Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/446f0906-585d-4af7-b1fa-a0ef0264297e.roa
File:                     446f0906-585d-4af7-b1fa-a0ef0264297e.roa (raw, json)
Hash identifier:          4q0KufMdM0YL8/Blvb/+lzLX0sMimYefNHPOOLY3Yc8=
Subject key identifier:   8E:04:59:D5:D2:F9:A2:4E:63:DA:B1:25:11:DE:0F:F1:98:52:A9:4B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6CC1015712ECDF72E544819D5E4D95A7ED8880BE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/446f0906-585d-4af7-b1fa-a0ef0264297e.roa
Signing time:             Wed 13 Dec 2023 00:00:00 +0000
ROA not before:           Wed 13 Dec 2023 00:00:00 +0000
ROA not after:            Wed 17 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:c1:01:57:12:ec:df:72:e5:44:81:9d:5e:4d:95:a7:ed:88:80:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 13 00:00:00 2023 GMT
            Not After : Jan 17 23:59:59 2024 GMT
        Subject: serialNumber=b9e8c0592f326fc2741fd740622229bcd637ae3066889cb4b0133d32a4263731, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0a:1e:21:e4:5d:25:b4:f5:2f:db:47:e1:61:
                    82:27:e0:5b:9d:5b:4a:03:b3:2e:10:bb:36:5d:8b:
                    07:c6:b9:fa:01:c6:99:56:93:5c:f7:9f:a8:d6:d6:
                    b6:e3:59:96:6e:43:a9:58:5b:be:da:61:22:de:b4:
                    3c:1f:b0:2f:eb:98:c8:11:76:46:d3:f3:ff:60:bf:
                    a4:83:a5:eb:7c:17:e9:03:87:ef:87:4a:56:79:3e:
                    42:86:0d:82:c6:ef:ff:7e:f4:a9:a0:bd:67:3c:d1:
                    91:3c:38:71:c5:cc:4e:2b:9c:ca:ce:d8:fd:6b:86:
                    20:9f:aa:ba:2e:83:e7:f0:b9:0a:4b:69:87:d4:0a:
                    98:dc:d7:a2:84:37:11:c9:4f:98:17:21:b0:d6:1b:
                    0c:ab:5c:63:f1:cc:b9:e8:a9:86:cb:c3:9c:e4:84:
                    03:00:5d:89:e7:81:ce:5f:2a:0c:44:44:76:d2:93:
                    b8:70:39:71:b7:2f:46:6b:2b:7f:a5:09:8c:c2:fd:
                    0b:9e:1a:f4:3e:aa:e6:9a:ba:cf:54:e4:53:5e:8b:
                    2a:2b:05:9a:93:d1:56:8a:a8:fb:5b:56:79:58:4e:
                    06:8f:63:a2:40:f4:b3:c8:d1:a1:d2:d5:23:63:dc:
                    57:ae:fd:5f:cf:a5:69:7a:1c:bd:06:71:80:40:d6:
                    af:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:04:59:D5:D2:F9:A2:4E:63:DA:B1:25:11:DE:0F:F1:98:52:A9:4B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/446f0906-585d-4af7-b1fa-a0ef0264297e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:c4:db:3a:5a:fa:d0:f5:99:76:74:36:73:88:b0:cc:53:17:
         a3:7d:59:b5:53:dd:93:99:a4:eb:75:39:79:35:8b:c9:48:7c:
         ed:77:72:8e:e8:26:50:33:7a:3a:3b:30:d2:68:25:31:6e:d0:
         69:57:50:a4:ed:0a:30:a7:16:2e:7d:59:0f:63:8c:44:7b:70:
         b5:1e:34:84:49:4d:78:e1:9d:ae:51:72:1c:20:1a:53:4b:ed:
         a9:e0:5b:27:25:ba:e8:86:d2:dc:59:72:0f:57:d6:27:b9:c8:
         be:a6:19:7c:a3:bc:cd:35:a2:54:8b:2b:46:94:fd:98:da:86:
         36:b7:bf:58:d9:c3:c5:4a:a7:89:b5:25:75:c9:ff:69:a0:8f:
         13:fb:85:31:f5:6d:00:e0:64:f8:6a:47:ef:7b:bf:a9:a0:f8:
         f7:a7:ff:48:50:83:d2:52:5a:d1:42:b1:c2:11:56:7f:ce:39:
         4f:db:dc:9f:b5:3c:f7:d4:a3:b8:b5:b7:5e:ee:a7:03:61:75:
         20:3e:94:d7:9d:a4:cb:d8:c9:e0:61:d4:15:43:a6:34:9a:f4:
         54:e1:fb:47:6a:c6:b0:2a:06:79:de:72:2e:fc:3a:e3:a6:e8:
         f6:b7:d2:e0:5f:77:dd:a6:3d:95:06:be:e9:30:bf:af:7e:42:
         10:63:6b:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbMEBVxLs33LlRIGdXk2Vp+2IgL4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjEzMDAwMDAwWhcNMjQwMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiOWU4YzA1OTJmMzI2ZmMyNzQxZmQ3NDA2MjIyMjliY2Q2
MzdhZTMwNjY4ODljYjRiMDEzM2QzMmE0MjYzNzMxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3Ch4h5F0ltPUv20fhYYIn4FudW0oDsy4QuzZdiwfGufoB
xplWk1z3n6jW1rbjWZZuQ6lYW77aYSLetDwfsC/rmMgRdkbT8/9gv6SDpet8F+kD
h++HSlZ5PkKGDYLG7/9+9KmgvWc80ZE8OHHFzE4rnMrO2P1rhiCfqroug+fwuQpL
aYfUCpjc16KENxHJT5gXIbDWGwyrXGPxzLnoqYbLw5zkhAMAXYnngc5fKgxERHbS
k7hwOXG3L0ZrK3+lCYzC/QueGvQ+quaaus9U5FNeiyorBZqT0VaKqPtbVnlYTgaP
Y6JA9LPI0aHS1SNj3Feu/V/PpWl6HL0GcYBA1q+lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjgRZ1dL5ok5j2rElEd4P8ZhSqUswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ0NmYwOTA2LTU4NWQtNGFmNy1iMWZhLWEwZWYwMjY0Mjk3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAvE2zpa+tD1mXZ0NnOIsMxTF6N9
WbVT3ZOZpOt1OXk1i8lIfO13co7oJlAzejo7MNJoJTFu0GlXUKTtCjCnFi59WQ9j
jER7cLUeNIRJTXjhna5RchwgGlNL7angWycluuiG0txZcg9X1ie5yL6mGXyjvM01
olSLK0aU/Zjahja3v1jZw8VKp4m1JXXJ/2mgjxP7hTH1bQDgZPhqR+97v6mg+Pen
/0hQg9JSWtFCscIRVn/OOU/b3J+1PPfUo7i1t17upwNhdSA+lNedpMvYyeBh1BVD
pjSa9FTh+0dqxrAqBnneci78OuOm6Pa30uBfd92mPZUGvukwv69+QhBjax4=
-----END CERTIFICATE-----