Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4dea6e46-2788-41d0-a8d9-19509573829f.roa
File:                     4dea6e46-2788-41d0-a8d9-19509573829f.roa (raw, json)
Hash identifier:          1pLp9FbH/Iq0MZED4wsz3vTE+EbbiB0ijSx+m3DRlSY=
Subject key identifier:   C5:70:5C:2B:73:2B:A4:72:75:88:A7:7F:6E:51:A2:0D:3D:08:DF:77
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2205D3962D331EECD836C50BCB321DCFBCA267CB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4dea6e46-2788-41d0-a8d9-19509573829f.roa
Signing time:             Sun 29 Oct 2023 00:00:00 +0000
ROA not before:           Sun 29 Oct 2023 00:00:00 +0000
ROA not after:            Sun 03 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:05:d3:96:2d:33:1e:ec:d8:36:c5:0b:cb:32:1d:cf:bc:a2:67:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 29 00:00:00 2023 GMT
            Not After : Dec  3 23:59:59 2023 GMT
        Subject: serialNumber=43098ab8b669c1e77c1ff064cda1f62a06d61e8226fc003f745580e6b6fe5f4e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cc:97:8a:ea:2c:7a:40:86:88:6a:c6:ea:99:
                    fa:76:5b:b2:66:08:4e:63:05:a3:4e:86:d2:e2:46:
                    1c:83:b4:b0:95:f4:5d:63:d3:b7:4d:27:66:0a:da:
                    13:b7:dd:33:0a:7f:4f:14:d5:91:fa:f9:aa:85:e6:
                    3d:ad:50:db:7d:48:9b:57:de:32:b4:23:f4:87:c1:
                    2e:e5:14:fa:bd:4f:45:20:aa:31:4c:ba:91:65:30:
                    63:b2:5f:c7:dc:48:e8:f4:bb:91:69:34:a0:fd:72:
                    91:a2:33:8d:f9:c5:7c:31:7b:12:09:18:24:e0:59:
                    14:5c:50:4f:d9:80:a9:cf:cd:ff:8d:01:4a:47:60:
                    43:b6:34:06:3e:1b:e2:9a:85:ee:37:1e:74:fa:14:
                    c0:6b:09:39:26:1a:17:a0:ab:f9:81:cb:8b:68:a9:
                    a3:f1:04:e7:14:b5:00:e0:cb:3e:af:d3:41:66:58:
                    38:f3:b8:e1:4c:12:ca:2e:52:93:5f:7a:ba:6a:b2:
                    19:7e:69:a3:e1:36:62:ad:a8:cf:bf:e3:c8:00:cb:
                    a5:f1:22:7d:e6:93:b9:c7:fc:0c:44:5c:73:ba:11:
                    d0:32:e8:85:7f:7a:a7:54:d9:d1:3a:2d:11:a8:fd:
                    d2:69:da:11:07:69:63:85:00:cb:e3:37:5f:b9:87:
                    89:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:70:5C:2B:73:2B:A4:72:75:88:A7:7F:6E:51:A2:0D:3D:08:DF:77
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4dea6e46-2788-41d0-a8d9-19509573829f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:15:1d:6b:05:77:6b:5e:37:7c:61:53:36:ec:8a:b5:75:a2:
         07:26:d0:42:39:dd:67:00:03:87:7c:40:93:e4:2f:f5:43:e5:
         fe:35:60:3d:e2:13:98:a9:8c:30:35:97:fb:27:ca:4b:78:04:
         01:92:39:0a:68:38:48:fe:91:a2:da:fe:e0:c7:c3:f0:74:9b:
         12:d3:cd:45:27:18:61:98:19:16:92:a4:52:be:dc:c3:93:a3:
         ce:b5:40:5f:48:7b:06:85:78:9e:47:e9:91:cc:d4:2c:1d:d4:
         7d:9c:41:35:9b:ef:f1:fd:0e:22:6d:8b:43:88:99:86:b0:a9:
         3a:3d:91:da:bc:e2:af:7c:03:d2:c1:e4:5d:25:2f:d6:08:00:
         bc:bd:9f:5f:50:de:bb:a6:ff:74:2c:19:f3:58:90:78:4d:86:
         5a:d3:fc:a2:99:ab:78:14:ee:49:07:e0:8d:07:29:2a:f5:1b:
         e1:18:72:b4:f8:e8:b1:77:23:a7:f4:11:3c:42:e6:a9:b3:cf:
         84:d9:f9:65:7a:34:08:b1:48:af:43:11:31:9c:01:3e:f3:bb:
         2c:bb:0a:f9:59:a0:d4:06:9d:e6:a3:25:5e:95:ea:8f:0c:26:
         ae:37:c1:06:71:7c:a7:50:17:4e:53:dc:e1:b0:be:72:1f:2c:
         15:31:75:93
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIgXTli0zHuzYNsULyzIdz7yiZ8swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI5MDAwMDAwWhcNMjMxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MzA5OGFiOGI2NjljMWU3N2MxZmYwNjRjZGExZjYyYTA2
ZDYxZTgyMjZmYzAwM2Y3NDU1ODBlNmI2ZmU1ZjRlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0zJeK6ix6QIaIasbqmfp2W7JmCE5jBaNOhtLiRhyDtLCV
9F1j07dNJ2YK2hO33TMKf08U1ZH6+aqF5j2tUNt9SJtX3jK0I/SHwS7lFPq9T0Ug
qjFMupFlMGOyX8fcSOj0u5FpNKD9cpGiM435xXwxexIJGCTgWRRcUE/ZgKnPzf+N
AUpHYEO2NAY+G+Kahe43HnT6FMBrCTkmGhegq/mBy4toqaPxBOcUtQDgyz6v00Fm
WDjzuOFMEsouUpNferpqshl+aaPhNmKtqM+/48gAy6XxIn3mk7nH/AxEXHO6EdAy
6IV/eqdU2dE6LRGo/dJp2hEHaWOFAMvjN1+5h4kPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxXBcK3MrpHJ1iKd/blGiDT0I33cwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRkZWE2ZTQ2LTI3ODgtNDFkMC1hOGQ5LTE5NTA5NTczODI5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADQVHWsFd2teN3xhUzbsirV1ogcm
0EI53WcAA4d8QJPkL/VD5f41YD3iE5ipjDA1l/snykt4BAGSOQpoOEj+kaLa/uDH
w/B0mxLTzUUnGGGYGRaSpFK+3MOTo861QF9IewaFeJ5H6ZHM1Cwd1H2cQTWb7/H9
DiJti0OImYawqTo9kdq84q98A9LB5F0lL9YIALy9n19Q3rum/3QsGfNYkHhNhlrT
/KKZq3gU7kkH4I0HKSr1G+EYcrT46LF3I6f0ETxC5qmzz4TZ+WV6NAixSK9DETGc
AT7zuyy7CvlZoNQGneajJV6V6o8MJq43wQZxfKdQF05T3OGwvnIfLBUxdZM=
-----END CERTIFICATE-----