Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4aceefc6-252d-4a65-b163-c32430c0c8c7.roa
File:                     4aceefc6-252d-4a65-b163-c32430c0c8c7.roa (raw, json)
Hash identifier:          ETrtw19EGKOdJEGRbLRKwMwpDTUCs3nZTZRM5ZeJqto=
Subject key identifier:   97:AA:9D:34:62:C8:44:78:46:8F:DA:EB:B5:F8:B9:E1:3F:1D:AD:08
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       638C10F482C9E8AAE4D0E04FC9263DC48D50F691
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4aceefc6-252d-4a65-b163-c32430c0c8c7.roa
Signing time:             Fri 01 Dec 2023 00:00:00 +0000
ROA not before:           Fri 01 Dec 2023 00:00:00 +0000
ROA not after:            Fri 05 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:8c:10:f4:82:c9:e8:aa:e4:d0:e0:4f:c9:26:3d:c4:8d:50:f6:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  1 00:00:00 2023 GMT
            Not After : Jan  5 23:59:59 2024 GMT
        Subject: serialNumber=db48fdf09029d17f654f0f154b6f64a76b721d936251f92233bb865f26d77d66, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:cb:9c:cb:a0:24:f9:3f:04:76:f1:e4:3c:b4:
                    a9:01:80:d7:7e:16:37:9b:01:19:10:99:30:9c:89:
                    8e:ca:8e:ee:6a:41:ca:29:e5:64:e4:5b:53:53:94:
                    8a:3a:41:15:a5:db:df:0e:fe:f8:aa:77:c0:12:d4:
                    e1:c5:5b:67:51:67:d5:db:c7:c2:c6:73:61:e1:a1:
                    a6:24:46:6a:ed:d1:b8:2c:6d:41:e2:4c:30:84:57:
                    72:8a:68:f5:0b:61:7e:31:1c:c5:c8:4b:fe:1c:d5:
                    cb:ab:9d:9f:c7:87:4f:a5:f5:8a:fb:28:1f:37:e6:
                    33:3f:84:c0:6e:24:69:7e:6b:13:39:2e:80:31:ae:
                    a8:da:16:04:45:67:47:56:42:c0:c1:65:1f:3a:8b:
                    99:41:0b:cc:03:a9:18:58:f4:b2:d4:17:8a:20:82:
                    58:cf:f7:e8:93:3e:c7:5e:f8:73:d3:c0:12:9f:b7:
                    b6:4e:e2:2a:04:57:16:5a:4b:24:27:90:23:58:5c:
                    0c:5f:95:28:55:b5:f5:94:de:12:c6:d2:aa:71:03:
                    96:23:b5:c0:f0:da:5f:09:d5:98:11:64:5a:f5:6a:
                    42:7f:16:6f:cb:cc:b8:f6:21:14:45:80:00:01:10:
                    73:a5:fd:a5:17:55:6a:a9:66:cd:33:00:eb:e1:0a:
                    40:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:AA:9D:34:62:C8:44:78:46:8F:DA:EB:B5:F8:B9:E1:3F:1D:AD:08
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4aceefc6-252d-4a65-b163-c32430c0c8c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:7f:db:2d:27:2a:37:2b:d9:17:65:6a:bd:b1:46:2a:83:77:
         9d:19:dd:2c:6a:1a:54:7d:50:f9:19:d5:9c:fc:ff:01:31:c7:
         15:94:36:ec:dc:f9:35:1d:08:45:c7:74:fb:18:9e:62:34:28:
         3a:26:62:04:7b:c3:ba:82:8f:3f:d4:86:01:b2:8d:e9:3e:66:
         d0:a1:ab:e7:12:1d:e1:02:08:ea:89:a4:62:1d:31:67:86:31:
         a4:f2:3e:c3:cc:38:97:bc:b5:d2:11:f1:c0:ab:4f:64:da:51:
         41:1b:d5:fd:fb:28:a5:ad:02:54:43:10:27:61:16:b7:20:5d:
         d4:e0:db:79:6e:59:a8:c6:01:8c:f6:c4:53:5c:63:36:33:d9:
         8b:0f:f5:5b:40:49:a7:49:4e:16:db:7f:27:41:4e:3a:fc:99:
         a7:c5:65:59:f3:a9:bf:e2:42:f1:b9:8c:fa:a6:d0:6d:c2:b8:
         9a:70:03:fd:c3:b0:48:7a:d0:ba:78:29:19:80:e4:30:14:8c:
         e6:c5:f5:51:57:28:93:22:26:96:44:f8:8d:71:6b:5e:17:c7:
         67:9c:da:d5:bc:62:d0:da:bc:ee:9b:1f:af:c1:d8:6b:5e:7c:
         f4:58:4c:bf:ef:3a:1f:d8:f3:2c:c4:2d:ac:ab:25:38:43:0d:
         15:36:a5:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY4wQ9ILJ6Krk0OBPySY9xI1Q9pEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjAxMDAwMDAwWhcNMjQwMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjQ4ZmRmMDkwMjlkMTdmNjU0ZjBmMTU0YjZmNjRhNzZi
NzIxZDkzNjI1MWY5MjIzM2JiODY1ZjI2ZDc3ZDY2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYy5zLoCT5PwR28eQ8tKkBgNd+FjebARkQmTCciY7Kju5q
Qcop5WTkW1NTlIo6QRWl298O/viqd8AS1OHFW2dRZ9Xbx8LGc2HhoaYkRmrt0bgs
bUHiTDCEV3KKaPULYX4xHMXIS/4c1curnZ/Hh0+l9Yr7KB835jM/hMBuJGl+axM5
LoAxrqjaFgRFZ0dWQsDBZR86i5lBC8wDqRhY9LLUF4oggljP9+iTPsde+HPTwBKf
t7ZO4ioEVxZaSyQnkCNYXAxflShVtfWU3hLG0qpxA5YjtcDw2l8J1ZgRZFr1akJ/
Fm/LzLj2IRRFgAABEHOl/aUXVWqpZs0zAOvhCkC1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUl6qdNGLIRHhGj9rrtfi54T8drQgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRhY2VlZmM2LTI1MmQtNGE2NS1iMTYzLWMzMjQzMGMwYzhjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADN/2y0nKjcr2Rdlar2xRiqDd50Z
3SxqGlR9UPkZ1Zz8/wExxxWUNuzc+TUdCEXHdPsYnmI0KDomYgR7w7qCjz/UhgGy
jek+ZtChq+cSHeECCOqJpGIdMWeGMaTyPsPMOJe8tdIR8cCrT2TaUUEb1f37KKWt
AlRDECdhFrcgXdTg23luWajGAYz2xFNcYzYz2YsP9VtASadJThbbfydBTjr8mafF
ZVnzqb/iQvG5jPqm0G3CuJpwA/3DsEh60Lp4KRmA5DAUjObF9VFXKJMiJpZE+I1x
a14Xx2ec2tW8YtDavO6bH6/B2GtefPRYTL/vOh/Y8yzELayrJThDDRU2pZE=
-----END CERTIFICATE-----