Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54d5f75b-9928-4878-af45-40804ca8a69c.roa
File:                     54d5f75b-9928-4878-af45-40804ca8a69c.roa (raw, json)
Hash identifier:          hHckbbxx8tEE95twq71/lDn4cYf4VdPWIBjQl5dpiaw=
Subject key identifier:   1C:8B:22:29:45:5A:77:C8:06:34:51:23:A5:D3:D9:D8:69:49:73:FF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       69DEFE118DFCEC0C1F3BB24456675746A4FC2042
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54d5f75b-9928-4878-af45-40804ca8a69c.roa
Signing time:             Sun 29 Oct 2023 00:00:00 +0000
ROA not before:           Sun 29 Oct 2023 00:00:00 +0000
ROA not after:            Sun 03 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:de:fe:11:8d:fc:ec:0c:1f:3b:b2:44:56:67:57:46:a4:fc:20:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 29 00:00:00 2023 GMT
            Not After : Dec  3 23:59:59 2023 GMT
        Subject: serialNumber=6d43522313aa1608d9e59df933bca0517ec4a8c34039379cdfe121068e010a08, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:65:65:af:16:fb:bd:fb:57:bf:b7:46:89:19:
                    0a:eb:26:f3:5c:27:9b:5d:f9:ad:6e:76:b5:c6:9c:
                    e6:5b:b0:fb:ed:48:ec:68:be:6c:58:ba:2d:b8:23:
                    26:d1:a9:82:34:b6:cf:a3:33:86:08:66:60:fb:6b:
                    ba:c8:9b:a1:dc:e2:e3:db:e8:0e:2c:66:e3:07:37:
                    ef:be:9f:99:49:49:71:64:94:6d:48:c9:88:62:b9:
                    45:be:30:2f:19:45:cd:f0:41:f4:8e:3f:a9:b7:59:
                    0d:ec:22:7d:ea:d3:ce:7a:17:aa:66:1b:ec:50:99:
                    46:cf:45:ef:4f:e2:01:e4:4e:9a:d8:be:aa:76:fc:
                    ae:72:d6:40:51:21:26:0f:d2:73:b0:2b:99:c5:b5:
                    5f:53:35:55:f7:2b:42:a2:fc:57:44:67:ef:0f:67:
                    03:ea:f5:c8:93:ec:51:6e:7c:25:26:9e:fa:ff:03:
                    ee:5d:81:fe:6d:42:e0:9c:8d:5d:e8:0f:2c:b6:ba:
                    1f:52:c6:01:9f:8b:8f:e0:bc:ff:d8:05:98:12:83:
                    32:57:6e:39:33:7e:28:2d:2f:f4:7b:18:d0:20:d2:
                    6a:91:9f:91:f0:c1:02:59:7c:cd:c6:79:34:f9:35:
                    0c:45:a3:0d:38:a9:fc:92:36:c5:77:4e:c6:a7:d7:
                    59:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:8B:22:29:45:5A:77:C8:06:34:51:23:A5:D3:D9:D8:69:49:73:FF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54d5f75b-9928-4878-af45-40804ca8a69c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:52:75:df:2c:03:18:f6:29:4d:13:cc:a1:7f:c3:a5:c1:ce:
         94:97:2b:9c:92:44:d5:8b:6e:93:96:ce:9e:dc:60:19:cb:41:
         df:98:2d:78:eb:93:67:9c:54:3d:a2:c1:6a:a1:70:06:ee:ea:
         4c:4c:01:05:b2:7a:1d:51:d5:2c:7c:03:eb:d3:46:a6:d0:4a:
         af:a2:32:cc:32:99:1f:5a:e4:f7:76:1a:c0:dc:ad:ee:ba:6b:
         03:df:2d:a0:58:2c:42:4b:53:4e:85:fb:9f:47:99:a7:50:25:
         81:19:1c:d3:30:23:5e:de:e5:4e:5b:b5:5f:d1:32:4c:e0:50:
         d0:eb:03:79:ef:84:a8:2c:1f:b6:ac:ba:50:a1:23:b7:2f:6a:
         fe:3c:3b:2f:24:36:6a:2d:f7:49:e3:f3:c0:0e:cc:f0:b5:5d:
         f8:b1:31:65:58:2a:e2:f7:ce:5a:9a:8d:af:96:67:79:fc:d4:
         a7:4c:3a:89:05:8d:1f:a8:3d:e3:1f:c1:eb:f1:4b:7b:4d:e7:
         fb:67:c7:e0:80:99:ee:8b:ab:4b:7d:65:04:48:32:28:d8:67:
         86:b7:01:33:3b:76:88:3c:83:55:a2:86:13:f0:9c:fe:bf:81:
         8e:ef:0b:86:a3:14:e1:94:64:99:2d:3c:25:ca:35:a4:76:b3:
         0c:7f:ab:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUad7+EY387AwfO7JEVmdXRqT8IEIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI5MDAwMDAwWhcNMjMxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZDQzNTIyMzEzYWExNjA4ZDllNTlkZjkzM2JjYTA1MTdl
YzRhOGMzNDAzOTM3OWNkZmUxMjEwNjhlMDEwYTA4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKZWWvFvu9+1e/t0aJGQrrJvNcJ5td+a1udrXGnOZbsPvt
SOxovmxYui24IybRqYI0ts+jM4YIZmD7a7rIm6Hc4uPb6A4sZuMHN+++n5lJSXFk
lG1IyYhiuUW+MC8ZRc3wQfSOP6m3WQ3sIn3q0856F6pmG+xQmUbPRe9P4gHkTprY
vqp2/K5y1kBRISYP0nOwK5nFtV9TNVX3K0Ki/FdEZ+8PZwPq9ciT7FFufCUmnvr/
A+5dgf5tQuCcjV3oDyy2uh9SxgGfi4/gvP/YBZgSgzJXbjkzfigtL/R7GNAg0mqR
n5HwwQJZfM3GeTT5NQxFow04qfySNsV3Tsan11l1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHIsiKUVad8gGNFEjpdPZ2GlJc/8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU0ZDVmNzViLTk5MjgtNDg3OC1hZjQ1LTQwODA0Y2E4YTY5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIxSdd8sAxj2KU0TzKF/w6XBzpSX
K5ySRNWLbpOWzp7cYBnLQd+YLXjrk2ecVD2iwWqhcAbu6kxMAQWyeh1R1Sx8A+vT
RqbQSq+iMswymR9a5Pd2GsDcre66awPfLaBYLEJLU06F+59HmadQJYEZHNMwI17e
5U5btV/RMkzgUNDrA3nvhKgsH7asulChI7cvav48Oy8kNmot90nj88AOzPC1Xfix
MWVYKuL3zlqaja+WZ3n81KdMOokFjR+oPeMfwevxS3tN5/tnx+CAme6Lq0t9ZQRI
MijYZ4a3ATM7dog8g1WihhPwnP6/gY7vC4ajFOGUZJktPCXKNaR2swx/qzI=
-----END CERTIFICATE-----