Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/47e4fc99-133a-461e-8f9f-f9fc2af1364a.roa
File:                     47e4fc99-133a-461e-8f9f-f9fc2af1364a.roa (raw, json)
Hash identifier:          77zz0OJUhy2AxxSyjQPX6Pr93Sbtbn6iqyyYfBGNpd0=
Subject key identifier:   1D:D2:22:B7:51:23:12:DC:87:A9:EE:17:48:A8:A0:18:1F:85:91:F1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6DBC52698A111A7B30BB093788AA22350D69B960
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/47e4fc99-133a-461e-8f9f-f9fc2af1364a.roa
Signing time:             Sun 14 Jan 2024 00:00:00 +0000
ROA not before:           Sun 14 Jan 2024 00:00:00 +0000
ROA not after:            Sun 18 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:bc:52:69:8a:11:1a:7b:30:bb:09:37:88:aa:22:35:0d:69:b9:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 14 00:00:00 2024 GMT
            Not After : Feb 18 23:59:59 2024 GMT
        Subject: serialNumber=e517e6edbb17e7bb041fb0dc27fbbf2f5e559e514795081b2bb0118c83f8012a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:28:6a:88:d8:95:ce:ee:d2:bb:53:0d:ae:40:
                    c3:d8:16:a7:6d:f2:be:6a:75:33:07:67:a9:20:d1:
                    05:2e:e1:28:f9:7c:24:b1:3b:fd:1f:72:4c:75:07:
                    5a:f4:59:89:7c:aa:f6:3e:c1:3b:97:bd:aa:d5:5d:
                    c5:57:c6:75:0d:ce:cd:83:60:8d:f3:f2:26:11:52:
                    63:2d:53:4e:6e:ef:77:f9:c6:fb:d2:33:26:33:f8:
                    73:fe:94:7d:b6:84:0b:44:7c:1d:84:5f:87:05:ad:
                    d4:d3:72:0a:26:17:9f:5c:d4:d4:fc:78:b8:c9:c5:
                    d3:6e:24:51:f8:15:b1:d1:8f:c4:c3:cd:5a:17:40:
                    f8:5b:26:73:3c:cd:ab:be:8e:0e:4e:82:4a:e3:84:
                    c4:82:f2:e6:79:e5:cb:6e:97:e7:f7:c4:5c:08:ab:
                    b7:0e:c4:07:b9:b9:38:bb:d4:71:b0:4e:2e:01:ba:
                    8e:b8:18:90:59:5d:21:6f:15:00:f2:bd:f7:6e:32:
                    97:ac:46:14:29:89:89:ca:93:8d:73:65:06:6b:46:
                    3c:38:9b:66:71:b0:1c:71:72:ac:5d:b1:8f:29:4b:
                    b6:cc:18:89:9d:85:3c:4f:89:71:72:6b:85:d5:6a:
                    33:af:c1:40:01:4b:41:83:67:6a:ac:b2:cb:50:a3:
                    8b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D2:22:B7:51:23:12:DC:87:A9:EE:17:48:A8:A0:18:1F:85:91:F1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/47e4fc99-133a-461e-8f9f-f9fc2af1364a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:e8:02:9a:3e:be:01:82:3c:12:ff:6a:5b:06:ad:5a:19:15:
         88:84:94:e2:47:9e:fd:f7:5c:32:58:67:6e:25:11:f1:fa:c0:
         bf:7c:c2:29:a1:f5:1d:f1:1c:81:7a:54:9d:9c:65:a4:49:e7:
         92:f7:f4:38:b1:50:a1:25:f9:69:2f:13:5c:5e:69:45:17:6f:
         3f:32:6a:a8:91:ac:1c:3e:af:f8:b5:12:a3:f8:e2:d6:40:0b:
         b6:f7:40:3b:53:a8:3e:bb:55:1b:7a:c4:e2:a3:4b:30:15:f3:
         53:f0:8d:7b:e1:b6:87:2c:ea:d8:5d:c3:b1:0e:e0:bd:da:95:
         4f:e2:fa:2a:24:3c:52:2a:f9:05:c5:a9:41:72:b1:70:96:76:
         ff:5d:5d:e2:ac:7a:b0:3b:8e:28:2b:c3:92:c8:15:be:b7:70:
         7d:b9:1d:ce:ba:15:02:36:12:95:a7:02:7d:ae:90:c4:bd:d7:
         a1:31:17:64:82:75:f9:5e:35:78:ac:0f:aa:43:1f:52:fa:0f:
         58:f9:26:ee:1a:6e:cb:43:bf:15:27:06:1b:7a:e0:e9:76:cb:
         72:23:ef:a1:70:db:11:14:96:a7:ee:ee:7c:d0:a2:b9:82:e5:
         bf:b3:32:4d:77:1f:c6:0e:d5:50:89:58:70:ca:65:f7:f0:00:
         6a:60:a8:ce
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbbxSaYoRGnswuwk3iKoiNQ1puWAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTE0MDAwMDAwWhcNMjQwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTE3ZTZlZGJiMTdlN2JiMDQxZmIwZGMyN2ZiYmYyZjVl
NTU5ZTUxNDc5NTA4MWIyYmIwMTE4YzgzZjgwMTJhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnKGqI2JXO7tK7Uw2uQMPYFqdt8r5qdTMHZ6kg0QUu4Sj5
fCSxO/0fckx1B1r0WYl8qvY+wTuXvarVXcVXxnUNzs2DYI3z8iYRUmMtU05u73f5
xvvSMyYz+HP+lH22hAtEfB2EX4cFrdTTcgomF59c1NT8eLjJxdNuJFH4FbHRj8TD
zVoXQPhbJnM8zau+jg5OgkrjhMSC8uZ55ctul+f3xFwIq7cOxAe5uTi71HGwTi4B
uo64GJBZXSFvFQDyvfduMpesRhQpiYnKk41zZQZrRjw4m2ZxsBxxcqxdsY8pS7bM
GImdhTxPiXFya4XVajOvwUABS0GDZ2qssstQo4spAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHdIit1EjEtyHqe4XSKigGB+FkfEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ3ZTRmYzk5LTEzM2EtNDYxZS04ZjlmLWY5ZmMyYWYxMzY0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEboApo+vgGCPBL/alsGrVoZFYiE
lOJHnv33XDJYZ24lEfH6wL98wimh9R3xHIF6VJ2cZaRJ55L39DixUKEl+WkvE1xe
aUUXbz8yaqiRrBw+r/i1EqP44tZAC7b3QDtTqD67VRt6xOKjSzAV81PwjXvhtocs
6thdw7EO4L3alU/i+iokPFIq+QXFqUFysXCWdv9dXeKserA7jigrw5LIFb63cH25
Hc66FQI2EpWnAn2ukMS916ExF2SCdfleNXisD6pDH1L6D1j5Ju4abstDvxUnBht6
4Ol2y3Ij76Fw2xEUlqfu7nzQormC5b+zMk13H8YO1VCJWHDKZffwAGpgqM4=
-----END CERTIFICATE-----