Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/829c9d43-89ab-4f7e-9bdb-1451fc519d10.roa
File:                     829c9d43-89ab-4f7e-9bdb-1451fc519d10.roa (raw, json)
Hash identifier:          u1/QxBbT2PL4qx6XPbVuoY1g2WepRzDy8vQ/wf99DMk=
Subject key identifier:   13:49:D4:DA:33:0A:C6:64:C9:40:E4:0C:08:6F:6B:B1:6B:CA:F6:E1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2AADF6BB6A40C802FB0811D55D6EED0F17CDD165
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/829c9d43-89ab-4f7e-9bdb-1451fc519d10.roa
Signing time:             Mon 11 Dec 2023 00:00:00 +0000
ROA not before:           Mon 11 Dec 2023 00:00:00 +0000
ROA not after:            Mon 15 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:ad:f6:bb:6a:40:c8:02:fb:08:11:d5:5d:6e:ed:0f:17:cd:d1:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 11 00:00:00 2023 GMT
            Not After : Jan 15 23:59:59 2024 GMT
        Subject: serialNumber=8d1604843366775866a192af19be949475912eafa023f9a4da10cda439287fac, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:11:e3:bc:ee:d0:cb:b3:4c:89:ca:e5:ed:7d:
                    69:55:11:1b:d3:24:9e:1d:02:28:ae:a1:17:e0:c4:
                    8a:98:fa:13:fa:cc:e2:6d:07:37:cb:25:1c:65:3a:
                    24:7b:c4:7f:a2:17:e1:43:f5:df:e2:fb:67:49:0e:
                    4a:ea:90:90:3e:e2:39:5f:c1:3c:bc:68:ef:e3:89:
                    09:90:20:c8:52:3f:61:6d:ca:d2:3f:12:5e:ea:5d:
                    e5:c4:d2:19:84:21:f2:b5:ba:ad:60:80:e5:97:ec:
                    d6:46:05:7e:57:d1:c7:03:9f:85:cb:db:73:6f:b7:
                    05:6c:f6:3b:c8:19:e3:55:3e:5d:2c:05:ab:7c:68:
                    87:b9:30:7c:c4:50:f2:86:07:32:fa:98:fc:2a:67:
                    db:67:c8:e5:87:8d:f1:44:a3:00:bd:79:50:40:74:
                    bc:ba:53:2c:cb:5f:d3:e1:a6:02:fc:35:8f:59:ad:
                    12:5e:c1:b7:36:30:d4:74:ad:7c:99:03:04:38:82:
                    83:52:2f:10:34:ae:4f:dd:4c:0a:bc:fe:4e:81:d4:
                    f9:b6:1d:bf:7d:c5:a6:40:b8:1d:b2:fc:3a:ee:2c:
                    bd:f7:58:68:c2:75:55:b9:a1:d7:4e:ca:0a:9d:c0:
                    b2:d9:ff:0d:cd:47:1c:60:42:72:74:63:4f:13:95:
                    cd:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:49:D4:DA:33:0A:C6:64:C9:40:E4:0C:08:6F:6B:B1:6B:CA:F6:E1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/829c9d43-89ab-4f7e-9bdb-1451fc519d10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:68:65:8d:c8:80:d4:70:95:36:c6:0e:dc:e8:e3:cf:92:b5:
         e2:2e:87:f9:72:b9:04:14:b2:3e:d3:d8:e0:58:0a:7f:a0:e6:
         66:f6:4d:76:cb:b1:e3:17:e7:4d:99:4e:aa:a6:98:7c:47:1d:
         d6:dc:0c:30:07:92:13:a8:77:c5:00:03:2e:ab:20:43:c0:63:
         cd:17:c7:bf:1a:c2:c4:37:e2:d6:90:84:26:d7:88:ca:a3:5a:
         6b:3b:db:55:92:7b:be:e0:e2:a0:7b:fb:be:59:5b:d9:77:45:
         db:48:92:c2:10:06:d4:14:0d:73:19:cf:6c:7f:85:61:a4:a1:
         fc:cb:19:18:41:bd:3c:5d:2f:a6:d0:fe:a4:a2:4b:48:5b:5e:
         67:2f:1c:a9:83:f3:42:82:0d:69:7b:ff:2d:ee:b0:e1:5d:7c:
         d1:fd:ff:a0:ca:1f:99:c8:d1:09:79:6b:f0:de:c8:57:6b:1b:
         70:55:fb:95:28:37:33:53:2c:43:44:15:e0:b9:95:a1:78:ba:
         2d:16:c7:a7:58:98:90:e3:14:80:43:cd:64:5d:0b:2d:d9:c1:
         ca:95:20:17:c2:d7:74:5b:a6:3f:f6:d5:d4:05:64:11:d2:7f:
         a1:ee:4d:02:70:ae:78:99:57:97:9a:7c:b9:09:8a:86:ec:60:
         8d:f4:ee:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKq32u2pAyAL7CBHVXW7tDxfN0WUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjExMDAwMDAwWhcNMjQwMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZDE2MDQ4NDMzNjY3NzU4NjZhMTkyYWYxOWJlOTQ5NDc1
OTEyZWFmYTAyM2Y5YTRkYTEwY2RhNDM5Mjg3ZmFjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkEeO87tDLs0yJyuXtfWlVERvTJJ4dAiiuoRfgxIqY+hP6
zOJtBzfLJRxlOiR7xH+iF+FD9d/i+2dJDkrqkJA+4jlfwTy8aO/jiQmQIMhSP2Ft
ytI/El7qXeXE0hmEIfK1uq1ggOWX7NZGBX5X0ccDn4XL23NvtwVs9jvIGeNVPl0s
Bat8aIe5MHzEUPKGBzL6mPwqZ9tnyOWHjfFEowC9eVBAdLy6UyzLX9PhpgL8NY9Z
rRJewbc2MNR0rXyZAwQ4goNSLxA0rk/dTAq8/k6B1Pm2Hb99xaZAuB2y/DruLL33
WGjCdVW5oddOygqdwLLZ/w3NRxxgQnJ0Y08Tlc1PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUE0nU2jMKxmTJQOQMCG9rsWvK9uEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyOWM5ZDQzLTg5YWItNGY3ZS05YmRiLTE0NTFmYzUxOWQxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACxoZY3IgNRwlTbGDtzo48+SteIu
h/lyuQQUsj7T2OBYCn+g5mb2TXbLseMX502ZTqqmmHxHHdbcDDAHkhOod8UAAy6r
IEPAY80Xx78awsQ34taQhCbXiMqjWms721WSe77g4qB7+75ZW9l3RdtIksIQBtQU
DXMZz2x/hWGkofzLGRhBvTxdL6bQ/qSiS0hbXmcvHKmD80KCDWl7/y3usOFdfNH9
/6DKH5nI0Ql5a/DeyFdrG3BV+5UoNzNTLENEFeC5laF4ui0Wx6dYmJDjFIBDzWRd
Cy3ZwcqVIBfC13Rbpj/21dQFZBHSf6HuTQJwrniZV5eafLkJiobsYI307ns=
-----END CERTIFICATE-----