Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/04f6cf7f-2262-43f6-b821-282be61d1f94.roa
File:                     04f6cf7f-2262-43f6-b821-282be61d1f94.roa (raw, json)
Hash identifier:          AVPaGj2dmzdx87XCizMD6lCeQyAKTwoNyDajwJFdMbk=
Subject key identifier:   AB:55:47:C1:1B:CF:BD:B1:A5:07:E2:8F:65:28:78:C7:A9:98:2C:07
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       406686ACBB7510B141EE04EEF775625FBA1943F7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/04f6cf7f-2262-43f6-b821-282be61d1f94.roa
Signing time:             Sun 31 Dec 2023 00:00:00 +0000
ROA not before:           Sun 31 Dec 2023 00:00:00 +0000
ROA not after:            Sun 04 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:66:86:ac:bb:75:10:b1:41:ee:04:ee:f7:75:62:5f:ba:19:43:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 31 00:00:00 2023 GMT
            Not After : Feb  4 23:59:59 2024 GMT
        Subject: serialNumber=7846691e29ecff6b0f7951bff57dde442f7c3d6eed846dbe33745ab0855ce56d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a2:88:6e:31:c5:69:06:f8:3c:16:29:1d:18:
                    50:78:fe:8c:70:75:aa:71:f0:7c:35:3d:6e:76:8a:
                    a0:5b:7f:31:43:91:7a:d6:73:18:4f:a6:9e:41:44:
                    ca:9b:77:4d:ca:ec:c1:5a:c0:89:60:d2:c5:67:0c:
                    ca:b2:eb:cb:b6:64:f8:08:59:f8:88:12:4d:cd:16:
                    1d:2a:91:44:2c:64:c8:f2:ec:3b:b4:f7:87:79:e9:
                    63:5a:d0:26:35:26:9f:14:13:0f:ed:ee:80:66:e3:
                    1d:d6:6a:e5:3d:4a:56:1c:97:28:dd:59:5f:da:a6:
                    75:e4:38:11:bd:92:d2:c5:7e:ef:46:30:48:08:41:
                    58:d5:d4:2c:07:9e:38:f5:ea:a7:b3:6a:d1:a2:fc:
                    4e:6a:dc:c9:9a:10:68:1d:09:05:dc:d1:26:cf:df:
                    09:25:13:09:2c:f1:e0:24:45:4b:5d:ac:44:51:24:
                    fd:a3:49:ef:8f:0e:e8:70:fe:77:72:39:4b:eb:10:
                    4b:e3:de:69:11:b3:e9:57:70:5f:ae:15:5d:b6:d0:
                    f5:f3:41:ae:f9:8c:be:b6:cd:3e:c7:26:b5:1b:95:
                    e4:6a:24:b7:37:a9:a6:a5:88:2e:46:c9:aa:01:1a:
                    62:a1:2e:42:0e:a4:15:b1:69:fe:36:db:2c:66:9a:
                    48:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:55:47:C1:1B:CF:BD:B1:A5:07:E2:8F:65:28:78:C7:A9:98:2C:07
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/04f6cf7f-2262-43f6-b821-282be61d1f94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:a8:1d:1b:73:f1:39:31:ff:57:3e:0a:67:78:2f:1f:87:cc:
         79:cf:e4:9d:6c:b9:72:26:68:74:66:02:56:e9:cb:ac:cc:92:
         33:0d:c0:6e:a4:7e:42:fc:d3:b1:9a:b6:9e:03:08:fb:97:18:
         50:b5:06:40:d4:af:0f:2b:c3:3d:37:c7:37:34:93:e6:20:e5:
         97:ca:6e:b8:8c:3b:da:5d:b1:ba:54:b3:10:74:40:82:06:4c:
         cc:8b:c7:b4:bd:68:25:7b:fd:b9:32:2d:c7:b4:14:91:15:60:
         18:b2:3e:af:51:a4:e2:57:66:3e:46:fc:94:7f:a1:ba:5d:b3:
         06:71:87:c0:e1:05:7f:7f:3f:b0:2c:c2:8e:0f:dd:9c:32:17:
         ff:d3:08:78:67:f8:ff:3f:2b:b5:59:68:f4:02:cd:c7:50:b6:
         e0:42:18:6a:23:7a:6d:a9:83:b2:8b:b3:d9:12:ce:66:92:ab:
         b4:10:af:ca:88:4f:be:d6:a5:b5:39:74:03:b1:84:e5:6f:3a:
         0a:51:13:5f:d2:17:e0:5a:a5:d6:47:bb:55:26:1c:9c:c7:5c:
         3c:ea:28:12:07:fe:7d:b4:4f:28:76:7c:1b:6a:78:77:7b:64:
         7d:01:e6:b3:a0:24:79:34:d4:21:5e:f4:69:bf:d2:2f:e5:9f:
         27:bd:bb:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQGaGrLt1ELFB7gTu93ViX7oZQ/cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjMxMDAwMDAwWhcNMjQwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODQ2NjkxZTI5ZWNmZjZiMGY3OTUxYmZmNTdkZGU0NDJm
N2MzZDZlZWQ4NDZkYmUzMzc0NWFiMDg1NWNlNTZkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCKoohuMcVpBvg8FikdGFB4/oxwdapx8Hw1PW52iqBbfzFD
kXrWcxhPpp5BRMqbd03K7MFawIlg0sVnDMqy68u2ZPgIWfiIEk3NFh0qkUQsZMjy
7Du094d56WNa0CY1Jp8UEw/t7oBm4x3WauU9SlYclyjdWV/apnXkOBG9ktLFfu9G
MEgIQVjV1CwHnjj16qezatGi/E5q3MmaEGgdCQXc0SbP3wklEwks8eAkRUtdrERR
JP2jSe+PDuhw/ndyOUvrEEvj3mkRs+lXcF+uFV220PXzQa75jL62zT7HJrUbleRq
JLc3qaaliC5GyaoBGmKhLkIOpBWxaf422yxmmkiHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUq1VHwRvPvbGlB+KPZSh4x6mYLAcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA0ZjZjZjdmLTIyNjItNDNmNi1iODIxLTI4MmJlNjFkMWY5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHKoHRtz8Tkx/1c+Cmd4Lx+HzHnP
5J1suXImaHRmAlbpy6zMkjMNwG6kfkL807Gatp4DCPuXGFC1BkDUrw8rwz03xzc0
k+Yg5ZfKbriMO9pdsbpUsxB0QIIGTMyLx7S9aCV7/bkyLce0FJEVYBiyPq9RpOJX
Zj5G/JR/obpdswZxh8DhBX9/P7Aswo4P3ZwyF//TCHhn+P8/K7VZaPQCzcdQtuBC
GGojem2pg7KLs9kSzmaSq7QQr8qIT77WpbU5dAOxhOVvOgpRE1/SF+BapdZHu1Um
HJzHXDzqKBIH/n20Tyh2fBtqeHd7ZH0B5rOgJHk01CFe9Gm/0i/lnye9u48=
-----END CERTIFICATE-----