Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/19067f29-f478-4661-96ac-b1ad4d9cf474.roa
File:                     19067f29-f478-4661-96ac-b1ad4d9cf474.roa (raw, json)
Hash identifier:          3VFuYGI31YLhl2oJOTrkzhh/Zsxwr16V+vmDIxUqSEE=
Subject key identifier:   68:DF:95:60:69:2D:B9:68:40:BD:82:C0:46:72:E3:CF:C0:0A:36:BC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       30CD85855E0CB8AC5C1F15AAF0C7ED42390809BB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/19067f29-f478-4661-96ac-b1ad4d9cf474.roa
Signing time:             Sat 30 Dec 2023 00:00:00 +0000
ROA not before:           Sat 30 Dec 2023 00:00:00 +0000
ROA not after:            Sat 03 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:cd:85:85:5e:0c:b8:ac:5c:1f:15:aa:f0:c7:ed:42:39:08:09:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 30 00:00:00 2023 GMT
            Not After : Feb  3 23:59:59 2024 GMT
        Subject: serialNumber=d069595303c4e32a94144a90f7fd912866bcd9fc070e6962cda2b12bfb2c2ed3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:61:31:b7:86:00:7d:c6:47:65:06:cd:63:bb:
                    1c:ee:2d:3f:a3:5d:a4:1f:14:bd:27:f1:76:5d:6a:
                    5b:88:8a:ce:d8:2f:65:60:0c:c6:53:5a:c2:d0:c8:
                    cd:ed:0d:b8:93:1b:02:60:b3:c5:19:0c:1e:5d:b9:
                    d9:45:89:6f:c1:ae:ff:a7:9c:88:71:a0:4e:2f:45:
                    4e:8c:b6:63:e5:9e:01:34:9b:ae:00:fb:39:ec:4d:
                    ba:a7:b0:e3:82:06:03:d6:31:c8:b1:ca:ef:42:b6:
                    b3:3a:b7:e0:21:eb:c5:6e:86:cd:3d:b1:4f:1c:85:
                    14:ae:77:78:6f:e4:09:66:fa:83:c1:a0:0a:22:ae:
                    e0:76:61:a2:fd:b2:5d:35:75:36:6e:68:1f:3e:dd:
                    03:c1:38:9b:7a:08:7c:9c:a2:1b:d5:02:eb:4d:b2:
                    ba:c7:3a:49:a0:83:0d:64:8c:6d:c6:2c:ea:60:4d:
                    62:8f:ad:f9:42:57:96:89:fa:e6:f9:3c:44:e2:b5:
                    0f:55:dc:49:48:b7:85:b2:fa:94:91:cd:78:83:cb:
                    98:68:f0:dd:d9:6f:3e:39:01:64:53:c8:93:04:b4:
                    4c:b5:ee:11:d5:75:d1:c2:ad:a8:e7:97:39:a9:6d:
                    b0:e2:4b:86:c6:ed:a2:2d:96:e2:34:6d:8a:e6:05:
                    a7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DF:95:60:69:2D:B9:68:40:BD:82:C0:46:72:E3:CF:C0:0A:36:BC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/19067f29-f478-4661-96ac-b1ad4d9cf474.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:da:1f:db:c1:5a:ff:b1:a9:a5:3b:4a:e2:96:58:aa:5b:83:
         e1:aa:33:47:fa:77:89:81:fc:f9:76:98:bc:1e:a5:59:bd:5a:
         79:dd:e7:c7:fe:cd:81:31:98:c0:29:07:f2:c6:96:60:65:35:
         c9:88:72:ce:a2:0b:39:da:c2:47:e7:14:41:37:e9:4d:00:58:
         8c:d1:d0:3b:68:02:c8:b9:6b:77:34:a5:3a:00:a2:ab:5d:95:
         81:73:7d:6e:c7:83:32:22:0f:05:c2:9e:e0:9a:d3:0d:b9:8f:
         31:58:3d:63:ce:34:81:77:62:ee:b9:3f:6d:fd:24:b6:5a:a9:
         5c:9a:a8:81:48:66:78:22:f5:ef:a8:9a:a8:3c:1a:dc:0e:7f:
         0a:38:f5:67:9c:20:13:50:7a:98:92:c3:0e:ae:82:fc:58:ad:
         27:bb:90:75:57:a0:14:81:7d:ac:6e:25:86:1b:d1:bd:4c:0b:
         16:02:0c:2f:25:74:97:00:dc:1d:3b:1f:8b:ed:38:dd:dd:b1:
         75:61:8e:df:2f:47:01:9f:8f:68:3c:c1:5e:fa:34:b8:5b:40:
         cc:a5:01:a7:51:0a:ee:36:30:7b:97:0c:0a:13:cc:0e:d6:4c:
         3b:d0:d0:98:dd:15:09:2f:ab:28:1c:ca:b1:3d:6d:b0:7a:67:
         8b:a7:76:07
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMM2FhV4MuKxcHxWq8MftQjkICbswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjMwMDAwMDAwWhcNMjQwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMDY5NTk1MzAzYzRlMzJhOTQxNDRhOTBmN2ZkOTEyODY2
YmNkOWZjMDcwZTY5NjJjZGEyYjEyYmZiMmMyZWQzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLYTG3hgB9xkdlBs1juxzuLT+jXaQfFL0n8XZdaluIis7Y
L2VgDMZTWsLQyM3tDbiTGwJgs8UZDB5dudlFiW/Brv+nnIhxoE4vRU6MtmPlngE0
m64A+znsTbqnsOOCBgPWMcixyu9CtrM6t+Ah68Vuhs09sU8chRSud3hv5Alm+oPB
oAoiruB2YaL9sl01dTZuaB8+3QPBOJt6CHycohvVAutNsrrHOkmggw1kjG3GLOpg
TWKPrflCV5aJ+ub5PETitQ9V3ElIt4Wy+pSRzXiDy5ho8N3Zbz45AWRTyJMEtEy1
7hHVddHCrajnlzmpbbDiS4bG7aItluI0bYrmBacdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaN+VYGktuWhAvYLARnLjz8AKNrwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE5MDY3ZjI5LWY0NzgtNDY2MS05NmFjLWIxYWQ0ZDljZjQ3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIHaH9vBWv+xqaU7SuKWWKpbg+Gq
M0f6d4mB/Pl2mLwepVm9Wnnd58f+zYExmMApB/LGlmBlNcmIcs6iCznawkfnFEE3
6U0AWIzR0DtoAsi5a3c0pToAoqtdlYFzfW7HgzIiDwXCnuCa0w25jzFYPWPONIF3
Yu65P239JLZaqVyaqIFIZngi9e+omqg8GtwOfwo49WecIBNQepiSww6ugvxYrSe7
kHVXoBSBfaxuJYYb0b1MCxYCDC8ldJcA3B07H4vtON3dsXVhjt8vRwGfj2g8wV76
NLhbQMylAadRCu42MHuXDAoTzA7WTDvQ0JjdFQkvqygcyrE9bbB6Z4undgc=
-----END CERTIFICATE-----