Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9a3ea548-a281-458e-bc3a-f0bfe1a5458e.roa
File:                     9a3ea548-a281-458e-bc3a-f0bfe1a5458e.roa (raw, json)
Hash identifier:          wdnFtIp65e2orw5CBO/h6HMjNE90s1rMdaxaN+/RK0c=
Subject key identifier:   15:96:99:1A:CD:46:98:78:59:C0:23:B5:CF:64:5D:8E:B4:D8:68:B5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       11437C2E096E4A06BC274BB3612273F6972B994A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9a3ea548-a281-458e-bc3a-f0bfe1a5458e.roa
Signing time:             Mon 25 Dec 2023 00:00:00 +0000
ROA not before:           Mon 25 Dec 2023 00:00:00 +0000
ROA not after:            Mon 29 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:43:7c:2e:09:6e:4a:06:bc:27:4b:b3:61:22:73:f6:97:2b:99:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 25 00:00:00 2023 GMT
            Not After : Jan 29 23:59:59 2024 GMT
        Subject: serialNumber=3bb3f5f487c865274944040e1463fe42b11fa30f7684b80a37f36825796e5d9d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e7:29:92:87:1e:a9:ab:dc:a1:27:1f:44:41:
                    e4:cd:ed:da:bf:62:ce:2b:34:1e:45:cb:1a:c0:b6:
                    e9:47:1f:01:7d:40:b6:d4:4c:95:96:b0:74:54:4f:
                    03:1a:68:ae:aa:ee:59:65:d8:ee:22:5d:18:a4:37:
                    a0:17:d6:25:82:89:4d:1b:21:ef:ae:9d:1c:a3:82:
                    d4:49:75:46:c2:58:e4:fa:66:0e:75:d3:5e:5d:80:
                    d2:a9:d1:fb:58:9c:cc:31:9b:33:b5:b1:24:02:ad:
                    2a:56:00:5c:84:99:af:1e:b3:2c:73:66:5a:59:b6:
                    d8:07:df:30:43:3a:5b:c7:1a:74:e0:aa:f1:87:9a:
                    6c:5e:99:a7:f1:c2:6c:af:82:cd:a3:b3:56:4a:20:
                    a2:e3:c4:9a:98:23:c7:5e:c9:6e:af:35:0b:de:f8:
                    eb:b6:fa:a7:d1:4c:84:72:d3:45:30:f7:5a:4f:c0:
                    f0:34:c0:1d:9f:75:06:80:5c:d8:8b:fe:d4:42:39:
                    9b:72:45:8e:76:86:f7:6f:05:24:8f:94:69:3b:13:
                    1b:97:b1:0c:a7:28:8c:68:c5:0c:68:9f:17:5e:67:
                    a1:8c:67:e6:66:d8:44:41:b9:a9:68:f9:46:2a:7a:
                    ee:f2:3c:4f:3b:05:ad:d8:c0:71:66:d9:a6:7e:1a:
                    28:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:96:99:1A:CD:46:98:78:59:C0:23:B5:CF:64:5D:8E:B4:D8:68:B5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9a3ea548-a281-458e-bc3a-f0bfe1a5458e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:2f:c4:cc:81:03:d1:78:af:1b:10:df:4f:65:f6:f9:40:92:
         c9:07:81:bc:da:bf:ef:c1:14:25:52:29:52:c2:61:39:77:73:
         21:bb:26:40:2c:f1:98:ab:00:6c:22:f7:8f:36:3c:c4:04:91:
         4e:8a:44:0c:9d:b9:82:8e:b6:1a:4e:34:3d:58:c2:0f:74:5f:
         e3:2d:eb:02:97:30:37:e7:3c:11:40:95:69:7c:c8:13:bd:fe:
         d0:e2:24:62:1f:06:70:34:38:10:e3:bd:5e:a0:0e:86:74:c8:
         fb:20:95:ab:42:c0:0f:93:62:df:30:a7:50:dd:78:65:5a:28:
         b2:50:02:f3:f8:c0:a2:3f:fd:14:21:16:15:22:de:2b:99:77:
         cd:f5:98:cd:98:86:81:fe:f1:f4:42:57:14:4c:a5:19:ac:8c:
         f1:9a:bb:55:b5:70:05:ad:7e:75:43:65:cf:f5:82:f3:b3:12:
         47:1c:2f:df:6a:69:20:4e:d0:70:ac:8a:df:fd:bb:2e:99:af:
         d5:c4:b3:3b:1e:25:e4:61:37:83:8d:68:33:63:d3:6a:e7:d7:
         6f:b5:cf:de:71:c7:ed:d5:25:45:e6:e3:19:94:b0:2a:a6:90:
         29:41:10:90:96:38:4d:a0:8b:1b:9d:4f:30:81:91:38:ad:9c:
         c8:54:06:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEUN8LgluSga8J0uzYSJz9pcrmUowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjI1MDAwMDAwWhcNMjQwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmIzZjVmNDg3Yzg2NTI3NDk0NDA0MGUxNDYzZmU0MmIx
MWZhMzBmNzY4NGI4MGEzN2YzNjgyNTc5NmU1ZDlkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCj5ymShx6pq9yhJx9EQeTN7dq/Ys4rNB5FyxrAtulHHwF9
QLbUTJWWsHRUTwMaaK6q7lll2O4iXRikN6AX1iWCiU0bIe+unRyjgtRJdUbCWOT6
Zg51015dgNKp0ftYnMwxmzO1sSQCrSpWAFyEma8esyxzZlpZttgH3zBDOlvHGnTg
qvGHmmxemafxwmyvgs2js1ZKIKLjxJqYI8deyW6vNQve+Ou2+qfRTIRy00Uw91pP
wPA0wB2fdQaAXNiL/tRCOZtyRY52hvdvBSSPlGk7ExuXsQynKIxoxQxonxdeZ6GM
Z+Zm2ERBualo+UYqeu7yPE87Ba3YwHFm2aZ+GiizAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFZaZGs1GmHhZwCO1z2RdjrTYaLUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlhM2VhNTQ4LWEyODEtNDU4ZS1iYzNhLWYwYmZlMWE1NDU4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEQvxMyBA9F4rxsQ309l9vlAkskH
gbzav+/BFCVSKVLCYTl3cyG7JkAs8ZirAGwi9482PMQEkU6KRAyduYKOthpOND1Y
wg90X+Mt6wKXMDfnPBFAlWl8yBO9/tDiJGIfBnA0OBDjvV6gDoZ0yPsglatCwA+T
Yt8wp1DdeGVaKLJQAvP4wKI//RQhFhUi3iuZd831mM2YhoH+8fRCVxRMpRmsjPGa
u1W1cAWtfnVDZc/1gvOzEkccL99qaSBO0HCsit/9uy6Zr9XEszseJeRhN4ONaDNj
02rn12+1z95xx+3VJUXm4xmUsCqmkClBEJCWOE2gixudTzCBkTitnMhUBmY=
-----END CERTIFICATE-----