:24:4d:c0:b6:e8:
         86:76:3e:e9:f3:e9:c5:48:0e:b8:fb:c5:ba:8e:5d:8b:80:dc:
         c2:86:2d:d4:29:9b:2a:80:a6:86:ee:6f:6c:92:de:14:12:e6:
         fb:72:64:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXsIiR+lSf/i41OlKGAr3YKwN4tkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIyMDAwMDAwWhcNMjMxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNmQ5YzJiMzE2YTViZmYwMTc2YWUyNmY5MGJlNDYyN2U4
Y2JlN2FhZWM5OTk2MTE3YzgwNDg1MjQxOTk0Y2QzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKhELX5qMbvTObWbGU4TPFAn5cBGR2ot6b8M2qeMfyqxwN
YTLVVw76FC3AGTum+Rly/5uz46uGSUjs86pBlgg8p7p+1AuBNddTp7eVViUbIutb
1IZ5tADRIOe58lJlFUsD4I+ckSVD82qadRKXiIL0XGmx+XBNgOPz39YcxoN4x15m
aj/lzUwLlIEx05XX0RQIud4WjkE9PdBTMQ8bTQP/XTRyQv8cVLH1j8t8yr9aehx7
qsWvv2L17LTEai/lBGNC/lfiHl/TLLvVjlnf5tMFHl3LGQ/wYYtLZIAhbkMmVkDP
xX14NS/uyyjgt+Ts3dQstm8riK8slhQKws9e8GuXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7QqFwMvjHAeCpRlqRRsD9H5wh7MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JiNTZkMTUxLTQ0ZjctNGEyYy04YzQ2LWFhNDA2MzJiZDg5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABJFNzB84RP7iFk00W2TTgLWAObP
fTh2nYbAGDXmYxmP4JMTNUyntmDAhmGx4p9PgEILehwQ42IWsMDRV/b0yhnWQ2BM
hEA6DY6VcqdQce+7hKYbvq8AKsqVekN12jPkWpxYoAqbnjbLqcpg58bI899ja+2q
tk8iOOc9hmzQAs/YJ0xJzQ4Dpp/BjNNLfwTb7LNnEZzlUfP3EoIo3Yr9/s87SVzR
soFKvVBEtYhrdDmFppmdYxYm9XqxbR70+alffMyiYGNd92tU2N4ffXtetRlnKk8k
TcC26IZ2Punz6cVIDrj7xbqOXYuA3MKGLdQpmyqApobub2yS3hQS5vtyZL0=
-----END CERTIFICATE-----