Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e6682323-5b87-4286-a74a-39238a27af69.roa
File:                     e6682323-5b87-4286-a74a-39238a27af69.roa (raw, json)
Hash identifier:          QyIgegUttw86PMkq7XR4qg5vR+fNcKgjn+MG1OFpdRk=
Subject key identifier:   2A:DD:F5:F4:A7:67:15:83:00:E6:DA:B3:41:5F:41:47:8C:70:0A:3A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       228CCCDBE0629450DF8FE846805FB4FBCB4A5FC7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e6682323-5b87-4286-a74a-39238a27af69.roa
Signing time:             Tue 03 Oct 2023 00:00:00 +0000
ROA not before:           Tue 03 Oct 2023 00:00:00 +0000
ROA not after:            Tue 07 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:8c:cc:db:e0:62:94:50:df:8f:e8:46:80:5f:b4:fb:cb:4a:5f:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  3 00:00:00 2023 GMT
            Not After : Nov  7 23:59:59 2023 GMT
        Subject: serialNumber=2740d4f1b7804df7419c25b5c9bee24a53ef03f4c6a3fdced31631232508eb64, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ce:fe:c2:f0:6e:91:f8:6d:72:7f:50:c0:2d:
                    75:52:9e:69:69:fd:1b:1e:f0:71:2d:95:1f:76:ba:
                    74:2f:74:6b:99:33:5e:20:52:2f:4b:d1:d6:9f:5b:
                    23:94:32:c5:01:1d:e9:13:2c:24:a9:c4:a0:3d:6e:
                    c7:c6:8c:fe:d0:b2:b6:88:09:dc:6d:43:a6:af:b9:
                    27:eb:3e:cd:39:9c:f3:82:eb:40:12:85:39:d7:56:
                    6c:96:22:69:cf:85:02:27:35:9d:ad:4e:cd:c7:67:
                    d9:fa:90:35:4f:24:e3:60:ed:fe:ea:78:15:26:2c:
                    b2:e0:47:21:d3:bd:6d:dc:2f:29:7f:74:a4:99:0b:
                    1d:dd:33:52:51:1a:ec:f0:9c:b1:b8:80:82:f8:bf:
                    e5:b5:84:59:a4:ea:6a:81:55:4c:26:b0:4e:6e:02:
                    ef:c6:c9:7b:66:7c:91:ca:a7:fa:40:cc:06:c1:e9:
                    62:04:ce:b2:66:87:11:6b:6b:6d:7a:28:a3:42:64:
                    7d:12:1e:2b:58:86:38:bd:05:0a:a8:46:0a:0c:98:
                    99:b8:ed:a3:9f:5d:5b:92:46:ac:05:89:9b:8e:25:
                    53:b1:d7:7b:60:a9:f5:f8:e6:99:ec:b5:91:0a:2a:
                    50:8b:5e:84:aa:ce:91:8e:d1:a7:26:bf:8f:c2:d5:
                    8d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:DD:F5:F4:A7:67:15:83:00:E6:DA:B3:41:5F:41:47:8C:70:0A:3A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e6682323-5b87-4286-a74a-39238a27af69.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:d7:30:41:aa:e5:96:ef:3b:fd:9d:c8:35:70:de:89:80:60:
         b8:11:5d:e4:88:a7:15:3b:90:47:1e:e6:79:65:2f:46:77:bc:
         0d:37:56:6b:bc:a0:2d:a2:9d:85:e9:a5:f9:02:e4:55:04:fd:
         c6:1a:25:24:bd:5f:f3:d0:bd:17:e7:bb:c7:08:28:31:76:1e:
         4d:c9:01:40:79:62:8b:e7:54:59:32:c2:c7:f9:db:34:c3:ef:
         19:f5:a4:38:43:f9:85:3e:bc:db:23:0a:31:0f:fd:df:8c:25:
         c2:07:bb:22:43:11:38:bb:2e:61:b3:08:cd:6f:e7:5f:e0:27:
         cd:a1:f4:06:74:70:9f:39:55:aa:f6:b8:70:ad:54:60:95:5f:
         37:9e:a6:bc:e6:61:e8:a5:8e:c7:53:b7:13:98:63:62:d3:8d:
         2b:97:61:a8:92:38:c1:50:d9:17:b1:d4:c4:78:d7:24:22:dd:
         8c:cc:a4:7a:90:cb:a1:35:d9:e0:21:39:5b:d9:e9:ec:d8:c8:
         e8:1e:0e:ea:0b:93:e7:36:c4:9e:30:16:73:9b:ec:fb:b4:6a:
         fc:ac:1f:b2:7d:d5:45:e3:9a:dc:7b:ba:ae:38:c4:d2:9f:3f:
         8f:f4:cd:82:57:b4:b1:dd:7d:89:0f:b9:6f:fb:af:20:ff:ac:
         bc:3a:3e:fd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIozM2+BilFDfj+hGgF+0+8tKX8cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDAzMDAwMDAwWhcNMjMxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNzQwZDRmMWI3ODA0ZGY3NDE5YzI1YjVjOWJlZTI0YTUz
ZWYwM2Y0YzZhM2ZkY2VkMzE2MzEyMzI1MDhlYjY0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDqzv7C8G6R+G1yf1DALXVSnmlp/Rse8HEtlR92unQvdGuZ
M14gUi9L0dafWyOUMsUBHekTLCSpxKA9bsfGjP7QsraICdxtQ6avuSfrPs05nPOC
60AShTnXVmyWImnPhQInNZ2tTs3HZ9n6kDVPJONg7f7qeBUmLLLgRyHTvW3cLyl/
dKSZCx3dM1JRGuzwnLG4gIL4v+W1hFmk6mqBVUwmsE5uAu/GyXtmfJHKp/pAzAbB
6WIEzrJmhxFra216KKNCZH0SHitYhji9BQqoRgoMmJm47aOfXVuSRqwFiZuOJVOx
13tgqfX45pnstZEKKlCLXoSqzpGO0acmv4/C1Y3bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKt319KdnFYMA5tqzQV9BR4xwCjowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U2NjgyMzIzLTViODctNDI4Ni1hNzRhLTM5MjM4YTI3YWY2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAHXMEGq5ZbvO/2dyDVw3omAYLgR
XeSIpxU7kEce5nllL0Z3vA03Vmu8oC2inYXppfkC5FUE/cYaJSS9X/PQvRfnu8cI
KDF2Hk3JAUB5YovnVFkywsf52zTD7xn1pDhD+YU+vNsjCjEP/d+MJcIHuyJDETi7
LmGzCM1v51/gJ82h9AZ0cJ85Var2uHCtVGCVXzeeprzmYeiljsdTtxOYY2LTjSuX
YaiSOMFQ2Rex1MR41yQi3YzMpHqQy6E12eAhOVvZ6ezYyOgeDuoLk+c2xJ4wFnOb
7Pu0avysH7J91UXjmtx7uq44xNKfP4/0zYJXtLHdfYkPuW/7ryD/rLw6Pv0=
-----END CERTIFICATE-----