Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb7718c9-4ce3-4c66-b50e-a23486ef406c.roa
File:                     fb7718c9-4ce3-4c66-b50e-a23486ef406c.roa (raw, json)
Hash identifier:          2G91OUnj9Ax5KSo/pgEXMAZgGw+WghG0AIs5M9WiMqA=
Subject key identifier:   66:7B:2B:07:0C:23:1F:B0:6B:58:71:DB:FD:CA:E8:A3:DA:4A:A3:29
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       18247ACDDA2A3CCB412DBA9120A93C9C1B4F4334
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb7718c9-4ce3-4c66-b50e-a23486ef406c.roa
Signing time:             Tue 17 Oct 2023 00:00:00 +0000
ROA not before:           Tue 17 Oct 2023 00:00:00 +0000
ROA not after:            Tue 21 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:24:7a:cd:da:2a:3c:cb:41:2d:ba:91:20:a9:3c:9c:1b:4f:43:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 17 00:00:00 2023 GMT
            Not After : Nov 21 23:59:59 2023 GMT
        Subject: serialNumber=bb51b875c8c92b7481fd8eca4bd2fa5edda35d565f9e55461ee177b4b6d32a8a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:3b:fb:48:fc:62:3c:18:80:f5:54:a6:48:75:
                    d6:f5:48:c2:60:ea:99:88:fa:14:3a:d3:72:10:78:
                    73:1d:51:ae:fb:7d:d4:2d:ef:20:90:f6:92:49:68:
                    06:33:c6:68:c7:5f:2e:17:50:86:b5:82:94:6d:90:
                    19:41:b0:85:21:09:fc:4b:a5:e6:11:d6:04:d7:b2:
                    c9:0f:f2:ff:77:e5:e2:da:83:96:6d:97:c1:00:a2:
                    c5:db:c6:9f:42:64:84:06:25:82:0b:d0:04:8e:d7:
                    f9:a4:c0:b4:1e:79:b0:fc:89:f7:34:f1:70:49:bb:
                    a6:ca:11:4b:dc:36:41:d3:0b:79:ba:a3:23:74:18:
                    55:b0:01:80:3f:9e:e5:fe:f8:9d:b9:fe:88:e3:00:
                    1b:fb:81:01:aa:94:64:1a:03:e2:ff:c9:86:6b:d2:
                    1d:15:87:9e:43:88:5a:52:2e:32:93:68:ba:b6:de:
                    3c:fe:85:8e:6c:60:4a:7b:d7:dd:b7:2b:73:8d:89:
                    46:8e:fb:d5:28:12:db:64:e3:22:92:d0:20:92:9c:
                    6d:79:27:6a:b4:d1:8f:c0:d6:77:4b:38:98:7f:e4:
                    0d:34:e6:6c:80:f8:36:e8:70:fb:17:67:b8:b7:da:
                    de:58:23:e9:bd:16:b7:45:7e:63:c7:3f:71:cf:c0:
                    ee:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:7B:2B:07:0C:23:1F:B0:6B:58:71:DB:FD:CA:E8:A3:DA:4A:A3:29
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb7718c9-4ce3-4c66-b50e-a23486ef406c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:9b:0f:5a:48:cc:54:e8:53:c2:61:c7:4f:42:fe:d8:a6:e3:
         53:f9:72:cd:4f:7f:df:b2:02:d9:f0:ac:6b:99:93:fc:90:92:
         e8:cd:b2:d6:fd:cc:b3:6a:8e:58:c4:aa:39:70:85:b8:4f:b6:
         17:f0:58:fc:49:b7:2b:cd:90:7c:af:d8:97:b8:70:a1:89:1b:
         18:c0:cc:b5:f7:e0:3c:8b:22:18:fb:97:81:76:f3:fc:af:36:
         60:bb:d5:a4:bc:3c:35:ad:a0:f1:27:d6:02:6c:1d:8b:1b:79:
         b9:92:7e:f8:ae:43:78:86:e5:48:8e:71:92:3f:d2:b8:02:43:
         c2:58:7a:b2:1e:38:08:29:b5:c2:ae:05:4a:f2:ee:4d:1a:52:
         ab:5e:0b:83:0f:41:cb:36:36:d1:dd:4a:3b:fd:cb:e4:0c:c3:
         f5:6d:dd:c0:f9:f0:33:59:e5:c1:3a:12:0a:6f:ec:36:38:9d:
         e2:be:8e:85:35:af:b1:c3:67:a8:43:c6:2c:50:49:a7:c2:e2:
         74:34:9e:a7:8c:d0:93:e3:60:d6:66:61:c9:02:10:f9:8d:cf:
         45:f9:17:b0:12:19:bd:ec:2c:e8:98:b5:b4:c7:4a:52:2d:90:
         20:bd:30:a9:f4:d5:22:67:9d:fb:67:64:5f:02:41:7f:0f:20:
         93:c6:c1:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGCR6zdoqPMtBLbqRIKk8nBtPQzQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDE3MDAwMDAwWhcNMjMxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYjUxYjg3NWM4YzkyYjc0ODFmZDhlY2E0YmQyZmE1ZWRk
YTM1ZDU2NWY5ZTU1NDYxZWUxNzdiNGI2ZDMyYThhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQO/tI/GI8GID1VKZIddb1SMJg6pmI+hQ603IQeHMdUa77
fdQt7yCQ9pJJaAYzxmjHXy4XUIa1gpRtkBlBsIUhCfxLpeYR1gTXsskP8v935eLa
g5Ztl8EAosXbxp9CZIQGJYIL0ASO1/mkwLQeebD8ifc08XBJu6bKEUvcNkHTC3m6
oyN0GFWwAYA/nuX++J25/ojjABv7gQGqlGQaA+L/yYZr0h0Vh55DiFpSLjKTaLq2
3jz+hY5sYEp71923K3ONiUaO+9UoEttk4yKS0CCSnG15J2q00Y/A1ndLOJh/5A00
5myA+DbocPsXZ7i32t5YI+m9FrdFfmPHP3HPwO6HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZnsrBwwjH7BrWHHb/croo9pKoykwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZiNzcxOGM5LTRjZTMtNGM2Ni1iNTBlLWEyMzQ4NmVmNDA2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJObD1pIzFToU8Jhx09C/tim41P5
cs1Pf9+yAtnwrGuZk/yQkujNstb9zLNqjljEqjlwhbhPthfwWPxJtyvNkHyv2Je4
cKGJGxjAzLX34DyLIhj7l4F28/yvNmC71aS8PDWtoPEn1gJsHYsbebmSfviuQ3iG
5UiOcZI/0rgCQ8JYerIeOAgptcKuBUry7k0aUqteC4MPQcs2NtHdSjv9y+QMw/Vt
3cD58DNZ5cE6Egpv7DY4neK+joU1r7HDZ6hDxixQSafC4nQ0nqeM0JPjYNZmYckC
EPmNz0X5F7ASGb3sLOiYtbTHSlItkCC9MKn01SJnnftnZF8CQX8PIJPGwR4=
-----END CERTIFICATE-----