Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a4435cce-ee5c-4be7-bd96-8d2f2e6c04dc.roa
File:                     a4435cce-ee5c-4be7-bd96-8d2f2e6c04dc.roa (raw, json)
Hash identifier:          JNNepM/vf4KNqLGBDJFUf+ThfRcKuQIicDJlnxO40pM=
Subject key identifier:   0B:B1:7F:86:55:0C:65:3F:05:95:E2:EF:6E:38:8C:A1:C1:BD:99:E6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       696B86EC4E2FB6ADB1A63541A7434A13E0975260
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a4435cce-ee5c-4be7-bd96-8d2f2e6c04dc.roa
Signing time:             Sun 05 Nov 2023 00:00:00 +0000
ROA not before:           Sun 05 Nov 2023 00:00:00 +0000
ROA not after:            Sun 10 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:6b:86:ec:4e:2f:b6:ad:b1:a6:35:41:a7:43:4a:13:e0:97:52:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  5 00:00:00 2023 GMT
            Not After : Dec 10 23:59:59 2023 GMT
        Subject: serialNumber=0b37d3bb155111bc3bec1c0f4c1f107efcce0bc8ebfaecfcd6ed0a08d31211dc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:01:42:be:4b:0d:0e:a3:d7:f8:d5:8d:f7:0d:
                    3b:47:3b:18:94:82:b6:29:ae:0b:de:ce:37:aa:d2:
                    11:55:66:37:96:e8:0b:43:a1:a2:99:ef:16:58:55:
                    75:c6:4d:2e:f9:36:96:2b:30:9c:2d:e1:d3:2e:61:
                    29:f4:91:4a:9c:b3:fa:73:8b:92:36:da:a1:86:c1:
                    66:6f:77:06:ba:42:7e:70:54:8d:b7:ef:72:28:f6:
                    84:6e:61:4b:5b:fb:15:ef:c5:44:a5:ea:3c:3e:45:
                    89:3c:57:f8:d0:8d:f4:e1:9c:ff:46:17:2b:00:b8:
                    be:fa:2c:c8:c6:17:73:af:e4:02:a2:04:f2:00:93:
                    25:74:f7:9e:f0:9d:12:ce:d0:d4:85:c9:93:5b:b5:
                    87:20:8b:74:f1:06:93:0a:09:b2:b2:32:2f:39:5e:
                    17:36:db:c7:b8:e5:a2:dd:b3:b8:8e:85:b3:c2:91:
                    09:af:0a:ed:5a:f7:ee:e3:0f:fa:1e:32:47:51:76:
                    d2:29:46:03:9d:2d:f4:97:da:7f:06:5a:a3:51:31:
                    df:d2:d6:15:67:13:f0:ce:1b:da:e0:58:96:f3:e0:
                    91:6a:49:fc:d1:bb:65:6a:a1:e7:84:60:32:89:60:
                    78:b0:46:b0:b7:87:42:5c:ea:2b:66:a5:35:41:69:
                    97:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:B1:7F:86:55:0C:65:3F:05:95:E2:EF:6E:38:8C:A1:C1:BD:99:E6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a4435cce-ee5c-4be7-bd96-8d2f2e6c04dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:85:87:55:86:e0:8a:72:e0:6a:69:94:1d:d9:e8:fd:cf:99:
         54:f3:2c:3c:9d:7d:22:11:b5:a7:ca:6c:59:21:62:2d:2c:ac:
         b5:b3:e9:38:28:40:9f:08:eb:c0:67:e0:62:16:0b:ea:39:c7:
         6d:ed:9e:4f:6b:f5:30:99:0f:d0:20:e8:b1:ae:6b:59:24:13:
         5d:e6:f0:02:a5:b9:2f:b7:4e:8d:5f:e9:b3:79:35:05:e5:9a:
         d8:31:83:fa:c3:6e:18:59:0b:ef:d6:ca:f9:72:8e:c8:ac:30:
         f2:68:28:41:b9:70:e6:b3:0b:9f:c7:22:60:ba:5b:40:fb:ab:
         dc:45:d9:1f:aa:55:eb:52:c1:c5:be:6f:67:a5:29:5b:03:f5:
         df:5d:9d:2f:2a:11:3d:5f:8f:cd:a2:5d:e6:a4:d4:b2:72:37:
         d1:25:2e:a6:9e:d7:47:88:7e:96:d7:f3:49:b5:f4:9d:b4:52:
         ca:92:68:b2:88:59:b8:be:b3:dc:5d:b9:48:e4:19:e5:dd:91:
         7d:14:9f:90:42:e6:b6:72:3e:62:76:06:1f:ad:ac:73:50:3a:
         2d:c9:34:4e:2c:92:71:16:7e:ca:3b:02:4f:ef:ab:ff:16:9f:
         0c:32:cc:3a:0a:f5:f3:71:81:2c:ec:f3:ae:d4:33:fa:c8:a0:
         70:91:b2:00
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaWuG7E4vtq2xpjVBp0NKE+CXUmAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA1MDAwMDAwWhcNMjMxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjM3ZDNiYjE1NTExMWJjM2JlYzFjMGY0YzFmMTA3ZWZj
Y2UwYmM4ZWJmYWVjZmNkNmVkMGEwOGQzMTIxMWRjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHAUK+Sw0Oo9f41Y33DTtHOxiUgrYprgvezjeq0hFVZjeW
6AtDoaKZ7xZYVXXGTS75NpYrMJwt4dMuYSn0kUqcs/pzi5I22qGGwWZvdwa6Qn5w
VI2373Io9oRuYUtb+xXvxUSl6jw+RYk8V/jQjfThnP9GFysAuL76LMjGF3Ov5AKi
BPIAkyV0957wnRLO0NSFyZNbtYcgi3TxBpMKCbKyMi85Xhc228e45aLds7iOhbPC
kQmvCu1a9+7jD/oeMkdRdtIpRgOdLfSX2n8GWqNRMd/S1hVnE/DOG9rgWJbz4JFq
SfzRu2VqoeeEYDKJYHiwRrC3h0Jc6itmpTVBaZeNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUC7F/hlUMZT8FleLvbjiMocG9meYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E0NDM1Y2NlLWVlNWMtNGJlNy1iZDk2LThkMmYyZTZjMDRkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFWFh1WG4Ipy4GpplB3Z6P3PmVTz
LDydfSIRtafKbFkhYi0srLWz6TgoQJ8I68Bn4GIWC+o5x23tnk9r9TCZD9Ag6LGu
a1kkE13m8AKluS+3To1f6bN5NQXlmtgxg/rDbhhZC+/WyvlyjsisMPJoKEG5cOaz
C5/HImC6W0D7q9xF2R+qVetSwcW+b2elKVsD9d9dnS8qET1fj82iXeak1LJyN9El
Lqae10eIfpbX80m19J20UsqSaLKIWbi+s9xduUjkGeXdkX0Un5BC5rZyPmJ2Bh+t
rHNQOi3JNE4sknEWfso7Ak/vq/8WnwwyzDoK9fNxgSzs867UM/rIoHCRsgA=
-----END CERTIFICATE-----