Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/912b3b6b-8910-4c5d-8586-e094eb327dd7.roa
File:                     912b3b6b-8910-4c5d-8586-e094eb327dd7.roa (raw, json)
Hash identifier:          0teLEj5W7Xl29790TX820rfxt5C6dKb94tCKI78zwXo=
Subject key identifier:   34:8A:62:D0:67:7B:F3:D2:CD:75:37:64:EF:03:A0:CD:8A:B2:01:44
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2B0E86DB9765908C06561BB157BAFB5850BD46EE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/912b3b6b-8910-4c5d-8586-e094eb327dd7.roa
Signing time:             Sat 25 Nov 2023 00:00:00 +0000
ROA not before:           Sat 25 Nov 2023 00:00:00 +0000
ROA not after:            Sat 30 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:0e:86:db:97:65:90:8c:06:56:1b:b1:57:ba:fb:58:50:bd:46:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 25 00:00:00 2023 GMT
            Not After : Dec 30 23:59:59 2023 GMT
        Subject: serialNumber=3a1d8eceb79ede34348b28ba4f2e47422f9098638b13cd75d1a9c8298858afbe, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:bb:38:af:07:a3:ed:67:6a:f5:59:72:cd:ea:
                    c5:6c:db:70:cf:21:8f:56:83:0b:2f:64:de:e6:dc:
                    59:60:d4:fd:71:c9:5a:41:0a:b4:5e:59:82:b1:73:
                    fa:71:81:8f:c8:f8:5b:d8:7b:04:cf:fd:da:69:1f:
                    1b:ff:1a:63:6d:d0:f3:8d:37:de:38:c4:72:db:db:
                    5d:84:ce:dc:93:db:19:b8:e0:40:ad:4a:c8:ab:b7:
                    b4:1c:79:86:ee:9d:69:0b:8d:88:4d:18:17:0b:27:
                    aa:7b:ff:38:a2:b3:50:74:9d:f0:09:fa:ce:de:3e:
                    42:3c:f6:88:7c:27:73:f0:fa:2d:15:5d:80:35:3c:
                    64:b7:43:fd:93:61:37:70:55:57:09:a2:42:be:7a:
                    7e:ce:d3:9c:e1:93:2e:de:88:38:ac:4b:15:1c:96:
                    2f:b3:c2:9a:86:f8:69:c1:b3:cc:1a:10:ad:77:21:
                    d1:ee:1a:ff:71:21:d0:d6:30:fb:28:e3:da:88:0c:
                    b2:13:b2:7b:4d:4d:51:fe:2b:8e:38:00:84:5a:d8:
                    51:bc:df:a3:b4:ac:1c:b2:f5:4f:e5:77:b9:60:a5:
                    fe:60:e7:41:f6:02:41:14:b0:c7:0c:53:f6:33:bb:
                    7e:04:46:68:4f:65:69:6a:b0:f0:16:7b:fa:20:26:
                    9a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:8A:62:D0:67:7B:F3:D2:CD:75:37:64:EF:03:A0:CD:8A:B2:01:44
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/912b3b6b-8910-4c5d-8586-e094eb327dd7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:0b:33:81:1f:dd:f9:a3:4d:61:70:25:40:a8:60:88:d4:cd:
         25:4a:d5:81:10:ba:5f:da:7d:fa:5d:02:15:60:5f:f3:77:df:
         0b:4f:09:ef:e0:1c:b6:b9:3a:c0:01:ee:bd:a2:60:5c:fe:5e:
         98:f1:1d:a6:e4:42:9c:1e:6b:6c:7a:73:10:a1:95:18:04:99:
         45:8d:0d:b0:8d:78:fd:5a:78:1b:ef:42:41:8d:84:fa:32:93:
         07:e0:89:58:14:c3:0d:81:19:6c:88:5f:fb:1f:3b:b8:6a:07:
         42:af:df:1c:58:f8:77:d6:a3:d2:8f:93:0e:96:a8:97:1c:cf:
         ab:02:69:c0:c7:c3:f6:16:1a:03:60:bb:5d:5e:bb:c8:3a:89:
         fe:dd:36:52:2c:aa:38:4e:1c:77:0f:d7:66:a1:4b:33:4a:cd:
         2f:9e:69:90:f5:38:28:07:52:e7:42:1f:09:09:1b:2b:54:78:
         ff:ab:8f:36:e7:ba:d3:ac:d4:32:ff:86:99:b5:3c:87:b9:e9:
         0d:7a:38:d8:6b:42:70:ab:c1:6c:e6:53:97:37:73:56:de:68:
         4c:6b:15:7b:c9:ad:d0:a1:5d:bb:c9:7a:00:b6:02:9e:54:b5:
         fa:55:0b:88:5b:a1:10:3f:21:4c:39:62:ef:2e:29:00:4c:bf:
         d6:2b:c9:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKw6G25dlkIwGVhuxV7r7WFC9Ru4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTI1MDAwMDAwWhcNMjMxMjMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTFkOGVjZWI3OWVkZTM0MzQ4YjI4YmE0ZjJlNDc0MjJm
OTA5ODYzOGIxM2NkNzVkMWE5YzgyOTg4NThhZmJlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeuzivB6PtZ2r1WXLN6sVs23DPIY9WgwsvZN7m3Flg1P1x
yVpBCrReWYKxc/pxgY/I+FvYewTP/dppHxv/GmNt0PONN944xHLb212EztyT2xm4
4ECtSsirt7QceYbunWkLjYhNGBcLJ6p7/ziis1B0nfAJ+s7ePkI89oh8J3Pw+i0V
XYA1PGS3Q/2TYTdwVVcJokK+en7O05zhky7eiDisSxUcli+zwpqG+GnBs8waEK13
IdHuGv9xIdDWMPso49qIDLITsntNTVH+K444AIRa2FG836O0rByy9U/ld7lgpf5g
50H2AkEUsMcMU/Yzu34ERmhPZWlqsPAWe/ogJppRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNIpi0Gd789LNdTdk7wOgzYqyAUQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzkxMmIzYjZiLTg5MTAtNGM1ZC04NTg2LWUwOTRlYjMyN2RkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKILM4Ef3fmjTWFwJUCoYIjUzSVK
1YEQul/affpdAhVgX/N33wtPCe/gHLa5OsAB7r2iYFz+XpjxHabkQpwea2x6cxCh
lRgEmUWNDbCNeP1aeBvvQkGNhPoykwfgiVgUww2BGWyIX/sfO7hqB0Kv3xxY+HfW
o9KPkw6WqJccz6sCacDHw/YWGgNgu11eu8g6if7dNlIsqjhOHHcP12ahSzNKzS+e
aZD1OCgHUudCHwkJGytUeP+rjzbnutOs1DL/hpm1PIe56Q16ONhrQnCrwWzmU5c3
c1beaExrFXvJrdChXbvJegC2Ap5UtfpVC4hboRA/IUw5Yu8uKQBMv9YryeA=
-----END CERTIFICATE-----