Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d43314e7-ef09-470f-8cdc-e84b94198cc2.roa
File:                     d43314e7-ef09-470f-8cdc-e84b94198cc2.roa (raw, json)
Hash identifier:          faA8L/LUARcy67eluqwItaif6dmfgFoiDXzle9qjhc4=
Subject key identifier:   28:AF:6B:A6:04:A6:51:0A:BB:1D:09:F6:D3:4C:1C:50:E2:51:AB:18
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2EF42F825AB5D69371B30C17BC525A4CF154D34E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d43314e7-ef09-470f-8cdc-e84b94198cc2.roa
Signing time:             Mon 04 Sep 2023 00:00:00 +0000
ROA not before:           Mon 04 Sep 2023 00:00:00 +0000
ROA not after:            Mon 09 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:f4:2f:82:5a:b5:d6:93:71:b3:0c:17:bc:52:5a:4c:f1:54:d3:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  4 00:00:00 2023 GMT
            Not After : Oct  9 23:59:59 2023 GMT
        Subject: serialNumber=565ecf0285478ca84a92a88d48a78131b50c0b02ea0647b1120fd7200b2bfd87, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:95:bc:a5:ce:5a:51:08:2b:26:1e:70:7c:dd:
                    e9:2f:8e:c0:e2:1a:cd:33:1a:d1:8b:54:c1:88:14:
                    45:db:52:a1:5a:ce:02:19:de:6a:c7:32:82:fa:30:
                    77:4e:ae:38:7d:73:aa:6e:20:4e:74:de:8b:e0:5d:
                    2c:20:82:27:77:d5:7e:aa:00:bb:d2:bb:0d:a3:1d:
                    9e:e2:b9:4a:64:e0:a1:67:a4:f5:73:d0:45:b9:73:
                    fc:28:24:ed:b2:58:75:a2:cc:a6:98:b4:4b:0f:b9:
                    6b:a8:ef:0c:9d:5b:fb:67:da:fe:cc:19:7a:9d:d9:
                    e3:f2:b3:8f:3e:cf:b2:03:3b:55:63:64:7d:2a:fc:
                    9e:90:48:a6:15:c3:c2:85:29:54:c0:01:83:2c:3b:
                    2c:29:47:7b:0e:ab:81:b0:d5:86:35:60:12:ca:5e:
                    dd:ec:bd:96:a9:2a:06:f6:1a:d8:4f:57:9a:05:b6:
                    b6:a9:12:0d:a6:33:6d:dc:94:45:f1:d7:9e:e9:57:
                    50:c7:77:d1:a8:e5:a4:b6:6e:e4:c9:ca:1f:ea:f0:
                    16:40:ef:ad:de:f3:d2:1b:87:94:f8:2d:5c:5e:d0:
                    ce:ed:fb:91:bb:e4:c2:bf:cb:7a:42:b3:19:c4:87:
                    03:07:c3:a7:67:4a:83:8a:a6:de:c2:b3:a7:fb:29:
                    32:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:AF:6B:A6:04:A6:51:0A:BB:1D:09:F6:D3:4C:1C:50:E2:51:AB:18
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d43314e7-ef09-470f-8cdc-e84b94198cc2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:78:d8:ba:5e:f1:f7:44:5d:a3:13:9d:4a:77:38:29:98:2e:
         fd:72:65:8a:c4:31:09:d7:89:81:b0:6a:6a:59:3a:33:cb:51:
         1f:60:29:35:5f:ba:ea:d6:90:ef:68:bb:46:ad:05:20:94:bc:
         8f:53:24:6e:77:40:54:a0:e8:a3:66:9b:99:2c:a1:e4:7c:10:
         5b:79:0e:e4:40:00:97:8a:34:0f:18:7f:de:91:4f:fa:ad:15:
         eb:38:2e:b8:50:1c:3e:de:b6:a9:ab:c7:54:dc:c5:55:e5:a8:
         eb:93:f4:b3:fd:17:db:9b:de:c5:7c:91:d9:aa:f7:34:19:85:
         52:80:da:62:fa:f3:df:89:78:c2:dd:cf:4d:f7:af:36:17:7e:
         ab:67:b9:e9:99:48:9c:dc:2f:c7:7a:87:fb:ad:2c:8f:e4:50:
         73:63:92:08:28:df:e8:7c:b9:92:ce:e5:8b:03:43:3f:97:c4:
         0f:b0:2d:fa:d6:bb:82:6d:8f:11:4f:3f:c4:c7:dc:31:d1:06:
         94:0b:64:8d:fb:06:6c:d8:c0:b9:ba:a4:c6:9e:bd:f0:ae:50:
         06:58:00:2f:a5:6f:bd:c4:b4:a8:00:25:4e:b4:99:e0:31:1d:
         78:50:ff:1a:d0:15:ea:3f:aa:5e:18:1c:01:ac:aa:a6:c6:3c:
         b2:4d:7c:d6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULvQvglq11pNxswwXvFJaTPFU004wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA0MDAwMDAwWhcNMjMxMDA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjVlY2YwMjg1NDc4Y2E4NGE5MmE4OGQ0OGE3ODEzMWI1
MGMwYjAyZWEwNjQ3YjExMjBmZDcyMDBiMmJmZDg3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCulbylzlpRCCsmHnB83ekvjsDiGs0zGtGLVMGIFEXbUqFa
zgIZ3mrHMoL6MHdOrjh9c6puIE503ovgXSwggid31X6qALvSuw2jHZ7iuUpk4KFn
pPVz0EW5c/woJO2yWHWizKaYtEsPuWuo7wydW/tn2v7MGXqd2ePys48+z7IDO1Vj
ZH0q/J6QSKYVw8KFKVTAAYMsOywpR3sOq4Gw1YY1YBLKXt3svZapKgb2GthPV5oF
trapEg2mM23clEXx157pV1DHd9Go5aS2buTJyh/q8BZA763e89Ibh5T4LVxe0M7t
+5G75MK/y3pCsxnEhwMHw6dnSoOKpt7Cs6f7KTLJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKK9rpgSmUQq7HQn200wcUOJRqxgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q0MzMxNGU3LWVmMDktNDcwZi04Y2RjLWU4NGI5NDE5OGNjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGd42Lpe8fdEXaMTnUp3OCmYLv1y
ZYrEMQnXiYGwampZOjPLUR9gKTVfuurWkO9ou0atBSCUvI9TJG53QFSg6KNmm5ks
oeR8EFt5DuRAAJeKNA8Yf96RT/qtFes4LrhQHD7etqmrx1TcxVXlqOuT9LP9F9ub
3sV8kdmq9zQZhVKA2mL689+JeMLdz033rzYXfqtnuemZSJzcL8d6h/utLI/kUHNj
kggo3+h8uZLO5YsDQz+XxA+wLfrWu4JtjxFPP8TH3DHRBpQLZI37BmzYwLm6pMae
vfCuUAZYAC+lb73EtKgAJU60meAxHXhQ/xrQFeo/ql4YHAGsqqbGPLJNfNY=
-----END CERTIFICATE-----