Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a0c920c9-3c33-4e90-8166-a5805ccab902.roa
File:                     a0c920c9-3c33-4e90-8166-a5805ccab902.roa (raw, json)
Hash identifier:          7kCVP8kc7CQfOjgcr5VO2gI/BqssrP7IkOzgQ4LoIK0=
Subject key identifier:   82:D8:03:04:47:AA:3E:36:BA:E0:EB:6C:67:B4:76:60:2E:45:14:21
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       41543663BCB613029C8C260E8E743861BB6979CD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a0c920c9-3c33-4e90-8166-a5805ccab902.roa
Signing time:             Thu 23 Nov 2023 00:00:00 +0000
ROA not before:           Thu 23 Nov 2023 00:00:00 +0000
ROA not after:            Thu 28 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:54:36:63:bc:b6:13:02:9c:8c:26:0e:8e:74:38:61:bb:69:79:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 23 00:00:00 2023 GMT
            Not After : Dec 28 23:59:59 2023 GMT
        Subject: serialNumber=1ceb20577eb0f6fd7133b87a87d75529debbc03e93c339c81438151a119dbfbf, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:b2:cd:c4:bb:94:ed:55:88:37:50:4a:3f:e7:
                    c8:59:e8:97:3e:57:02:bf:b0:7f:e5:fd:2b:19:e5:
                    73:e9:09:5a:eb:a3:10:63:dc:43:e8:dc:39:09:ac:
                    3b:8a:32:d6:5b:fe:89:4c:62:6e:ca:ea:39:38:17:
                    71:6d:ba:0f:17:82:20:a0:ee:91:b1:8d:ce:d0:dc:
                    2f:41:30:31:c4:77:dc:3b:32:5c:8d:b4:a0:60:d5:
                    05:00:55:c2:a4:d3:fa:e6:97:cf:eb:f8:1b:cd:f3:
                    dc:63:72:4e:42:02:dc:c8:77:2a:70:db:f0:f7:df:
                    52:97:42:61:a7:a0:6f:a0:9b:b0:ce:5a:63:cf:ed:
                    ab:b9:8d:71:90:2a:11:81:db:e3:41:4a:e3:11:2a:
                    9c:b5:64:dc:af:c3:b2:b9:ae:24:eb:d2:14:c0:80:
                    51:66:4c:0c:a7:1f:50:e1:49:1c:f4:cc:6b:f0:4c:
                    2e:cd:6e:28:37:5d:a8:d6:ad:ac:51:78:f6:26:a8:
                    7b:87:e7:c1:9a:06:d2:6d:b3:9f:7c:2c:7f:9e:fa:
                    f8:27:45:4b:47:a1:c3:cf:3d:0e:1c:85:78:e5:cc:
                    49:83:41:f6:c1:2f:0f:a8:5e:b7:41:29:3c:63:5d:
                    a8:3a:63:1b:d3:0c:14:0a:16:76:57:72:0f:e2:d9:
                    7e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:D8:03:04:47:AA:3E:36:BA:E0:EB:6C:67:B4:76:60:2E:45:14:21
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a0c920c9-3c33-4e90-8166-a5805ccab902.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:0e:05:55:52:74:29:82:5e:92:6e:fd:3b:30:da:56:87:b1:
         37:58:60:b1:d4:80:02:6c:89:a6:bf:39:7c:3b:92:ac:bd:90:
         17:c7:53:a0:8c:2a:a1:b7:fe:3e:d2:70:8c:b3:ff:26:9d:60:
         eb:ce:64:90:c0:e7:73:cc:43:5e:1e:21:15:f6:0f:8a:89:0c:
         a3:09:70:7a:91:91:41:76:35:af:af:09:2e:12:90:3f:98:16:
         02:4d:f6:e7:8b:cf:2c:78:fe:cc:93:87:a9:21:18:74:3c:3f:
         eb:8e:92:b0:ee:ac:c7:6b:3c:56:bc:54:64:95:b2:0c:b9:2a:
         2e:f4:e7:10:7b:d1:da:6b:cd:63:7b:a4:23:fc:af:83:6c:c9:
         83:5f:95:8f:f5:e6:9f:34:8c:e7:f1:af:20:d5:94:61:03:d9:
         fe:e9:b7:9c:2d:95:18:09:b3:91:e5:12:ac:96:2c:ea:57:8f:
         74:ae:3f:f6:0f:d7:5d:f1:54:81:a8:0a:01:e2:8c:e3:58:10:
         3d:a9:b4:66:8d:f0:8a:7a:f0:90:6f:32:12:c2:f2:2e:38:70:
         a3:84:2f:e4:fd:d4:fd:86:75:73:d4:f2:6c:ab:8d:0b:ba:1d:
         db:f8:7e:6f:dc:b2:d4:40:8d:b9:33:09:bb:30:8a:87:1d:2e:
         a7:2c:0d:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQVQ2Y7y2EwKcjCYOjnQ4Ybtpec0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTIzMDAwMDAwWhcNMjMxMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxY2ViMjA1NzdlYjBmNmZkNzEzM2I4N2E4N2Q3NTUyOWRl
YmJjMDNlOTNjMzM5YzgxNDM4MTUxYTExOWRiZmJmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDsss3Eu5TtVYg3UEo/58hZ6Jc+VwK/sH/l/SsZ5XPpCVrr
oxBj3EPo3DkJrDuKMtZb/olMYm7K6jk4F3Ftug8XgiCg7pGxjc7Q3C9BMDHEd9w7
MlyNtKBg1QUAVcKk0/rml8/r+BvN89xjck5CAtzIdypw2/D331KXQmGnoG+gm7DO
WmPP7au5jXGQKhGB2+NBSuMRKpy1ZNyvw7K5riTr0hTAgFFmTAynH1DhSRz0zGvw
TC7Nbig3XajWraxRePYmqHuH58GaBtJts598LH+e+vgnRUtHocPPPQ4chXjlzEmD
QfbBLw+oXrdBKTxjXag6YxvTDBQKFnZXcg/i2X4pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgtgDBEeqPja64OtsZ7R2YC5FFCEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2EwYzkyMGM5LTNjMzMtNGU5MC04MTY2LWE1ODA1Y2NhYjkwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACMOBVVSdCmCXpJu/Tsw2laHsTdY
YLHUgAJsiaa/OXw7kqy9kBfHU6CMKqG3/j7ScIyz/yadYOvOZJDA53PMQ14eIRX2
D4qJDKMJcHqRkUF2Na+vCS4SkD+YFgJN9ueLzyx4/syTh6khGHQ8P+uOkrDurMdr
PFa8VGSVsgy5Ki705xB70dprzWN7pCP8r4NsyYNflY/15p80jOfxryDVlGED2f7p
t5wtlRgJs5HlEqyWLOpXj3SuP/YP113xVIGoCgHijONYED2ptGaN8Ip68JBvMhLC
8i44cKOEL+T91P2GdXPU8myrjQu6Hdv4fm/cstRAjbkzCbswiocdLqcsDSI=
-----END CERTIFICATE-----