Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/572276c0-059e-429f-bff3-fe46e47b11ca.roa
File:                     572276c0-059e-429f-bff3-fe46e47b11ca.roa (raw, json)
Hash identifier:          +jS/yepyC2tCLFCrk3NbJCd28zUirqFbZk22fLtbprM=
Subject key identifier:   40:76:1F:3D:1F:EE:8F:06:75:4A:81:ED:76:BE:60:19:5E:3C:CB:19
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4E26834E39AEE6F06287C08206EA138BC7D6C8BB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/572276c0-059e-429f-bff3-fe46e47b11ca.roa
Signing time:             Thu 21 Dec 2023 00:00:00 +0000
ROA not before:           Thu 21 Dec 2023 00:00:00 +0000
ROA not after:            Thu 25 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:26:83:4e:39:ae:e6:f0:62:87:c0:82:06:ea:13:8b:c7:d6:c8:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 21 00:00:00 2023 GMT
            Not After : Jan 25 23:59:59 2024 GMT
        Subject: serialNumber=87b8cdf7218a1ee1a890ff689506cb454254ceb30f5be2fa74bbc92de1893d68, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:74:5b:ad:d2:cf:46:e0:74:d2:ef:23:a4:2b:
                    1b:f7:11:2d:36:ea:28:76:03:e3:fb:d1:2b:81:28:
                    0f:be:2c:3f:92:c0:3a:44:a4:36:86:19:e4:99:41:
                    a8:f2:a1:ea:67:11:de:c2:4a:1a:44:98:2c:62:10:
                    c2:a9:31:c6:62:b0:7b:32:86:99:96:80:67:f5:18:
                    48:57:24:36:c2:c3:51:e2:a3:aa:97:66:c7:62:8a:
                    c6:46:98:86:e2:76:72:eb:2a:48:9e:01:80:e8:41:
                    93:14:ea:46:bc:8c:16:72:1e:de:60:06:60:cf:21:
                    e7:18:c7:b6:d1:75:fe:9d:35:5f:0e:e4:11:51:b0:
                    ab:5f:8c:10:62:1e:90:65:76:68:2d:3c:87:0e:d7:
                    27:f8:69:83:51:10:df:fd:ac:b4:8a:3a:d7:86:f3:
                    4e:ea:9f:41:7d:e2:be:5c:4f:69:66:64:7b:08:55:
                    2b:a9:ef:4f:34:b6:4c:39:af:81:29:79:6d:40:86:
                    e0:d1:74:08:f5:8f:72:c7:0a:01:52:f3:81:25:f5:
                    be:8f:d3:34:b6:49:d3:de:e9:a9:a8:4c:e5:fa:f3:
                    82:73:f6:be:4d:ba:70:96:8a:85:63:74:38:a9:4b:
                    9a:89:8e:12:cc:ec:1c:55:0e:70:08:3b:2d:d5:1a:
                    fb:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:76:1F:3D:1F:EE:8F:06:75:4A:81:ED:76:BE:60:19:5E:3C:CB:19
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/572276c0-059e-429f-bff3-fe46e47b11ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:b0:8b:0e:c6:94:41:49:ef:5a:08:ed:fc:ba:77:71:29:82:
         d3:18:71:03:39:9e:0f:df:1b:da:8f:f7:58:94:4e:e1:3a:63:
         a6:1a:a9:d5:ca:d5:47:36:1e:fa:68:68:f2:9b:6e:23:69:6e:
         dd:9c:3e:a5:55:a9:a9:39:af:b5:77:a9:92:71:8c:94:8b:89:
         1b:29:61:bf:77:19:c9:aa:c5:34:50:00:03:c2:52:0f:e8:80:
         d0:de:8c:e6:de:fa:9b:2c:94:7b:f8:8c:91:01:e1:07:2a:64:
         09:fc:a6:6c:12:97:cf:d8:c6:90:3b:3e:04:33:58:e5:87:cf:
         a6:86:ba:37:9a:7d:30:f7:e5:c5:7a:ea:ca:68:1d:83:7a:8a:
         c7:b5:0e:f2:ba:d1:e5:c3:a8:d5:b4:b7:e5:b1:06:d6:61:4e:
         d0:d1:8a:bb:7f:f2:e6:81:07:d0:f3:f9:fd:1c:60:37:f9:a0:
         e6:b5:ee:8b:ba:45:83:3d:5b:d9:6b:d2:34:3f:17:6a:81:07:
         f4:7f:a1:12:4f:cc:41:27:ec:c0:99:7a:f2:71:af:fc:15:51:
         a0:d6:16:9b:17:3c:da:5d:29:9a:23:18:34:56:ed:a6:96:cf:
         66:58:de:91:c2:a2:28:0a:e8:32:96:08:4d:a4:64:ab:36:a8:
         c0:fe:f9:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTiaDTjmu5vBih8CCBuoTi8fWyLswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjIxMDAwMDAwWhcNMjQwMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4N2I4Y2RmNzIxOGExZWUxYTg5MGZmNjg5NTA2Y2I0NTQy
NTRjZWIzMGY1YmUyZmE3NGJiYzkyZGUxODkzZDY4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQdFut0s9G4HTS7yOkKxv3ES026ih2A+P70SuBKA++LD+S
wDpEpDaGGeSZQajyoepnEd7CShpEmCxiEMKpMcZisHsyhpmWgGf1GEhXJDbCw1Hi
o6qXZsdiisZGmIbidnLrKkieAYDoQZMU6ka8jBZyHt5gBmDPIecYx7bRdf6dNV8O
5BFRsKtfjBBiHpBldmgtPIcO1yf4aYNREN/9rLSKOteG807qn0F94r5cT2lmZHsI
VSup7080tkw5r4EpeW1AhuDRdAj1j3LHCgFS84El9b6P0zS2SdPe6amoTOX684Jz
9r5NunCWioVjdDipS5qJjhLM7BxVDnAIOy3VGvupAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQHYfPR/ujwZ1SoHtdr5gGV48yxkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU3MjI3NmMwLTA1OWUtNDI5Zi1iZmYzLWZlNDZlNDdiMTFjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADawiw7GlEFJ71oI7fy6d3EpgtMY
cQM5ng/fG9qP91iUTuE6Y6YaqdXK1Uc2HvpoaPKbbiNpbt2cPqVVqak5r7V3qZJx
jJSLiRspYb93GcmqxTRQAAPCUg/ogNDejObe+psslHv4jJEB4QcqZAn8pmwSl8/Y
xpA7PgQzWOWHz6aGujeafTD35cV66spoHYN6ise1DvK60eXDqNW0t+WxBtZhTtDR
irt/8uaBB9Dz+f0cYDf5oOa17ou6RYM9W9lr0jQ/F2qBB/R/oRJPzEEn7MCZevJx
r/wVUaDWFpsXPNpdKZojGDRW7aaWz2ZY3pHCoigK6DKWCE2kZKs2qMD++Vc=
-----END CERTIFICATE-----