Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/55e9e4b0-757c-4b86-a7c6-5c85d5869e67.roa
File:                     55e9e4b0-757c-4b86-a7c6-5c85d5869e67.roa (raw, json)
Hash identifier:          zvgKSYksR51ftFjhiy/7VuQLnt8dkBATC70j0dlyO4Y=
Subject key identifier:   36:99:BD:96:ED:B6:A5:4D:A3:3F:35:6E:6A:1F:EC:18:AA:02:B4:F2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1AC2AFF8F6C0C5227DAF60125F2CC92BDC4B9743
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/55e9e4b0-757c-4b86-a7c6-5c85d5869e67.roa
Signing time:             Tue 24 Oct 2023 00:00:00 +0000
ROA not before:           Tue 24 Oct 2023 00:00:00 +0000
ROA not after:            Tue 28 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:c2:af:f8:f6:c0:c5:22:7d:af:60:12:5f:2c:c9:2b:dc:4b:97:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 24 00:00:00 2023 GMT
            Not After : Nov 28 23:59:59 2023 GMT
        Subject: serialNumber=8e1ed1b19d44535fb577bceca09be560fd606cd53a7b759be7244267252acfae, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:26:20:14:d4:16:2d:f2:f6:df:ed:dd:a5:dc:
                    b6:fe:15:91:b0:3a:6d:49:d1:c5:0d:cc:01:02:f0:
                    1e:fa:94:ab:a6:7e:c9:8b:17:c1:b5:97:2b:02:61:
                    05:c1:47:9e:87:7f:84:d2:1d:8c:1d:fa:97:c3:9d:
                    eb:24:f0:46:47:b4:07:fb:73:db:77:74:68:59:b1:
                    85:35:6f:89:7a:5a:58:5e:44:97:d1:90:06:f0:e6:
                    3a:2f:8b:99:dc:52:b8:bc:67:c2:a0:b1:99:19:31:
                    29:4e:82:50:99:2c:8c:90:81:86:ea:f0:c0:5d:9a:
                    ed:18:86:6a:06:b6:a9:6e:c5:cf:79:cc:6e:d9:85:
                    f9:8c:03:5a:c7:a1:f3:9d:9e:c7:9e:38:b3:c0:f0:
                    02:1e:1b:f1:14:59:5e:96:ab:40:ec:f7:a6:8a:64:
                    28:fa:68:39:c1:eb:4b:ed:7f:31:ac:d1:08:9f:51:
                    c7:35:67:b8:8a:43:56:42:fc:c6:a6:e2:67:c5:b3:
                    37:48:01:0f:01:fa:71:bf:f9:62:23:db:82:f0:f3:
                    ce:7c:02:06:9d:6c:2d:2e:bc:7a:aa:17:e1:b9:b8:
                    f1:4b:83:79:12:03:a5:7c:27:a6:0e:f5:4b:7a:b1:
                    0d:7d:74:1a:c0:4f:f8:da:97:47:fa:d1:95:b7:35:
                    52:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:99:BD:96:ED:B6:A5:4D:A3:3F:35:6E:6A:1F:EC:18:AA:02:B4:F2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/55e9e4b0-757c-4b86-a7c6-5c85d5869e67.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:85:d6:ba:86:d1:65:d6:67:a6:00:02:e7:88:4e:cc:21:9f:
         c5:70:4b:2e:5c:13:6a:10:51:c6:69:76:37:07:72:2b:cf:1e:
         ec:4b:27:77:10:bc:3e:23:13:23:20:d7:cc:b3:41:bd:7a:7f:
         99:be:52:19:99:dd:01:4f:14:d1:b5:89:89:a3:50:60:a5:da:
         7d:00:e9:96:2b:a6:2c:b4:23:85:2c:11:d9:9a:c7:6c:60:3a:
         bb:1a:cb:6f:40:b8:75:61:d2:a6:60:69:ad:3a:9d:da:fc:46:
         6f:3b:b4:8b:e6:e0:8a:87:01:82:33:2b:24:32:41:83:55:44:
         fe:c6:62:c4:cd:9c:f8:7c:6e:7d:42:31:3c:35:8a:e6:08:5b:
         94:a0:e9:a6:01:d8:05:80:98:73:ee:51:c3:7c:1d:e9:7b:c2:
         90:e0:85:55:46:95:62:bd:f7:41:5f:6e:a9:15:06:4a:5a:26:
         30:bb:c4:ee:64:70:b2:9a:2b:26:85:3d:23:b5:9b:9c:9e:5d:
         1e:1c:dd:b5:26:8f:c2:09:22:ed:37:f3:2a:1d:ee:cd:71:da:
         91:44:62:70:01:42:63:96:de:af:f1:a1:af:53:cd:c6:92:fc:
         6a:25:13:cb:ba:db:6b:b5:02:19:0f:9e:ca:83:bd:b7:55:c3:
         25:9c:29:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGsKv+PbAxSJ9r2ASXyzJK9xLl0MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI0MDAwMDAwWhcNMjMxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZTFlZDFiMTlkNDQ1MzVmYjU3N2JjZWNhMDliZTU2MGZk
NjA2Y2Q1M2E3Yjc1OWJlNzI0NDI2NzI1MmFjZmFlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9JiAU1BYt8vbf7d2l3Lb+FZGwOm1J0cUNzAEC8B76lKum
fsmLF8G1lysCYQXBR56Hf4TSHYwd+pfDnesk8EZHtAf7c9t3dGhZsYU1b4l6Wlhe
RJfRkAbw5jovi5ncUri8Z8KgsZkZMSlOglCZLIyQgYbq8MBdmu0YhmoGtqluxc95
zG7ZhfmMA1rHofOdnseeOLPA8AIeG/EUWV6Wq0Ds96aKZCj6aDnB60vtfzGs0Qif
Ucc1Z7iKQ1ZC/Mam4mfFszdIAQ8B+nG/+WIj24Lw8858AgadbC0uvHqqF+G5uPFL
g3kSA6V8J6YO9Ut6sQ19dBrAT/jal0f60ZW3NVLVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNpm9lu22pU2jPzVuah/sGKoCtPIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU1ZTllNGIwLTc1N2MtNGI4Ni1hN2M2LTVjODVkNTg2OWU2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADqF1rqG0WXWZ6YAAueITswhn8Vw
Sy5cE2oQUcZpdjcHcivPHuxLJ3cQvD4jEyMg18yzQb16f5m+UhmZ3QFPFNG1iYmj
UGCl2n0A6ZYrpiy0I4UsEdmax2xgOrsay29AuHVh0qZgaa06ndr8Rm87tIvm4IqH
AYIzKyQyQYNVRP7GYsTNnPh8bn1CMTw1iuYIW5Sg6aYB2AWAmHPuUcN8Hel7wpDg
hVVGlWK990FfbqkVBkpaJjC7xO5kcLKaKyaFPSO1m5yeXR4c3bUmj8IJIu038yod
7s1x2pFEYnABQmOW3q/xoa9TzcaS/GolE8u622u1AhkPnsqDvbdVwyWcKQw=
-----END CERTIFICATE-----