Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d05af5c9-019a-4146-8202-49e629ded4e0.roa
File:                     d05af5c9-019a-4146-8202-49e629ded4e0.roa (raw, json)
Hash identifier:          2mnG3MjVX7jAQaHM27nvQLhJvx4h0/NH9xi5bXzLjRI=
Subject key identifier:   1C:B5:1A:64:30:E6:CB:96:8B:EC:BA:5B:D5:EA:BA:BC:C1:CB:28:C0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2B1B8ADD3500B6F73D6D80B565D352D6C2541204
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d05af5c9-019a-4146-8202-49e629ded4e0.roa
Signing time:             Wed 18 Oct 2023 00:00:00 +0000
ROA not before:           Wed 18 Oct 2023 00:00:00 +0000
ROA not after:            Wed 22 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:1b:8a:dd:35:00:b6:f7:3d:6d:80:b5:65:d3:52:d6:c2:54:12:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 18 00:00:00 2023 GMT
            Not After : Nov 22 23:59:59 2023 GMT
        Subject: serialNumber=0577d29965f91397875c2fa67c8a936cbeb7958335fc7f8e2a21aa7fe1359200, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3a:32:d2:ae:2a:37:d2:a2:dd:cf:78:55:a5:
                    bb:ee:af:1d:88:51:a1:e0:dc:fc:33:f9:56:d5:69:
                    6a:f6:8d:7b:a2:8b:cc:e0:d0:28:6b:9a:98:20:03:
                    c5:a9:dd:53:61:4c:26:da:e2:05:30:b9:21:7b:73:
                    7c:fd:b4:15:c2:41:03:b6:55:4f:e2:8e:2c:47:64:
                    1a:27:e8:d1:ef:ce:c7:51:43:43:cb:ed:d7:c2:09:
                    6f:d6:21:fc:0b:44:d5:7f:cb:2c:89:83:21:c5:89:
                    28:9e:06:65:b4:34:a3:8e:ca:51:9d:1a:2f:b0:75:
                    88:cc:e8:a0:31:42:18:02:09:e5:82:b8:62:26:bb:
                    91:13:ee:dd:cd:a7:d2:40:44:f9:0f:a8:2a:c3:d8:
                    99:e2:31:6b:66:2d:e8:a1:ba:f1:83:6a:c8:b0:22:
                    db:51:e0:21:81:ff:26:d3:f3:d3:61:6d:ea:fa:9c:
                    fd:34:31:2b:00:65:a6:ab:0c:2f:2a:a3:9b:92:e1:
                    b6:91:f9:82:69:d0:92:b4:4b:f8:a3:3f:50:46:33:
                    90:fd:0d:e2:9a:b7:73:9f:7c:be:bb:ee:c1:c6:1b:
                    52:fa:35:de:c7:34:08:02:9f:1c:2d:16:0e:87:21:
                    55:1d:44:02:36:29:40:b4:62:4f:80:47:f9:7b:05:
                    2b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B5:1A:64:30:E6:CB:96:8B:EC:BA:5B:D5:EA:BA:BC:C1:CB:28:C0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d05af5c9-019a-4146-8202-49e629ded4e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:2b:cf:c8:76:94:47:4b:9c:b7:c4:5b:df:3e:1b:12:28:86:
         82:61:9b:07:42:75:47:aa:ba:82:1f:3b:29:be:b5:d9:a0:59:
         a0:14:45:fe:98:e2:59:f2:08:ff:d7:60:b6:2f:41:07:85:48:
         f8:34:70:f4:8d:89:b5:51:46:6a:dc:98:32:16:b6:06:14:a1:
         76:38:1b:67:9c:ab:bc:18:c3:a7:4d:1a:d6:d3:f3:47:0b:5e:
         c2:fe:e4:7b:1f:4b:79:a0:92:51:81:e0:d3:36:24:c7:3f:24:
         f4:48:4a:d9:b0:35:9a:7d:90:a8:6e:0a:da:87:15:d3:cc:75:
         77:1c:65:df:0b:74:54:cb:c5:95:c5:d5:ab:2d:6c:c7:79:a7:
         cc:23:b5:33:65:50:b5:e4:b0:60:a2:35:0b:64:1d:26:7c:5f:
         88:d0:73:63:43:8f:39:31:47:b1:61:3e:e7:df:e7:07:b2:4b:
         da:bf:3b:98:c9:46:ee:e0:b1:c3:c2:15:22:6f:3f:d1:2a:8f:
         3c:3d:de:84:2b:26:39:bd:b0:c6:3b:2f:2f:2c:5e:a9:3a:4e:
         fd:5d:2f:fd:04:e2:f8:e6:6a:97:30:d7:15:f1:96:e9:80:b7:
         19:07:3d:99:f3:88:42:b1:70:88:24:dd:9b:d2:56:d4:4f:36:
         35:36:16:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKxuK3TUAtvc9bYC1ZdNS1sJUEgQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE4MDAwMDAwWhcNMjMxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNTc3ZDI5OTY1ZjkxMzk3ODc1YzJmYTY3YzhhOTM2Y2Jl
Yjc5NTgzMzVmYzdmOGUyYTIxYWE3ZmUxMzU5MjAwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuOjLSrio30qLdz3hVpbvurx2IUaHg3Pwz+VbVaWr2jXui
i8zg0ChrmpggA8Wp3VNhTCba4gUwuSF7c3z9tBXCQQO2VU/ijixHZBon6NHvzsdR
Q0PL7dfCCW/WIfwLRNV/yyyJgyHFiSieBmW0NKOOylGdGi+wdYjM6KAxQhgCCeWC
uGImu5ET7t3Np9JARPkPqCrD2JniMWtmLeihuvGDasiwIttR4CGB/ybT89Nhber6
nP00MSsAZaarDC8qo5uS4baR+YJp0JK0S/ijP1BGM5D9DeKat3OffL677sHGG1L6
Nd7HNAgCnxwtFg6HIVUdRAI2KUC0Yk+AR/l7BSs7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHLUaZDDmy5aL7Lpb1eq6vMHLKMAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QwNWFmNWM5LTAxOWEtNDE0Ni04MjAyLTQ5ZTYyOWRlZDRlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFMrz8h2lEdLnLfEW98+GxIohoJh
mwdCdUequoIfOym+tdmgWaAURf6Y4lnyCP/XYLYvQQeFSPg0cPSNibVRRmrcmDIW
tgYUoXY4G2ecq7wYw6dNGtbT80cLXsL+5HsfS3mgklGB4NM2JMc/JPRIStmwNZp9
kKhuCtqHFdPMdXccZd8LdFTLxZXF1astbMd5p8wjtTNlULXksGCiNQtkHSZ8X4jQ
c2NDjzkxR7FhPuff5weyS9q/O5jJRu7gscPCFSJvP9Eqjzw93oQrJjm9sMY7Ly8s
Xqk6Tv1dL/0E4vjmapcw1xXxlumAtxkHPZnziEKxcIgk3ZvSVtRPNjU2FvM=
-----END CERTIFICATE-----