Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f40562c-8255-4799-9e10-7168274d8956.roa
File:                     5f40562c-8255-4799-9e10-7168274d8956.roa (raw, json)
Hash identifier:          QoyTXB5Cy8+Gf5TqqnMZP4waCNts6yp7jsBwgFtsPpo=
Subject key identifier:   54:56:A8:18:7C:88:88:BA:95:5A:A5:11:F5:CA:24:0F:6D:2F:65:36
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5986ED59F669FB44557FEA5770E789E7CC629C1B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f40562c-8255-4799-9e10-7168274d8956.roa
Signing time:             Fri 10 Nov 2023 00:00:00 +0000
ROA not before:           Fri 10 Nov 2023 00:00:00 +0000
ROA not after:            Fri 15 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:86:ed:59:f6:69:fb:44:55:7f:ea:57:70:e7:89:e7:cc:62:9c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 10 00:00:00 2023 GMT
            Not After : Dec 15 23:59:59 2023 GMT
        Subject: serialNumber=5301ebe622ace5fe5f8bb6834da4c416985555288cb3f44eeaf5bf09980415e8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b1:8a:8f:5a:a6:fd:0c:ee:c0:b9:c0:1d:d2:
                    ff:bf:99:f1:d5:8c:37:c4:42:dd:94:46:e7:0a:a9:
                    ee:6f:b8:14:35:38:95:25:0a:29:c3:63:de:4c:b3:
                    af:e1:25:b9:0a:1c:e4:84:ec:00:ec:e6:95:4f:e8:
                    ff:0d:b9:80:ea:0c:43:f5:91:01:5f:ff:62:91:be:
                    24:14:34:7c:06:94:ab:b7:a9:e5:14:dc:05:20:f3:
                    ec:2f:3e:f7:60:d8:1b:7a:81:32:10:f8:bf:d0:80:
                    b0:cc:a9:5a:e2:8b:cb:a5:59:31:1e:cf:93:66:45:
                    c8:37:6b:41:a0:e9:6e:09:91:ad:83:6b:f9:15:2d:
                    4a:9e:fe:6e:b6:14:ba:c2:a6:fd:bf:77:af:96:69:
                    fb:0e:98:77:92:09:09:fc:79:20:da:04:ee:27:19:
                    13:78:c7:08:7b:0c:8e:e4:bd:53:a1:69:28:66:3b:
                    41:e4:32:7f:3d:24:4d:0b:b5:ac:ed:b7:d1:13:d2:
                    70:27:a0:f0:7a:a7:fa:ec:bf:bb:9d:3b:e8:87:9c:
                    72:ee:05:09:1e:3e:8f:57:59:a2:bd:68:d8:1a:bb:
                    67:e8:8b:25:48:dc:03:e3:bd:4b:3b:b9:22:a4:ec:
                    04:51:99:72:e9:7d:be:00:5d:f9:28:e3:4b:c0:60:
                    a0:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:56:A8:18:7C:88:88:BA:95:5A:A5:11:F5:CA:24:0F:6D:2F:65:36
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f40562c-8255-4799-9e10-7168274d8956.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:9f:85:0d:4d:3c:6f:fc:60:ff:51:21:5a:9a:a5:7c:ee:a6:
         a0:9e:53:8e:3d:17:ea:f7:8e:14:16:a1:35:73:7f:fb:be:ae:
         50:3f:1e:a9:f9:00:37:49:e8:e7:59:d5:44:b5:f3:d1:4c:d0:
         28:7d:3e:3e:42:10:7c:ca:70:9e:9a:e0:14:ac:86:02:01:f1:
         8b:ff:96:7a:5e:39:f8:bf:41:05:20:56:b0:2f:cf:bd:cd:6a:
         a6:c6:5b:71:e1:f6:90:45:62:86:2d:be:17:e6:70:f1:96:39:
         80:bf:64:4f:d8:3f:82:a5:1b:ea:63:c1:ae:10:32:e1:2a:b5:
         cb:f5:f4:48:c6:2b:6f:61:43:1f:10:f5:12:eb:02:5a:77:fb:
         bc:27:15:52:10:49:6a:b5:ee:49:72:00:32:18:e3:98:5c:cf:
         b9:3f:80:dd:d5:cf:6e:9f:cf:3b:c8:0f:e5:6b:7f:1d:e1:3d:
         c5:fe:81:7a:cd:d6:cf:96:1a:d2:ec:ea:a6:e6:fb:25:b5:b1:
         11:f1:28:53:85:07:38:d1:dd:c0:de:65:62:02:19:0f:51:75:
         e0:67:a0:0e:07:1d:08:1d:78:cc:9a:da:bb:a4:cf:45:2a:76:
         c6:45:a7:2b:53:1e:88:0d:05:4e:59:17:6c:b1:d7:f2:08:b5:
         43:2f:bc:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWYbtWfZp+0RVf+pXcOeJ58xinBswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTEwMDAwMDAwWhcNMjMxMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MzAxZWJlNjIyYWNlNWZlNWY4YmI2ODM0ZGE0YzQxNjk4
NTU1NTI4OGNiM2Y0NGVlYWY1YmYwOTk4MDQxNWU4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8sYqPWqb9DO7AucAd0v+/mfHVjDfEQt2URucKqe5vuBQ1
OJUlCinDY95Ms6/hJbkKHOSE7ADs5pVP6P8NuYDqDEP1kQFf/2KRviQUNHwGlKu3
qeUU3AUg8+wvPvdg2Bt6gTIQ+L/QgLDMqVrii8ulWTEez5NmRcg3a0Gg6W4Jka2D
a/kVLUqe/m62FLrCpv2/d6+WafsOmHeSCQn8eSDaBO4nGRN4xwh7DI7kvVOhaShm
O0HkMn89JE0Ltaztt9ET0nAnoPB6p/rsv7udO+iHnHLuBQkePo9XWaK9aNgau2fo
iyVI3APjvUs7uSKk7ARRmXLpfb4AXfko40vAYKC3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVFaoGHyIiLqVWqUR9cokD20vZTYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVmNDA1NjJjLTgyNTUtNDc5OS05ZTEwLTcxNjgyNzRkODk1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALGfhQ1NPG/8YP9RIVqapXzupqCe
U449F+r3jhQWoTVzf/u+rlA/Hqn5ADdJ6OdZ1US189FM0Ch9Pj5CEHzKcJ6a4BSs
hgIB8Yv/lnpeOfi/QQUgVrAvz73NaqbGW3Hh9pBFYoYtvhfmcPGWOYC/ZE/YP4Kl
G+pjwa4QMuEqtcv19EjGK29hQx8Q9RLrAlp3+7wnFVIQSWq17klyADIY45hcz7k/
gN3Vz26fzzvID+Vrfx3hPcX+gXrN1s+WGtLs6qbm+yW1sRHxKFOFBzjR3cDeZWIC
GQ9RdeBnoA4HHQgdeMya2rukz0UqdsZFpytTHogNBU5ZF2yx1/IItUMvvJ4=
-----END CERTIFICATE-----