Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c4f5360f-c265-4686-8df5-e876ae6e0066.roa
File:                     c4f5360f-c265-4686-8df5-e876ae6e0066.roa (raw, json)
Hash identifier:          Vhy6vpTzCVxDs8MoUH60ealp9ZYUnrqSym9IZPAUvK0=
Subject key identifier:   67:7B:E4:AA:21:3A:FD:53:E1:3F:D1:AB:22:37:12:E9:66:F2:EF:6E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3FA54405122D19197954694D4C53983BAA59F983
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c4f5360f-c265-4686-8df5-e876ae6e0066.roa
Signing time:             Tue 10 Oct 2023 00:00:00 +0000
ROA not before:           Tue 10 Oct 2023 00:00:00 +0000
ROA not after:            Tue 14 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:a5:44:05:12:2d:19:19:79:54:69:4d:4c:53:98:3b:aa:59:f9:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 10 00:00:00 2023 GMT
            Not After : Nov 14 23:59:59 2023 GMT
        Subject: serialNumber=975731cc1fb5c159c4f0f12b8b36cc3d2c0d83e25bf05a9415fb60abcc20d06c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a7:2b:39:ce:c8:37:9d:f2:c3:39:cd:34:a0:
                    73:b9:c0:28:d0:ce:14:55:4a:7b:66:0a:36:9f:fc:
                    24:4a:c1:ab:4b:dc:1e:c6:18:6f:11:1d:03:7b:db:
                    e6:ae:ab:a7:87:7d:01:7a:c6:08:93:ae:1a:68:5f:
                    3f:04:40:0f:e2:cc:14:19:e6:3c:c5:be:99:fc:75:
                    2e:ca:0d:4c:39:22:a7:cd:7b:a0:34:37:cb:b4:1a:
                    3e:6c:df:ba:e9:ef:78:53:f8:16:71:a6:58:62:5a:
                    18:71:bc:0b:21:5d:3a:54:8d:8b:2e:17:99:c9:ad:
                    56:a5:ca:e7:e5:75:58:1f:4d:de:88:e4:52:9f:f2:
                    9b:93:58:4b:3f:d8:10:d7:65:02:5f:a2:7c:65:11:
                    09:ec:0d:e2:1a:0f:f9:30:73:e3:46:38:da:8c:ae:
                    00:3b:66:04:c5:74:78:1f:ef:d0:28:9b:57:69:e2:
                    0d:02:83:bc:80:e8:74:e1:de:11:c4:0f:ab:9b:7a:
                    0a:90:20:59:2b:1b:26:70:9e:5a:16:a2:b4:e5:49:
                    55:1e:2b:0e:a8:86:b5:23:c7:c2:e7:f7:6a:50:6a:
                    df:f1:a7:03:51:47:2e:91:75:c1:84:df:9d:da:6d:
                    e5:89:41:1b:bd:69:b9:16:38:42:d2:07:69:01:b3:
                    5c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:7B:E4:AA:21:3A:FD:53:E1:3F:D1:AB:22:37:12:E9:66:F2:EF:6E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c4f5360f-c265-4686-8df5-e876ae6e0066.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:06:cf:6e:4b:96:91:63:2c:14:93:57:ca:f8:a8:10:f8:1d:
         09:1b:11:15:59:60:34:29:98:a0:fb:7d:7e:af:4b:fe:60:fe:
         4e:e4:cb:3d:03:af:c2:0c:c3:99:9c:c8:47:9f:76:c3:e7:cc:
         0d:8d:33:18:ff:e8:84:b0:36:a6:52:2d:01:c6:b4:4c:dc:ce:
         f9:dc:39:88:6a:60:51:f6:bd:02:70:c7:db:02:05:9b:1a:b2:
         f4:a1:49:21:be:27:7a:40:c3:9b:0b:df:dd:0d:a2:42:fd:53:
         bd:14:4d:e9:49:92:b2:27:84:27:02:5d:ab:bc:a4:2b:42:ff:
         5a:92:8d:55:f7:fd:39:2e:cd:19:0b:d3:95:97:f3:22:7f:23:
         37:ab:58:88:31:74:ce:e0:50:6e:e9:97:5d:cf:69:69:36:f8:
         e0:d5:3e:f6:52:ac:ab:fe:e3:f8:28:de:3e:21:27:2f:f9:9c:
         d1:90:ee:11:76:df:7c:5a:21:d8:41:1a:91:90:a4:6a:ba:fe:
         87:8a:0d:80:ce:d2:2c:5f:28:af:68:f4:b7:90:66:0b:6d:c1:
         8e:98:da:1f:45:11:98:44:df:35:8f:69:c0:32:92:3d:1b:e7:
         42:3e:cc:b2:7e:d0:4c:c7:d0:75:46:d4:7e:f2:57:3f:c9:29:
         32:00:1e:da
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP6VEBRItGRl5VGlNTFOYO6pZ+YMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDEwMDAwMDAwWhcNMjMxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzU3MzFjYzFmYjVjMTU5YzRmMGYxMmI4YjM2Y2MzZDJj
MGQ4M2UyNWJmMDVhOTQxNWZiNjBhYmNjMjBkMDZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZpys5zsg3nfLDOc00oHO5wCjQzhRVSntmCjaf/CRKwatL
3B7GGG8RHQN72+auq6eHfQF6xgiTrhpoXz8EQA/izBQZ5jzFvpn8dS7KDUw5IqfN
e6A0N8u0Gj5s37rp73hT+BZxplhiWhhxvAshXTpUjYsuF5nJrValyufldVgfTd6I
5FKf8puTWEs/2BDXZQJfonxlEQnsDeIaD/kwc+NGONqMrgA7ZgTFdHgf79Aom1dp
4g0Cg7yA6HTh3hHED6ubegqQIFkrGyZwnloWorTlSVUeKw6ohrUjx8Ln92pQat/x
pwNRRy6RdcGE353abeWJQRu9abkWOELSB2kBs1zrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZ3vkqiE6/VPhP9GrIjcS6Wby724wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2M0ZjUzNjBmLWMyNjUtNDY4Ni04ZGY1LWU4NzZhZTZlMDA2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACUGz25LlpFjLBSTV8r4qBD4HQkb
ERVZYDQpmKD7fX6vS/5g/k7kyz0Dr8IMw5mcyEefdsPnzA2NMxj/6ISwNqZSLQHG
tEzczvncOYhqYFH2vQJwx9sCBZsasvShSSG+J3pAw5sL390NokL9U70UTelJkrIn
hCcCXau8pCtC/1qSjVX3/TkuzRkL05WX8yJ/IzerWIgxdM7gUG7pl13PaWk2+ODV
PvZSrKv+4/go3j4hJy/5nNGQ7hF233xaIdhBGpGQpGq6/oeKDYDO0ixfKK9o9LeQ
ZgttwY6Y2h9FEZhE3zWPacAykj0b50I+zLJ+0EzH0HVG1H7yVz/JKTIAHto=
-----END CERTIFICATE-----