Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4369363f-b89e-466f-bc73-90ad7908315e.roa
File:                     4369363f-b89e-466f-bc73-90ad7908315e.roa (raw, json)
Hash identifier:          iRLaooKX6rKSJvY6iNkTgsmImDHVZILSg+hgEqAsEDo=
Subject key identifier:   27:34:61:35:1E:69:E5:85:C0:23:34:4A:DA:2C:DC:42:4C:56:57:90
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       73D74D012511239CB64587875A1361DC2F2A0779
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4369363f-b89e-466f-bc73-90ad7908315e.roa
Signing time:             Wed 15 Nov 2023 00:00:00 +0000
ROA not before:           Wed 15 Nov 2023 00:00:00 +0000
ROA not after:            Wed 20 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:d7:4d:01:25:11:23:9c:b6:45:87:87:5a:13:61:dc:2f:2a:07:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 15 00:00:00 2023 GMT
            Not After : Dec 20 23:59:59 2023 GMT
        Subject: serialNumber=82339c259dd09e1da6eaebce0deb9928f0b06b7a3d50c2a1913efab960da7057, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bb:0a:84:f2:97:87:ce:75:80:9d:47:f8:98:
                    b3:c5:bb:d6:2c:71:f9:c7:4f:dc:0f:84:75:b8:15:
                    4d:9d:f3:00:b0:3c:ea:df:e8:e8:0e:a2:6b:08:e8:
                    4e:51:15:1d:45:14:ff:c4:2c:7b:4b:36:62:a7:54:
                    cf:f1:88:89:13:9b:7e:6c:6d:5e:35:b8:d9:06:e5:
                    0e:10:c4:8b:44:98:9c:7d:75:84:fd:4f:d6:c1:60:
                    d8:40:e8:2c:85:86:31:f1:97:e2:81:8b:fd:b0:63:
                    76:cf:75:e4:17:ff:54:a5:6b:b1:b3:45:2f:23:e3:
                    33:56:71:48:8e:7e:8a:5b:24:ea:9a:f0:c3:09:f4:
                    91:35:8a:14:bd:2a:03:f6:d3:87:a1:1f:f1:68:22:
                    05:97:fb:84:73:6d:0d:f8:e3:30:81:e1:fb:c9:6d:
                    7e:e8:08:a1:7c:45:2b:fc:9b:c2:5f:c3:d5:1b:06:
                    a1:b1:31:62:aa:17:f2:79:8c:8a:3e:a1:83:5e:f2:
                    73:fc:18:fd:78:18:ad:9d:a7:db:33:ff:42:64:63:
                    c8:ec:d1:c0:5c:3a:17:ae:ff:af:b5:6d:a4:a5:8b:
                    8f:0d:fc:19:c7:61:f5:d8:96:7e:86:08:c7:4c:8e:
                    eb:b3:69:f0:00:18:e5:9f:7e:0b:60:2e:b1:75:ef:
                    24:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:34:61:35:1E:69:E5:85:C0:23:34:4A:DA:2C:DC:42:4C:56:57:90
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4369363f-b89e-466f-bc73-90ad7908315e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:2c:d7:a1:0a:69:5d:df:2e:79:66:68:c3:de:80:86:3f:2b:
         1b:c3:83:40:74:f5:d4:bf:e1:9d:28:68:9f:8e:4e:35:a0:4e:
         ff:09:6c:02:70:b6:89:07:18:1a:2f:56:c6:5d:d2:29:cd:9f:
         e1:f3:de:7e:1b:1a:6a:ea:31:0b:3a:8e:09:66:2c:86:e4:82:
         9e:07:e0:46:83:b3:fd:b0:56:a3:dc:f3:3e:ec:c8:3c:56:3c:
         8b:9a:7c:a4:6c:fb:30:41:c7:a2:b9:fe:f5:ea:aa:e5:56:d8:
         29:cf:6e:2e:67:25:6d:ff:6e:f1:7b:bb:0f:7b:63:3e:02:e0:
         58:79:06:17:db:7a:02:ec:be:e9:e8:f2:9c:b2:58:34:d7:c0:
         b2:ca:6d:25:7b:83:c2:40:b8:2b:0f:33:b7:ad:62:e7:c3:84:
         aa:c6:e9:9e:38:24:c5:c4:98:4f:98:74:b9:25:56:aa:3e:4d:
         a9:85:20:fc:84:97:3f:dc:f0:30:8b:c4:d0:95:94:26:60:f3:
         31:27:cb:a8:41:dc:18:b4:14:0e:ab:d0:02:11:9b:9e:c9:0c:
         94:7f:bf:3f:09:cd:6e:73:ad:d4:4c:76:f7:5a:51:13:a9:59:
         cf:33:64:07:96:a5:8e:95:5b:46:86:7f:e9:4c:cf:35:23:c2:
         e1:85:e2:ca
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc9dNASURI5y2RYeHWhNh3C8qB3kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE1MDAwMDAwWhcNMjMxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MjMzOWMyNTlkZDA5ZTFkYTZlYWViY2UwZGViOTkyOGYw
YjA2YjdhM2Q1MGMyYTE5MTNlZmFiOTYwZGE3MDU3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7uwqE8peHznWAnUf4mLPFu9YscfnHT9wPhHW4FU2d8wCw
POrf6OgOomsI6E5RFR1FFP/ELHtLNmKnVM/xiIkTm35sbV41uNkG5Q4QxItEmJx9
dYT9T9bBYNhA6CyFhjHxl+KBi/2wY3bPdeQX/1Sla7GzRS8j4zNWcUiOfopbJOqa
8MMJ9JE1ihS9KgP204ehH/FoIgWX+4RzbQ344zCB4fvJbX7oCKF8RSv8m8Jfw9Ub
BqGxMWKqF/J5jIo+oYNe8nP8GP14GK2dp9sz/0JkY8js0cBcOheu/6+1baSli48N
/BnHYfXYln6GCMdMjuuzafAAGOWffgtgLrF17yT3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJzRhNR5p5YXAIzRK2izcQkxWV5AwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQzNjkzNjNmLWI4OWUtNDY2Zi1iYzczLTkwYWQ3OTA4MzE1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHgs16EKaV3fLnlmaMPegIY/KxvD
g0B09dS/4Z0oaJ+OTjWgTv8JbAJwtokHGBovVsZd0inNn+Hz3n4bGmrqMQs6jglm
LIbkgp4H4EaDs/2wVqPc8z7syDxWPIuafKRs+zBBx6K5/vXqquVW2CnPbi5nJW3/
bvF7uw97Yz4C4Fh5BhfbegLsvuno8pyyWDTXwLLKbSV7g8JAuCsPM7etYufDhKrG
6Z44JMXEmE+YdLklVqo+TamFIPyElz/c8DCLxNCVlCZg8zEny6hB3Bi0FA6r0AIR
m57JDJR/vz8JzW5zrdRMdvdaUROpWc8zZAeWpY6VW0aGf+lMzzUjwuGF4so=
-----END CERTIFICATE-----