Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d617534-00a1-4a5c-bf21-205ce0044561.roa
File:                     7d617534-00a1-4a5c-bf21-205ce0044561.roa (raw, json)
Hash identifier:          V+bWiV7Es1q3xclzH8pKa0J1xim+8Rmg6tvDmKVMeeA=
Subject key identifier:   0D:3D:84:04:FB:B6:CC:37:48:F8:F7:BE:6D:22:22:67:B5:2D:65:99
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       09D33EA84722E47F490D6252575C9895260A57D7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d617534-00a1-4a5c-bf21-205ce0044561.roa
Signing time:             Thu 16 Nov 2023 00:00:00 +0000
ROA not before:           Thu 16 Nov 2023 00:00:00 +0000
ROA not after:            Thu 21 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:d3:3e:a8:47:22:e4:7f:49:0d:62:52:57:5c:98:95:26:0a:57:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 16 00:00:00 2023 GMT
            Not After : Dec 21 23:59:59 2023 GMT
        Subject: serialNumber=90a8643836b5d9eaba660c9ce8101d3f650d21e687acdb0ae416b5468b819ee2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:38:ae:91:c2:9e:1e:00:60:68:e7:88:5d:9f:
                    a2:64:90:39:50:b5:0d:df:25:6d:d1:24:61:22:7f:
                    1e:6b:2f:3f:db:21:af:71:3a:76:73:f1:1a:7c:24:
                    b6:9c:9a:bc:63:c5:8d:df:b8:56:9c:1d:75:61:22:
                    8e:be:87:22:bf:18:bd:6e:7e:61:ec:22:c2:4f:c0:
                    fd:21:32:79:52:a5:db:97:92:8d:3d:c5:81:1c:5a:
                    0f:67:3d:46:3e:20:25:72:e4:02:a4:10:93:23:f0:
                    93:bd:e0:c7:01:ea:6e:7e:e4:8b:31:62:27:73:e6:
                    01:05:45:f3:8a:0e:60:03:82:58:7e:b7:14:ff:4b:
                    be:6e:85:5a:e4:8d:02:b4:91:86:6a:66:54:cb:dc:
                    05:69:ca:81:38:d8:bf:1c:2a:6d:b6:93:dc:43:dd:
                    56:38:6c:80:a5:be:ca:10:0f:c5:c7:f4:8c:41:8d:
                    67:0d:e2:12:c3:94:1e:e6:77:29:23:cb:32:a7:32:
                    96:2a:d4:71:b1:93:fc:0f:9f:de:f3:a5:af:60:4c:
                    9f:3a:90:d1:6e:63:c6:5c:84:75:22:8b:83:83:63:
                    6a:03:a9:16:4d:ee:0f:ad:20:ce:22:6b:bd:8f:f4:
                    94:43:9e:4a:5d:31:3f:45:2e:0a:0e:b9:61:ee:21:
                    9f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:3D:84:04:FB:B6:CC:37:48:F8:F7:BE:6D:22:22:67:B5:2D:65:99
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d617534-00a1-4a5c-bf21-205ce0044561.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:2c:5a:ce:3b:9a:01:ab:16:0c:61:f1:37:cd:db:df:82:5a:
         a4:18:c2:7d:30:81:52:a2:ac:38:3f:12:9e:8d:15:cf:9b:95:
         6d:dd:07:7f:89:d6:b3:b6:82:b1:4d:69:60:77:a0:f6:fc:fb:
         b0:cd:c1:b1:1e:91:89:97:b4:4c:5b:59:6a:0d:1e:53:fe:48:
         71:f2:90:c2:d9:68:25:e6:74:e6:11:86:cf:2c:a1:35:d7:39:
         3c:12:12:ed:f3:35:25:0e:3a:b1:4e:ed:2b:86:c1:ec:3c:1e:
         97:df:40:f0:b2:a5:30:21:d1:da:50:dd:41:55:34:eb:fb:d4:
         16:4b:3e:46:d2:54:d0:81:f2:55:9b:87:20:d8:5b:0f:52:24:
         b2:32:5f:a5:b6:da:e5:15:e3:40:5d:8f:7f:ec:ad:50:14:92:
         7e:63:74:96:0a:0b:95:e1:74:95:c1:ed:48:55:ec:0e:4a:1c:
         ba:ae:eb:23:00:b8:34:8e:eb:76:19:d3:32:82:34:05:c6:23:
         de:7d:75:62:54:b0:3e:09:f8:d1:8f:5d:b1:af:72:4d:84:28:
         a7:85:12:0c:5f:e2:a3:4d:7a:04:37:c2:0a:69:c5:96:56:d4:
         1d:32:d6:96:92:a7:65:3c:26:85:fb:11:05:c8:19:f7:c8:99:
         61:72:49:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCdM+qEci5H9JDWJSV1yYlSYKV9cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE2MDAwMDAwWhcNMjMxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MGE4NjQzODM2YjVkOWVhYmE2NjBjOWNlODEwMWQzZjY1
MGQyMWU2ODdhY2RiMGFlNDE2YjU0NjhiODE5ZWUyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOOK6Rwp4eAGBo54hdn6JkkDlQtQ3fJW3RJGEifx5rLz/b
Ia9xOnZz8Rp8JLacmrxjxY3fuFacHXVhIo6+hyK/GL1ufmHsIsJPwP0hMnlSpduX
ko09xYEcWg9nPUY+ICVy5AKkEJMj8JO94McB6m5+5IsxYidz5gEFRfOKDmADglh+
txT/S75uhVrkjQK0kYZqZlTL3AVpyoE42L8cKm22k9xD3VY4bIClvsoQD8XH9IxB
jWcN4hLDlB7mdykjyzKnMpYq1HGxk/wPn97zpa9gTJ86kNFuY8ZchHUii4ODY2oD
qRZN7g+tIM4ia72P9JRDnkpdMT9FLgoOuWHuIZ8LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDT2EBPu2zDdI+Pe+bSIiZ7UtZZkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdkNjE3NTM0LTAwYTEtNGE1Yy1iZjIxLTIwNWNlMDA0NDU2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADosWs47mgGrFgxh8TfN29+CWqQY
wn0wgVKirDg/Ep6NFc+blW3dB3+J1rO2grFNaWB3oPb8+7DNwbEekYmXtExbWWoN
HlP+SHHykMLZaCXmdOYRhs8soTXXOTwSEu3zNSUOOrFO7SuGwew8HpffQPCypTAh
0dpQ3UFVNOv71BZLPkbSVNCB8lWbhyDYWw9SJLIyX6W22uUV40Bdj3/srVAUkn5j
dJYKC5XhdJXB7UhV7A5KHLqu6yMAuDSO63YZ0zKCNAXGI959dWJUsD4J+NGPXbGv
ck2EKKeFEgxf4qNNegQ3wgppxZZW1B0y1paSp2U8JoX7EQXIGffImWFySU8=
-----END CERTIFICATE-----