Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/68f0792e-88e1-4c1d-887e-d4b1a6fb2c59.roa
File:                     68f0792e-88e1-4c1d-887e-d4b1a6fb2c59.roa (raw, json)
Hash identifier:          HgWIkSTkMSwg1GblfFD8RSTtvNj5NZ/9aTzqOa4V0lc=
Subject key identifier:   B9:FA:8B:26:31:31:FA:44:70:88:2B:B1:33:6E:36:86:8D:EC:A8:BB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       19F9B45045061EA034ED429505E7B13C203D0001
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/68f0792e-88e1-4c1d-887e-d4b1a6fb2c59.roa
Signing time:             Mon 11 Dec 2023 00:00:00 +0000
ROA not before:           Mon 11 Dec 2023 00:00:00 +0000
ROA not after:            Mon 15 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:f9:b4:50:45:06:1e:a0:34:ed:42:95:05:e7:b1:3c:20:3d:00:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 11 00:00:00 2023 GMT
            Not After : Jan 15 23:59:59 2024 GMT
        Subject: serialNumber=67dfb20a58f445c27f703a96dcaab35cb5ea947781674b8f61796b84dbbe5dad, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:55:e0:e8:07:7e:81:7f:32:01:1b:3d:e8:cd:
                    7c:1c:56:df:8a:b2:b2:34:f3:80:89:88:33:77:a7:
                    2d:d0:e2:a9:46:77:d5:12:2a:01:95:50:2c:18:da:
                    a5:99:21:0c:f6:50:56:09:2d:0d:34:f7:89:61:1c:
                    f5:76:a9:c3:f0:d0:a6:ff:4a:42:c2:b1:2f:95:74:
                    3f:21:3f:34:07:a9:61:2d:95:80:96:91:cc:be:0c:
                    fa:9f:1e:37:1b:28:0b:ce:50:0d:34:05:1e:3e:99:
                    5a:6f:95:f4:81:ce:22:3f:35:0f:47:ea:e8:6e:1f:
                    3e:68:64:1c:39:97:23:2c:05:16:dc:bb:37:d2:aa:
                    d9:f1:ce:e0:87:29:20:d5:63:be:78:85:d6:e2:95:
                    51:50:c8:61:aa:b7:c6:9e:64:1e:0e:0a:8d:f8:6a:
                    47:3c:2a:73:f4:09:3a:e3:c0:d3:05:f6:24:6d:71:
                    1c:bc:8d:7f:c6:55:ea:9b:a5:3e:cf:e2:0c:48:cf:
                    4a:c3:56:9a:d8:a2:6b:8b:34:99:07:6b:5a:df:88:
                    04:46:86:59:ae:27:f5:56:cb:c7:23:5f:0f:4c:15:
                    75:f8:cb:f5:e7:36:eb:0d:90:c8:26:b5:2f:02:8c:
                    91:b3:ad:e6:50:5f:c4:83:6c:91:96:cb:04:dc:fd:
                    13:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FA:8B:26:31:31:FA:44:70:88:2B:B1:33:6E:36:86:8D:EC:A8:BB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/68f0792e-88e1-4c1d-887e-d4b1a6fb2c59.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:27:85:e9:38:3a:bb:23:11:8e:20:d6:df:02:01:a0:80:58:
         01:8a:f9:cc:c3:bd:5f:62:b8:16:06:53:b7:6e:72:07:e5:0c:
         f6:98:a7:c5:a7:e5:2d:2a:b7:f9:b8:61:72:1c:e1:43:25:59:
         12:2d:96:dd:27:ec:e1:c3:5c:89:72:78:c2:58:6e:de:25:be:
         1c:7d:b3:fa:3b:9a:26:b5:64:9e:da:22:67:66:77:a9:af:48:
         9e:69:44:77:e9:76:8f:09:e7:bf:6a:43:1a:e1:ea:7a:c9:f9:
         58:97:33:5b:5e:7d:96:1b:c4:2c:ed:e0:c1:71:c2:20:90:20:
         5f:f8:bb:c7:d1:d6:ff:0b:53:6e:1d:0f:af:63:47:51:3f:a4:
         55:51:43:88:37:d5:fc:27:f9:96:83:ee:63:a4:73:ea:2f:5e:
         0c:01:62:52:23:3b:df:ec:f9:7a:1e:5e:f9:ba:3a:07:71:11:
         10:1f:86:b6:ad:52:d6:58:c0:3d:77:b7:04:b0:98:ec:14:b8:
         f5:b4:64:f7:b5:87:2b:2a:56:c6:da:e6:00:26:db:c8:04:db:
         6e:0c:64:3e:f3:f6:d8:4b:2c:e0:a8:71:2d:42:fc:68:3d:9b:
         0b:c0:2e:6c:8c:44:94:1f:62:a5:70:06:f5:cb:0d:41:df:21:
         8d:0a:92:c5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGfm0UEUGHqA07UKVBeexPCA9AAEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjExMDAwMDAwWhcNMjQwMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2N2RmYjIwYTU4ZjQ0NWMyN2Y3MDNhOTZkY2FhYjM1Y2I1
ZWE5NDc3ODE2NzRiOGY2MTc5NmI4NGRiYmU1ZGFkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrVeDoB36BfzIBGz3ozXwcVt+KsrI084CJiDN3py3Q4qlG
d9USKgGVUCwY2qWZIQz2UFYJLQ0094lhHPV2qcPw0Kb/SkLCsS+VdD8hPzQHqWEt
lYCWkcy+DPqfHjcbKAvOUA00BR4+mVpvlfSBziI/NQ9H6uhuHz5oZBw5lyMsBRbc
uzfSqtnxzuCHKSDVY754hdbilVFQyGGqt8aeZB4OCo34akc8KnP0CTrjwNMF9iRt
cRy8jX/GVeqbpT7P4gxIz0rDVprYomuLNJkHa1rfiARGhlmuJ/VWy8cjXw9MFXX4
y/XnNusNkMgmtS8CjJGzreZQX8SDbJGWywTc/RPfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUufqLJjEx+kRwiCuxM242ho3sqLswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY4ZjA3OTJlLTg4ZTEtNGMxZC04ODdlLWQ0YjFhNmZiMmM1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAUnhek4OrsjEY4g1t8CAaCAWAGK
+czDvV9iuBYGU7ducgflDPaYp8Wn5S0qt/m4YXIc4UMlWRItlt0n7OHDXIlyeMJY
bt4lvhx9s/o7mia1ZJ7aImdmd6mvSJ5pRHfpdo8J579qQxrh6nrJ+ViXM1tefZYb
xCzt4MFxwiCQIF/4u8fR1v8LU24dD69jR1E/pFVRQ4g31fwn+ZaD7mOkc+ovXgwB
YlIjO9/s+XoeXvm6OgdxERAfhratUtZYwD13twSwmOwUuPW0ZPe1hysqVsba5gAm
28gE224MZD7z9thLLOCocS1C/Gg9mwvALmyMRJQfYqVwBvXLDUHfIY0KksU=
-----END CERTIFICATE-----