Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f11995b4-772a-4c4f-b9be-54c246eb07bb.roa
File:                     f11995b4-772a-4c4f-b9be-54c246eb07bb.roa (raw, json)
Hash identifier:          QJ7JyA/OPJWnOG6tBFKZde1ebZRk/40ApCuON2EuaSo=
Subject key identifier:   36:01:BD:D6:C5:9E:54:EE:4D:D2:5A:1F:A8:E2:B2:C6:B9:56:2B:0A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5160F52A28B2655EF2D09E32058222993E4F0580
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f11995b4-772a-4c4f-b9be-54c246eb07bb.roa
Signing time:             Thu 14 Sep 2023 00:00:00 +0000
ROA not before:           Thu 14 Sep 2023 00:00:00 +0000
ROA not after:            Thu 19 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:60:f5:2a:28:b2:65:5e:f2:d0:9e:32:05:82:22:99:3e:4f:05:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 14 00:00:00 2023 GMT
            Not After : Oct 19 23:59:59 2023 GMT
        Subject: serialNumber=f42a00ecf8a0d3a6de381a284926823eda143da5a370f2874a7005b51038e8d7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:7b:f3:e6:b7:2c:37:23:52:e2:b0:85:84:98:
                    bb:0d:63:b7:06:97:a5:ac:89:57:63:da:5c:ae:21:
                    47:51:8c:94:7f:09:37:36:b5:c5:c7:3b:5b:d0:50:
                    0a:fc:3a:66:c4:a5:06:09:7f:a2:c3:55:88:3f:09:
                    07:d1:b4:51:ad:83:68:11:24:91:8e:6a:cf:4d:09:
                    38:5b:3a:45:8f:f0:5a:0e:1e:8a:79:ba:1b:e7:46:
                    18:d9:fe:ff:2b:30:e2:76:64:a1:ef:7d:88:1c:b6:
                    15:c5:ba:b3:7b:f2:ee:fe:e3:9b:0f:e6:16:92:75:
                    ee:38:dd:d2:7e:c7:61:26:ce:0e:d4:c7:16:c6:0d:
                    5e:16:f9:77:52:3c:fd:17:e8:6d:4e:57:7c:31:06:
                    63:73:86:7b:54:66:f1:61:cf:52:ee:67:e6:cd:18:
                    a5:94:30:65:62:16:69:c0:60:51:b4:19:b5:6a:7e:
                    86:48:45:e4:31:cb:d2:1a:20:19:8a:30:cb:e9:53:
                    10:56:b0:12:40:6a:b0:d7:68:dd:b4:67:c2:f6:77:
                    b8:11:56:79:03:f8:ce:d7:fc:5c:06:b6:58:f6:7c:
                    be:23:ab:fd:74:fb:9c:50:3a:d0:00:21:e8:f2:7f:
                    45:4a:82:0c:9a:1d:72:7d:3b:00:12:d8:a1:a8:b8:
                    5a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:01:BD:D6:C5:9E:54:EE:4D:D2:5A:1F:A8:E2:B2:C6:B9:56:2B:0A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f11995b4-772a-4c4f-b9be-54c246eb07bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:aa:71:a0:38:66:a8:79:d7:d3:ff:f2:5e:78:a0:a6:b5:7c:
         8a:3d:ac:25:9e:0f:0d:ec:f8:d8:a0:3b:02:46:22:7d:49:51:
         7a:8e:0e:2d:64:f3:e1:50:a1:84:7c:2c:b4:35:39:27:60:d3:
         64:80:5d:9e:1f:f1:23:6f:04:75:cd:76:30:fd:e2:2f:1c:45:
         af:08:b3:ff:d2:4e:c3:46:2e:cd:ec:62:02:16:00:60:f8:44:
         09:53:47:1c:5c:3e:f6:d2:d9:0d:f7:7f:f3:c1:88:59:18:cb:
         79:cd:d6:cb:c3:29:ce:e6:94:b0:e0:87:5c:41:82:d5:3a:e6:
         54:21:bc:a4:7e:23:15:90:b4:d8:f9:bf:9d:88:2e:6d:73:77:
         dd:ab:8b:fc:58:9e:97:a0:79:8f:91:9f:21:7c:94:ef:1b:5f:
         0d:2c:18:fb:20:33:7c:c1:dc:2e:2e:dd:64:bf:5b:d1:c5:1c:
         c0:26:56:f0:09:36:22:0c:c5:45:85:c3:ea:75:50:72:a0:33:
         76:a6:fb:af:b0:3a:6e:d2:23:89:b4:ec:fb:bf:26:cd:17:9c:
         96:1b:35:13:31:0a:c9:03:7d:a7:0f:bb:9d:89:c7:b3:ca:f5:
         04:15:31:d8:29:eb:55:41:13:50:97:ab:b2:fd:5d:9d:5b:53:
         cd:37:72:28
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUWD1KiiyZV7y0J4yBYIimT5PBYAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE0MDAwMDAwWhcNMjMxMDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDJhMDBlY2Y4YTBkM2E2ZGUzODFhMjg0OTI2ODIzZWRh
MTQzZGE1YTM3MGYyODc0YTcwMDViNTEwMzhlOGQ3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD0e/Pmtyw3I1LisIWEmLsNY7cGl6WsiVdj2lyuIUdRjJR/
CTc2tcXHO1vQUAr8OmbEpQYJf6LDVYg/CQfRtFGtg2gRJJGOas9NCThbOkWP8FoO
Hop5uhvnRhjZ/v8rMOJ2ZKHvfYgcthXFurN78u7+45sP5haSde443dJ+x2Emzg7U
xxbGDV4W+XdSPP0X6G1OV3wxBmNzhntUZvFhz1LuZ+bNGKWUMGViFmnAYFG0GbVq
foZIReQxy9IaIBmKMMvpUxBWsBJAarDXaN20Z8L2d7gRVnkD+M7X/FwGtlj2fL4j
q/10+5xQOtAAIejyf0VKggyaHXJ9OwAS2KGouFqlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNgG91sWeVO5N0lofqOKyxrlWKwowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2YxMTk5NWI0LTc3MmEtNGM0Zi1iOWJlLTU0YzI0NmViMDdiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ2qcaA4Zqh519P/8l54oKa1fIo9
rCWeDw3s+NigOwJGIn1JUXqODi1k8+FQoYR8LLQ1OSdg02SAXZ4f8SNvBHXNdjD9
4i8cRa8Is//STsNGLs3sYgIWAGD4RAlTRxxcPvbS2Q33f/PBiFkYy3nN1svDKc7m
lLDgh1xBgtU65lQhvKR+IxWQtNj5v52ILm1zd92ri/xYnpegeY+RnyF8lO8bXw0s
GPsgM3zB3C4u3WS/W9HFHMAmVvAJNiIMxUWFw+p1UHKgM3am+6+wOm7SI4m07Pu/
Js0XnJYbNRMxCskDfacPu52Jx7PK9QQVMdgp61VBE1CXq7L9XZ1bU803cig=
-----END CERTIFICATE-----