Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/77e94210-832e-41fe-aaf3-738dd4fa018d.roa
File:                     77e94210-832e-41fe-aaf3-738dd4fa018d.roa (raw, json)
Hash identifier:          Yc76mj3fr0BSw+PR7B+xRawVBmC4glWasKbTSz50yJs=
Subject key identifier:   1F:18:CD:04:0D:AB:9B:6A:3A:43:FE:A8:03:EC:3F:CA:70:9C:EC:86
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7CF5E3811B6218019493168BA7FE09E59E49F34B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/77e94210-832e-41fe-aaf3-738dd4fa018d.roa
Signing time:             Sat 30 Dec 2023 00:00:00 +0000
ROA not before:           Sat 30 Dec 2023 00:00:00 +0000
ROA not after:            Sat 03 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:f5:e3:81:1b:62:18:01:94:93:16:8b:a7:fe:09:e5:9e:49:f3:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 30 00:00:00 2023 GMT
            Not After : Feb  3 23:59:59 2024 GMT
        Subject: serialNumber=f73d1b801bd831017c449cb46fe8a1b071a0996d2564a03dcab6840bdd13974b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:86:0d:71:ce:8c:c6:c6:86:66:85:93:0e:5c:
                    4a:0c:e7:95:8e:c5:70:98:93:d4:bc:66:e4:32:c4:
                    bc:3f:39:8f:66:08:04:2a:b7:56:8b:10:51:eb:11:
                    97:ca:df:3d:93:10:7a:9d:53:ad:ed:02:db:07:ee:
                    ef:9a:f2:f3:ed:cd:cd:df:c6:63:65:ea:96:dd:d6:
                    9b:ca:51:19:39:09:98:30:0d:2c:94:02:eb:62:4f:
                    0a:2f:f4:52:25:3a:0a:79:a0:d4:54:9f:0b:24:2d:
                    0b:87:59:c0:64:1f:6c:92:de:31:16:76:1f:82:56:
                    6c:03:e2:4c:9b:4e:d5:03:4f:e4:00:37:21:b0:f5:
                    c9:30:57:e3:1c:1e:4e:5a:b5:66:fa:27:3a:63:08:
                    85:7e:aa:99:92:e4:bd:6d:d1:13:08:30:07:38:3f:
                    7d:1c:35:6d:5d:db:98:5d:79:79:85:a7:c6:51:1d:
                    9e:e4:ea:fb:17:ef:79:db:f1:32:c1:ec:0c:73:68:
                    76:b2:ec:4b:07:8f:82:00:ad:75:a7:68:d9:af:44:
                    3c:19:66:4c:b3:c1:da:59:3b:08:24:84:6e:46:f9:
                    dd:60:34:6d:10:9b:ec:87:68:c3:99:b0:d8:ea:13:
                    f0:91:c5:29:ac:c0:63:6c:1d:df:1c:f5:91:90:7a:
                    bb:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:18:CD:04:0D:AB:9B:6A:3A:43:FE:A8:03:EC:3F:CA:70:9C:EC:86
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/77e94210-832e-41fe-aaf3-738dd4fa018d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:43:64:78:f2:f0:fc:ae:93:ff:cb:9d:63:14:d2:62:bd:53:
         c8:09:6a:17:5b:c7:21:5d:e8:33:8d:92:26:56:15:3c:10:54:
         ab:d8:87:1f:49:f4:7d:54:96:5b:eb:48:f9:ac:0a:5c:3c:03:
         c9:85:c8:9e:66:44:ca:fe:ae:fe:8b:d6:e9:17:8a:36:1e:f9:
         78:9d:24:c5:80:16:01:78:ed:db:d6:a3:94:5e:67:71:d9:ca:
         53:d3:e7:99:36:05:6f:d0:cd:a9:2d:8f:56:a7:dd:4a:4b:cd:
         eb:92:7f:58:57:c4:fe:0f:fd:6f:9f:8d:d8:41:98:e5:2b:50:
         6e:3f:fc:b2:0e:4a:97:35:1a:c8:c6:28:c9:d6:79:1f:0a:18:
         10:60:80:fa:56:07:ae:d8:d6:7e:ad:b1:94:41:34:85:70:4f:
         2d:05:c6:c6:54:25:5c:e8:b2:9f:73:1e:45:07:66:de:29:ca:
         18:0a:e0:ad:33:e2:9a:e4:f8:5c:55:08:e6:f4:8d:34:3f:d7:
         9a:3f:15:00:88:4a:b3:a4:af:98:a0:a0:fe:74:e4:63:43:55:
         a1:c1:63:ee:f4:e6:56:76:77:e8:be:2c:4f:60:84:30:07:0b:
         5e:c1:49:ef:db:de:39:32:59:b4:80:47:80:2c:1b:ca:ac:a5:
         35:ad:b9:84
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfPXjgRtiGAGUkxaLp/4J5Z5J80swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjMwMDAwMDAwWhcNMjQwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzNkMWI4MDFiZDgzMTAxN2M0NDljYjQ2ZmU4YTFiMDcx
YTA5OTZkMjU2NGEwM2RjYWI2ODQwYmRkMTM5NzRiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMhg1xzozGxoZmhZMOXEoM55WOxXCYk9S8ZuQyxLw/OY9m
CAQqt1aLEFHrEZfK3z2TEHqdU63tAtsH7u+a8vPtzc3fxmNl6pbd1pvKURk5CZgw
DSyUAutiTwov9FIlOgp5oNRUnwskLQuHWcBkH2yS3jEWdh+CVmwD4kybTtUDT+QA
NyGw9ckwV+McHk5atWb6JzpjCIV+qpmS5L1t0RMIMAc4P30cNW1d25hdeXmFp8ZR
HZ7k6vsX73nb8TLB7AxzaHay7EsHj4IArXWnaNmvRDwZZkyzwdpZOwgkhG5G+d1g
NG0Qm+yHaMOZsNjqE/CRxSmswGNsHd8c9ZGQervHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHxjNBA2rm2o6Q/6oA+w/ynCc7IYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc3ZTk0MjEwLTgzMmUtNDFmZS1hYWYzLTczOGRkNGZhMDE4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH1DZHjy8Pyuk//LnWMU0mK9U8gJ
ahdbxyFd6DONkiZWFTwQVKvYhx9J9H1UllvrSPmsClw8A8mFyJ5mRMr+rv6L1ukX
ijYe+XidJMWAFgF47dvWo5ReZ3HZylPT55k2BW/Qzaktj1an3UpLzeuSf1hXxP4P
/W+fjdhBmOUrUG4//LIOSpc1GsjGKMnWeR8KGBBggPpWB67Y1n6tsZRBNIVwTy0F
xsZUJVzosp9zHkUHZt4pyhgK4K0z4prk+FxVCOb0jTQ/15o/FQCISrOkr5igoP50
5GNDVaHBY+705lZ2d+i+LE9ghDAHC17BSe/b3jkyWbSAR4AsG8qspTWtuYQ=
-----END CERTIFICATE-----