Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44cd2e10-5a12-4670-8946-8afc1aa086d8.roa
File:                     44cd2e10-5a12-4670-8946-8afc1aa086d8.roa (raw, json)
Hash identifier:          ZRN20WPQ1wu9WoTp04+uVZZhBIBpYE00xcS8InttgVI=
Subject key identifier:   FD:B5:AE:26:78:75:87:FB:1B:D9:24:CB:33:FD:F7:FC:61:55:F8:0F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6449B7E31E4DE49E077AF8F4202627D2B6540864
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44cd2e10-5a12-4670-8946-8afc1aa086d8.roa
Signing time:             Fri 17 Nov 2023 00:00:00 +0000
ROA not before:           Fri 17 Nov 2023 00:00:00 +0000
ROA not after:            Fri 22 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:49:b7:e3:1e:4d:e4:9e:07:7a:f8:f4:20:26:27:d2:b6:54:08:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 17 00:00:00 2023 GMT
            Not After : Dec 22 23:59:59 2023 GMT
        Subject: serialNumber=76635eabf4123a496de4ede9ef91c1791804e9cbf3aad4221bf0fdc2937a366d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:89:f5:d7:70:d8:e9:b5:f9:a2:88:9d:e8:96:
                    59:fd:60:18:81:ca:86:4f:06:de:53:72:36:e0:68:
                    04:2c:35:82:54:1a:b4:30:06:7d:0e:99:91:d8:ef:
                    32:7b:a5:2f:bf:eb:57:21:39:75:5a:97:ca:f9:80:
                    f5:0d:e8:c3:cf:ed:f9:df:c0:0d:e3:7d:b9:c3:1a:
                    b3:ee:ad:68:e6:f0:7f:38:e0:28:67:ac:2a:5e:bc:
                    5e:1c:1b:11:51:fd:04:8b:01:c8:c2:30:42:ec:08:
                    f9:f2:6d:ef:4d:63:e1:67:d3:2e:49:21:03:2c:92:
                    40:00:91:12:48:41:2e:7d:6e:ff:4b:08:d2:a1:1a:
                    39:1a:e0:5e:c5:fb:6f:44:ee:55:b9:73:6f:a2:76:
                    f9:cd:b3:f0:d0:77:a0:54:1e:08:70:e2:5f:58:1d:
                    f2:70:b7:27:27:b2:bc:7e:4c:08:98:0f:5f:e3:a8:
                    ca:5f:27:5d:4b:30:3e:03:79:79:27:ec:26:dd:cb:
                    a1:1f:ef:30:c5:a2:66:87:8e:b4:70:6e:1c:92:ce:
                    84:85:93:a9:c5:94:a5:2e:b3:20:dc:d5:d1:39:91:
                    10:8c:de:71:e5:66:6c:5a:cf:4a:dc:7b:89:e8:92:
                    56:19:99:7e:f5:11:35:fd:b8:3e:eb:3f:6f:9b:c1:
                    cf:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:B5:AE:26:78:75:87:FB:1B:D9:24:CB:33:FD:F7:FC:61:55:F8:0F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44cd2e10-5a12-4670-8946-8afc1aa086d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a9:ae:f8:82:4c:85:5c:6f:e9:71:a7:01:6a:f9:09:85:d2:
         fa:4d:af:f2:f0:07:d7:ea:23:3b:c2:8b:b8:50:f5:bb:2a:3d:
         b8:5d:67:d0:57:25:70:1c:0a:b4:b5:92:d3:74:a6:d9:32:9c:
         49:d8:f0:a0:31:89:90:5f:83:df:c5:c9:ba:99:88:2d:37:8e:
         2c:cc:3e:f3:82:ff:a5:1a:b9:80:01:80:4e:62:70:d4:fa:93:
         66:af:3b:0b:cf:e1:f3:26:1e:53:5d:e9:81:8d:f8:7e:54:0b:
         03:a2:a0:75:02:f0:bc:16:6f:79:a1:e9:d9:eb:f5:d7:49:bc:
         83:2f:0a:ff:5a:b1:d9:58:3e:f9:6a:1c:a0:c4:de:2d:00:e1:
         d5:32:b7:77:dd:8c:de:ac:22:92:4c:a5:86:3a:da:9d:ec:b9:
         47:2b:05:eb:b5:81:4e:da:de:2e:26:c7:f9:bd:65:2c:32:34:
         23:0f:49:ae:85:bd:fc:55:8b:54:51:a8:3e:a8:14:73:2a:1f:
         83:a2:86:ac:44:f9:3c:09:21:74:c4:3c:07:ec:90:36:9c:80:
         00:18:f6:11:9a:d0:a6:8c:34:85:cd:db:d6:46:b7:de:a7:48:
         39:7a:2f:ae:61:58:25:6a:8c:ad:4f:54:36:48:72:e3:8b:02:
         8f:71:25:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZEm34x5N5J4Hevj0ICYn0rZUCGQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE3MDAwMDAwWhcNMjMxMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjYzNWVhYmY0MTIzYTQ5NmRlNGVkZTllZjkxYzE3OTE4
MDRlOWNiZjNhYWQ0MjIxYmYwZmRjMjkzN2EzNjZkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQifXXcNjptfmiiJ3olln9YBiByoZPBt5TcjbgaAQsNYJU
GrQwBn0OmZHY7zJ7pS+/61chOXVal8r5gPUN6MPP7fnfwA3jfbnDGrPurWjm8H84
4ChnrCpevF4cGxFR/QSLAcjCMELsCPnybe9NY+Fn0y5JIQMskkAAkRJIQS59bv9L
CNKhGjka4F7F+29E7lW5c2+idvnNs/DQd6BUHghw4l9YHfJwtycnsrx+TAiYD1/j
qMpfJ11LMD4DeXkn7Cbdy6Ef7zDFomaHjrRwbhySzoSFk6nFlKUusyDc1dE5kRCM
3nHlZmxaz0rce4noklYZmX71ETX9uD7rP2+bwc/BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/bWuJnh1h/sb2STLM/33/GFV+A8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ0Y2QyZTEwLTVhMTItNDY3MC04OTQ2LThhZmMxYWEwODZkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEGprviCTIVcb+lxpwFq+QmF0vpN
r/LwB9fqIzvCi7hQ9bsqPbhdZ9BXJXAcCrS1ktN0ptkynEnY8KAxiZBfg9/FybqZ
iC03jizMPvOC/6UauYABgE5icNT6k2avOwvP4fMmHlNd6YGN+H5UCwOioHUC8LwW
b3mh6dnr9ddJvIMvCv9asdlYPvlqHKDE3i0A4dUyt3fdjN6sIpJMpYY62p3suUcr
Beu1gU7a3i4mx/m9ZSwyNCMPSa6FvfxVi1RRqD6oFHMqH4OihqxE+TwJIXTEPAfs
kDacgAAY9hGa0KaMNIXN29ZGt96nSDl6L65hWCVqjK1PVDZIcuOLAo9xJcA=
-----END CERTIFICATE-----