Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f206caae-3bd6-4d03-96c5-203561e71da2.roa
File:                     f206caae-3bd6-4d03-96c5-203561e71da2.roa (raw, json)
Hash identifier:          kmV3UQ9ThpCzFWx/eF54ljiKKnqEtUe83KK4ZaMm8go=
Subject key identifier:   67:08:6E:E9:59:F8:69:DC:5E:92:41:29:09:78:4D:2A:26:BD:2E:76
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7516834A97FDE086C0323A2DAE343C7E522BC34E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f206caae-3bd6-4d03-96c5-203561e71da2.roa
Signing time:             Thu 21 Sep 2023 00:00:00 +0000
ROA not before:           Thu 21 Sep 2023 00:00:00 +0000
ROA not after:            Thu 26 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:16:83:4a:97:fd:e0:86:c0:32:3a:2d:ae:34:3c:7e:52:2b:c3:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 21 00:00:00 2023 GMT
            Not After : Oct 26 23:59:59 2023 GMT
        Subject: serialNumber=c6bcc435d15cbabc0a43c472842adfb3e6ae69e75dbd5ed7baa2c6a9cefac8bb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cd:6e:48:09:7a:d0:db:d2:54:71:74:89:b0:
                    87:3f:e7:da:50:bf:de:6d:f8:b4:54:97:e0:82:7d:
                    79:a4:24:ae:b2:c4:24:35:76:e0:d1:71:09:b9:1c:
                    68:6e:1f:1f:6b:13:80:e6:40:42:c3:23:22:11:7c:
                    fc:74:05:b8:cf:3a:a8:a6:99:27:c1:dc:0c:1d:ed:
                    8b:bd:70:f8:8b:ee:e5:6d:a9:99:92:3b:c6:4d:29:
                    eb:4a:b6:a1:ed:3f:ca:ac:c7:c9:ad:11:49:d7:fa:
                    1e:1d:fd:af:56:ef:32:14:00:ba:ec:a1:9d:66:f9:
                    99:9b:f5:11:78:b7:42:be:19:21:f5:b2:ed:96:6d:
                    e6:fa:b0:9d:e5:66:f3:c7:af:ca:7d:2a:f0:e5:0f:
                    93:43:6e:f3:fb:ec:4c:93:76:15:64:25:3f:e9:23:
                    3b:17:ec:fc:24:15:f9:ac:d4:65:d8:be:de:a8:c5:
                    84:a7:73:4e:ef:5a:06:d9:64:6a:cd:7a:bd:67:6a:
                    9e:ad:38:7d:b4:ed:c3:1f:67:04:b6:3a:6b:ea:76:
                    1b:21:a9:79:27:22:c1:68:13:6f:0f:e4:eb:9c:26:
                    45:e7:e2:a9:27:9f:e9:a7:12:3b:cb:0f:5f:5f:fd:
                    f7:b5:c9:20:13:8f:ce:a9:4c:9c:01:d0:08:6e:b1:
                    53:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:08:6E:E9:59:F8:69:DC:5E:92:41:29:09:78:4D:2A:26:BD:2E:76
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f206caae-3bd6-4d03-96c5-203561e71da2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:ed:7c:65:03:9c:87:3f:47:64:24:94:0f:2b:a1:df:a0:0f:
         a3:ab:08:85:7b:c1:62:8c:cf:24:42:88:02:33:1e:86:e4:48:
         b5:32:92:89:00:c9:41:0f:ee:ab:1e:2f:87:4f:ac:20:4e:c1:
         0a:95:86:c8:f1:de:d7:72:6b:32:2a:0d:c4:80:b5:fa:c2:55:
         25:b7:91:67:70:68:f3:9e:5d:c9:65:b9:b7:02:dd:53:16:49:
         f2:0e:e5:ba:6a:da:8f:a5:0e:b5:57:ff:7d:d2:b9:33:c6:bf:
         2f:12:7f:d9:4c:ff:cb:45:f5:9b:b3:08:a7:c5:2f:72:01:5b:
         1f:1e:4b:3b:76:2c:4b:e2:1f:bb:e1:cd:8c:c1:b1:ba:97:26:
         f3:cf:c3:a7:bd:64:dc:e2:20:c4:d4:5f:a2:67:d9:e9:df:82:
         07:ad:9b:4f:f8:0f:77:e5:42:21:5a:2d:da:e3:85:6f:41:d4:
         e4:06:35:4b:ea:bc:9b:33:70:90:bb:f9:58:e1:84:e2:46:30:
         ba:c6:ab:a7:ff:33:3c:95:4a:7b:95:b8:bf:46:ec:d3:5a:04:
         3e:53:51:68:cd:4a:f1:fa:42:79:4c:bd:6b:d4:8e:28:c5:ee:
         9f:83:35:d6:3c:b5:92:39:f9:e4:4b:d7:49:2b:f4:84:0b:c1:
         7a:35:51:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdRaDSpf94IbAMjotrjQ8flIrw04wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIxMDAwMDAwWhcNMjMxMDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNmJjYzQzNWQxNWNiYWJjMGE0M2M0NzI4NDJhZGZiM2U2
YWU2OWU3NWRiZDVlZDdiYWEyYzZhOWNlZmFjOGJiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0zW5ICXrQ29JUcXSJsIc/59pQv95t+LRUl+CCfXmkJK6y
xCQ1duDRcQm5HGhuHx9rE4DmQELDIyIRfPx0BbjPOqimmSfB3Awd7Yu9cPiL7uVt
qZmSO8ZNKetKtqHtP8qsx8mtEUnX+h4d/a9W7zIUALrsoZ1m+Zmb9RF4t0K+GSH1
su2Wbeb6sJ3lZvPHr8p9KvDlD5NDbvP77EyTdhVkJT/pIzsX7PwkFfms1GXYvt6o
xYSnc07vWgbZZGrNer1nap6tOH207cMfZwS2OmvqdhshqXknIsFoE28P5OucJkXn
4qknn+mnEjvLD19f/fe1ySATj86pTJwB0AhusVMnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZwhu6Vn4adxekkEpCXhNKia9LnYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2YyMDZjYWFlLTNiZDYtNGQwMy05NmM1LTIwMzU2MWU3MWRhMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABDtfGUDnIc/R2QklA8rod+gD6Or
CIV7wWKMzyRCiAIzHobkSLUykokAyUEP7qseL4dPrCBOwQqVhsjx3tdyazIqDcSA
tfrCVSW3kWdwaPOeXcllubcC3VMWSfIO5bpq2o+lDrVX/33SuTPGvy8Sf9lM/8tF
9ZuzCKfFL3IBWx8eSzt2LEviH7vhzYzBsbqXJvPPw6e9ZNziIMTUX6Jn2enfgget
m0/4D3flQiFaLdrjhW9B1OQGNUvqvJszcJC7+VjhhOJGMLrGq6f/MzyVSnuVuL9G
7NNaBD5TUWjNSvH6QnlMvWvUjijF7p+DNdY8tZI5+eRL10kr9IQLwXo1UWE=
-----END CERTIFICATE-----