Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d36b746-51b1-4013-a3f2-a3de9a9b339a.roa
File:                     7d36b746-51b1-4013-a3f2-a3de9a9b339a.roa (raw, json)
Hash identifier:          oSV+B878UT6HDtYESwDocCqJYykjCGbdxdLs5suNSxQ=
Subject key identifier:   49:0B:1E:42:D5:C0:27:75:AD:12:A2:A1:12:1B:69:71:7F:B4:3F:D2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6DB494D712307E25E97DE52690B31E4911D0BA96
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d36b746-51b1-4013-a3f2-a3de9a9b339a.roa
Signing time:             Thu 09 Nov 2023 00:00:00 +0000
ROA not before:           Thu 09 Nov 2023 00:00:00 +0000
ROA not after:            Thu 14 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:b4:94:d7:12:30:7e:25:e9:7d:e5:26:90:b3:1e:49:11:d0:ba:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  9 00:00:00 2023 GMT
            Not After : Dec 14 23:59:59 2023 GMT
        Subject: serialNumber=459a34b7b4ee55b72791288e9549914aeac6024e28b6f3f0d9bc30bfcf32f51d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a4:78:46:e2:72:0c:db:02:0b:23:18:04:8b:
                    95:c8:93:90:b7:35:36:75:12:12:79:19:f8:ab:85:
                    d6:34:53:75:db:ce:e1:16:ee:aa:09:77:eb:b8:99:
                    6e:66:1e:79:83:01:aa:0a:b5:b9:a5:2b:8f:c7:ef:
                    f2:60:44:ea:a4:f3:a4:49:8e:1c:e4:f9:15:92:1f:
                    d4:31:76:85:00:a9:65:6f:54:cf:10:06:ff:cb:1f:
                    c1:7d:98:97:4e:a3:6b:fe:ed:7c:35:f0:fa:93:b9:
                    08:4c:cc:83:97:29:fb:74:ab:91:75:8d:e9:f2:f9:
                    62:c2:60:a4:fe:12:52:34:ca:d4:44:86:2a:5f:a1:
                    82:4d:b2:bb:1c:e4:4a:4d:07:37:ba:fa:7f:78:69:
                    57:a7:8f:09:4e:a1:1e:60:9b:bf:89:8d:86:67:77:
                    ef:20:e8:be:ef:33:8a:32:3e:12:83:27:f9:19:bb:
                    91:8c:07:3e:4c:00:43:25:4a:39:0a:51:7f:b7:f7:
                    ce:3b:f0:e1:75:62:dd:75:df:4a:0e:46:d4:b5:8f:
                    c9:94:32:e5:30:77:a0:6c:1c:38:72:7f:16:f2:08:
                    4e:be:35:81:cc:04:b8:d1:73:5b:b8:61:dd:e8:23:
                    f5:17:2a:d2:3d:67:7a:40:d9:9c:86:c2:0c:53:17:
                    b6:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:0B:1E:42:D5:C0:27:75:AD:12:A2:A1:12:1B:69:71:7F:B4:3F:D2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d36b746-51b1-4013-a3f2-a3de9a9b339a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:4b:ee:fa:3f:09:ee:f3:ab:34:1c:4c:55:f1:23:a4:56:e8:
         40:98:1e:0e:c9:4b:cc:23:7c:0a:55:17:a1:de:1f:7f:85:b3:
         78:94:15:4e:b6:39:0c:ca:ce:41:ae:f3:53:a7:fe:25:53:33:
         b1:59:b5:4d:4d:8c:51:7b:2f:2f:4c:25:50:ce:8e:da:91:e5:
         e4:98:1b:81:0e:62:19:c5:39:5a:0f:0d:e1:c9:bd:45:2d:32:
         01:70:56:7b:e6:7c:fe:0d:f9:66:8b:4c:ba:8f:8f:a2:cb:46:
         7d:e6:9e:fe:c1:73:40:d3:bd:35:74:49:b8:71:e1:a2:1a:19:
         e2:53:2e:b3:b7:b2:b6:cf:68:f7:c4:0b:25:08:33:9b:d5:dd:
         24:43:78:be:73:84:e5:ef:d7:dc:a5:ee:cc:28:d2:13:4a:f2:
         39:f1:1b:8c:34:9b:2d:1e:28:ec:d8:5b:58:76:e9:7c:23:48:
         4e:c5:9c:59:aa:3a:a1:ae:f1:c4:e6:8a:cd:7c:d6:a3:19:96:
         06:6f:c5:bd:0c:63:6b:b0:08:52:75:7a:7f:bf:0b:c4:a1:8f:
         40:31:ef:d8:b0:f1:65:12:3b:db:9a:51:ad:a6:1c:f8:bd:8c:
         9a:18:74:a4:8e:01:f9:58:70:42:d9:47:96:59:5d:4b:90:bf:
         b1:12:db:f2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbbSU1xIwfiXpfeUmkLMeSRHQupYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA5MDAwMDAwWhcNMjMxMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTlhMzRiN2I0ZWU1NWI3Mjc5MTI4OGU5NTQ5OTE0YWVh
YzYwMjRlMjhiNmYzZjBkOWJjMzBiZmNmMzJmNTFkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5pHhG4nIM2wILIxgEi5XIk5C3NTZ1EhJ5GfirhdY0U3Xb
zuEW7qoJd+u4mW5mHnmDAaoKtbmlK4/H7/JgROqk86RJjhzk+RWSH9QxdoUAqWVv
VM8QBv/LH8F9mJdOo2v+7Xw18PqTuQhMzIOXKft0q5F1jeny+WLCYKT+ElI0ytRE
hipfoYJNsrsc5EpNBze6+n94aVenjwlOoR5gm7+JjYZnd+8g6L7vM4oyPhKDJ/kZ
u5GMBz5MAEMlSjkKUX+398478OF1Yt1130oORtS1j8mUMuUwd6BsHDhyfxbyCE6+
NYHMBLjRc1u4Yd3oI/UXKtI9Z3pA2ZyGwgxTF7YRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSQseQtXAJ3WtEqKhEhtpcX+0P9IwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdkMzZiNzQ2LTUxYjEtNDAxMy1hM2YyLWEzZGU5YTliMzM5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFVL7vo/Ce7zqzQcTFXxI6RW6ECY
Hg7JS8wjfApVF6HeH3+Fs3iUFU62OQzKzkGu81On/iVTM7FZtU1NjFF7Ly9MJVDO
jtqR5eSYG4EOYhnFOVoPDeHJvUUtMgFwVnvmfP4N+WaLTLqPj6LLRn3mnv7Bc0DT
vTV0Sbhx4aIaGeJTLrO3srbPaPfECyUIM5vV3SRDeL5zhOXv19yl7swo0hNK8jnx
G4w0my0eKOzYW1h26XwjSE7FnFmqOqGu8cTmis181qMZlgZvxb0MY2uwCFJ1en+/
C8Shj0Ax79iw8WUSO9uaUa2mHPi9jJoYdKSOAflYcELZR5ZZXUuQv7ES2/I=
-----END CERTIFICATE-----