Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/71dd72f0-e7a7-436b-bb33-f4cad6a75718.roa
File:                     71dd72f0-e7a7-436b-bb33-f4cad6a75718.roa (raw, json)
Hash identifier:          LOmk/oWqV30+bn01Pv5j0usJpHGGHjsIp9bKrsYXl4A=
Subject key identifier:   59:06:07:0B:CB:18:49:4E:8F:F9:E6:90:EB:5F:61:70:DF:3A:13:2B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0E2F77F0D260612E458647E7BEE5177C03EB888F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/71dd72f0-e7a7-436b-bb33-f4cad6a75718.roa
Signing time:             Fri 24 Nov 2023 00:00:00 +0000
ROA not before:           Fri 24 Nov 2023 00:00:00 +0000
ROA not after:            Fri 29 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:2f:77:f0:d2:60:61:2e:45:86:47:e7:be:e5:17:7c:03:eb:88:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 24 00:00:00 2023 GMT
            Not After : Dec 29 23:59:59 2023 GMT
        Subject: serialNumber=2eaccbb82a5f4d960190bc968af1c9c8202a123fc79672a713a40c641eb4d73d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:34:5e:1a:55:7f:4b:76:d0:89:db:df:79:01:
                    5e:0d:5d:d7:89:4c:fc:1e:d3:c5:77:95:9d:0a:5f:
                    db:eb:e4:e7:05:64:c3:dd:75:d0:c3:87:06:ec:f3:
                    5d:04:4f:1c:21:71:31:7c:fe:c7:d3:02:3c:85:fb:
                    81:c4:a3:3c:4b:e3:63:0a:0e:25:48:90:cb:7d:74:
                    01:34:17:51:f3:57:ec:a9:c0:08:58:5f:fd:0a:e0:
                    d9:34:e5:78:e5:47:f3:60:f1:05:fe:4a:9b:e2:66:
                    f3:70:8e:0f:3f:ad:01:9f:99:9f:6d:b0:73:75:c5:
                    af:a8:74:9d:39:e3:cf:71:5d:ed:0a:80:67:83:2f:
                    ea:b7:20:a5:b8:d0:44:7c:93:8e:5a:09:00:6f:96:
                    1e:f9:af:15:49:92:de:80:3c:61:71:d2:47:e0:40:
                    16:7c:01:5d:b7:de:67:49:37:48:cf:32:b9:d5:29:
                    ef:3c:bd:6c:c6:f0:5d:2e:86:19:8b:dd:d2:b4:57:
                    74:67:64:50:90:6e:c0:b1:d9:78:3a:d9:3d:c4:1a:
                    db:ab:6f:7f:fa:ac:22:92:23:15:70:52:de:f7:e7:
                    3c:5a:6b:97:1a:ef:79:eb:41:4b:4e:6b:aa:3f:45:
                    ac:db:5b:57:9d:30:99:b6:4d:72:b2:11:ef:ae:fa:
                    7b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:06:07:0B:CB:18:49:4E:8F:F9:E6:90:EB:5F:61:70:DF:3A:13:2B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/71dd72f0-e7a7-436b-bb33-f4cad6a75718.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:74:96:6f:1f:74:68:d9:56:0e:6d:7b:8a:5a:b0:45:3c:6f:
         12:50:3f:66:d4:d6:0d:60:61:df:0b:51:32:c5:dc:22:f1:b7:
         21:74:f1:84:b3:0f:a2:99:69:25:ef:7c:b0:eb:04:9b:9c:dd:
         75:4b:7a:92:96:06:93:61:8f:e8:ee:03:91:9b:29:63:a4:61:
         82:3b:92:f3:0b:3a:cc:3f:2d:ac:62:a3:c7:79:b1:8c:5f:51:
         94:a0:1b:af:ba:3b:88:b9:21:f7:8c:42:9d:b0:0d:ee:14:54:
         19:1e:d0:c5:ad:9d:c6:97:be:b1:ef:ba:1b:7b:35:29:92:e3:
         63:17:d9:0a:2e:1f:c7:c9:da:42:30:bb:c4:ff:d2:d8:09:cf:
         c0:ff:d0:c7:02:43:09:b1:82:2a:32:53:f8:bb:e0:e6:75:59:
         55:d8:8e:ce:32:b7:bb:79:1b:e5:e3:52:d2:92:1c:b4:48:65:
         fc:0f:d0:3e:e1:03:91:1d:8a:ff:6d:0a:d5:4f:70:f5:65:2e:
         3d:ac:fb:a9:c7:15:d5:b0:2e:72:3c:6a:ef:7f:5a:ea:e1:40:
         4d:13:21:b3:8e:f4:75:18:a0:8c:91:d9:2c:37:c1:84:e8:98:
         e1:96:4e:38:19:d9:2c:20:eb:0b:c4:88:af:d7:d4:e5:76:5a:
         ab:c7:47:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDi938NJgYS5FhkfnvuUXfAPriI8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTI0MDAwMDAwWhcNMjMxMjI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZWFjY2JiODJhNWY0ZDk2MDE5MGJjOTY4YWYxYzljODIw
MmExMjNmYzc5NjcyYTcxM2E0MGM2NDFlYjRkNzNkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGNF4aVX9LdtCJ2995AV4NXdeJTPwe08V3lZ0KX9vr5OcF
ZMPdddDDhwbs810ETxwhcTF8/sfTAjyF+4HEozxL42MKDiVIkMt9dAE0F1HzV+yp
wAhYX/0K4Nk05XjlR/Ng8QX+SpviZvNwjg8/rQGfmZ9tsHN1xa+odJ05489xXe0K
gGeDL+q3IKW40ER8k45aCQBvlh75rxVJkt6APGFx0kfgQBZ8AV233mdJN0jPMrnV
Ke88vWzG8F0uhhmL3dK0V3RnZFCQbsCx2Xg62T3EGturb3/6rCKSIxVwUt735zxa
a5ca73nrQUtOa6o/RazbW1edMJm2TXKyEe+u+nvxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWQYHC8sYSU6P+eaQ619hcN86EyswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcxZGQ3MmYwLWU3YTctNDM2Yi1iYjMzLWY0Y2FkNmE3NTcxOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFN0lm8fdGjZVg5te4pasEU8bxJQ
P2bU1g1gYd8LUTLF3CLxtyF08YSzD6KZaSXvfLDrBJuc3XVLepKWBpNhj+juA5Gb
KWOkYYI7kvMLOsw/Laxio8d5sYxfUZSgG6+6O4i5IfeMQp2wDe4UVBke0MWtncaX
vrHvuht7NSmS42MX2QouH8fJ2kIwu8T/0tgJz8D/0McCQwmxgioyU/i74OZ1WVXY
js4yt7t5G+XjUtKSHLRIZfwP0D7hA5Ediv9tCtVPcPVlLj2s+6nHFdWwLnI8au9/
WurhQE0TIbOO9HUYoIyR2Sw3wYTomOGWTjgZ2Swg6wvEiK/X1OV2WqvHR64=
-----END CERTIFICATE-----