Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7028ffa6-0984-4b09-ba2b-2a416066f51f.roa
File:                     7028ffa6-0984-4b09-ba2b-2a416066f51f.roa (raw, json)
Hash identifier:          LT+djsnPBOJDDFUru0/VLFsCEXzPUcPIb6FGZo4deBc=
Subject key identifier:   41:01:9E:82:A5:B3:5C:5B:9B:E6:59:6F:01:E7:BE:CB:E3:CC:A5:B3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       037381F61862E728D0D4E0844DB373FF2515A75D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7028ffa6-0984-4b09-ba2b-2a416066f51f.roa
Signing time:             Sat 09 Dec 2023 00:00:00 +0000
ROA not before:           Sat 09 Dec 2023 00:00:00 +0000
ROA not after:            Sat 13 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:73:81:f6:18:62:e7:28:d0:d4:e0:84:4d:b3:73:ff:25:15:a7:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  9 00:00:00 2023 GMT
            Not After : Jan 13 23:59:59 2024 GMT
        Subject: serialNumber=2417f9cf7eab423ebec82c7ca7ff4ac506a5fca1c5b29c5b3cb9256e2ffda009, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:de:71:da:c0:7f:6d:50:a3:18:f6:55:fa:02:
                    81:49:5b:5c:5b:d2:b0:dc:a1:c5:a8:77:94:cb:23:
                    5a:16:5a:bf:26:27:3a:c3:bb:b7:93:bc:20:74:23:
                    71:08:0d:21:a8:fe:ba:f3:e4:89:9e:75:89:d6:2d:
                    55:77:33:0e:c9:df:0f:c9:86:1b:59:07:5f:ed:bd:
                    42:91:d0:72:bf:5c:41:32:6e:8f:9d:66:53:e1:ce:
                    55:01:22:43:dc:34:99:bd:b5:68:3a:f0:46:33:e3:
                    29:92:41:96:b3:dc:3c:5e:c4:3d:41:d9:8a:95:97:
                    5f:59:70:1b:f0:ed:9c:f9:92:e0:7d:61:38:8f:1c:
                    e1:e4:69:f1:fe:9a:00:44:5e:1f:2c:89:1d:92:b3:
                    23:53:dc:27:e8:14:81:38:36:30:c8:f7:c1:e6:23:
                    e6:04:c1:13:d3:c7:57:ba:4f:3e:4e:bf:cf:4c:9c:
                    cb:2e:f6:c3:e9:3d:12:e7:9e:51:1d:b4:9c:8c:f6:
                    da:1b:57:ce:49:c2:b2:f4:5a:cb:b4:96:43:75:cc:
                    dc:39:08:83:3f:31:03:0b:71:44:2d:15:ff:96:11:
                    94:b6:87:af:13:61:1f:2c:03:b6:cd:67:4d:42:4e:
                    aa:74:3f:68:a2:9a:1e:d7:c0:b2:18:c9:e3:ae:46:
                    25:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:01:9E:82:A5:B3:5C:5B:9B:E6:59:6F:01:E7:BE:CB:E3:CC:A5:B3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7028ffa6-0984-4b09-ba2b-2a416066f51f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:d7:a3:27:52:7d:6c:c6:cd:a5:8d:f8:98:09:63:19:44:eb:
         70:70:1b:88:f0:12:0f:b9:df:44:9f:32:fd:3e:50:93:c1:0f:
         09:e1:d5:7f:57:55:09:f4:03:b7:13:40:55:f7:52:29:ae:34:
         6a:d8:04:08:04:2c:4d:ed:d1:82:91:f0:37:01:68:2e:25:54:
         41:9f:93:dd:ea:5a:48:33:a0:0a:13:97:8a:a8:78:2e:af:d0:
         00:91:c8:be:0f:ee:4e:76:ea:af:a1:9f:cd:20:1d:95:42:4e:
         c6:fa:3d:3f:77:8d:60:bb:0f:03:e7:3a:46:55:d4:5f:ff:b1:
         fb:9c:1d:d7:c4:44:af:39:87:55:f3:fd:2c:86:9f:df:d3:c9:
         cf:37:55:02:16:27:4f:5e:a2:ca:91:6b:6d:c1:08:ee:ca:a2:
         60:57:1a:de:c6:c3:31:1e:71:3d:4c:ca:e5:eb:30:92:87:b8:
         13:be:d0:f8:fb:6d:42:08:02:06:0c:6f:aa:5e:6f:00:48:e8:
         f0:8d:cc:86:33:b2:94:b2:89:78:41:9c:50:c8:59:45:5d:66:
         61:73:08:30:e5:2c:26:34:25:80:4c:b1:32:3e:70:dd:6b:bd:
         9f:99:f7:66:f5:80:82:58:da:26:8b:d2:2d:30:57:27:72:3a:
         44:ce:ed:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA3OB9hhi5yjQ1OCETbNz/yUVp10wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjA5MDAwMDAwWhcNMjQwMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDE3ZjljZjdlYWI0MjNlYmVjODJjN2NhN2ZmNGFjNTA2
YTVmY2ExYzViMjljNWIzY2I5MjU2ZTJmZmRhMDA5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDe3nHawH9tUKMY9lX6AoFJW1xb0rDcocWod5TLI1oWWr8m
JzrDu7eTvCB0I3EIDSGo/rrz5ImedYnWLVV3Mw7J3w/JhhtZB1/tvUKR0HK/XEEy
bo+dZlPhzlUBIkPcNJm9tWg68EYz4ymSQZaz3DxexD1B2YqVl19ZcBvw7Zz5kuB9
YTiPHOHkafH+mgBEXh8siR2SsyNT3CfoFIE4NjDI98HmI+YEwRPTx1e6Tz5Ov89M
nMsu9sPpPRLnnlEdtJyM9tobV85JwrL0Wsu0lkN1zNw5CIM/MQMLcUQtFf+WEZS2
h68TYR8sA7bNZ01CTqp0P2iimh7XwLIYyeOuRiU5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQQGegqWzXFub5llvAee+y+PMpbMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcwMjhmZmE2LTA5ODQtNGIwOS1iYTJiLTJhNDE2MDY2ZjUxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACHXoydSfWzGzaWN+JgJYxlE63Bw
G4jwEg+530SfMv0+UJPBDwnh1X9XVQn0A7cTQFX3UimuNGrYBAgELE3t0YKR8DcB
aC4lVEGfk93qWkgzoAoTl4qoeC6v0ACRyL4P7k526q+hn80gHZVCTsb6PT93jWC7
DwPnOkZV1F//sfucHdfERK85h1Xz/SyGn9/Tyc83VQIWJ09eosqRa23BCO7KomBX
Gt7GwzEecT1MyuXrMJKHuBO+0Pj7bUIIAgYMb6pebwBI6PCNzIYzspSyiXhBnFDI
WUVdZmFzCDDlLCY0JYBMsTI+cN1rvZ+Z92b1gIJY2iaL0i0wVydyOkTO7Qs=
-----END CERTIFICATE-----