Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a45b1c20-5e24-446c-a3dc-b22f005461cc.roa
File:                     a45b1c20-5e24-446c-a3dc-b22f005461cc.roa (raw, json)
Hash identifier:          /6NeXOjFP66yuiS2/vhu8ePBCIl/Z7ASCpW8YlBDTVY=
Subject key identifier:   B0:F3:69:00:FB:D8:4E:B8:DF:0B:4C:14:43:67:F5:4C:29:22:37:73
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7061ECE374CDDE9D687FC030335448AC90731C04
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a45b1c20-5e24-446c-a3dc-b22f005461cc.roa
Signing time:             Sun 19 Nov 2023 00:00:00 +0000
ROA not before:           Sun 19 Nov 2023 00:00:00 +0000
ROA not after:            Sun 24 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:61:ec:e3:74:cd:de:9d:68:7f:c0:30:33:54:48:ac:90:73:1c:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 19 00:00:00 2023 GMT
            Not After : Dec 24 23:59:59 2023 GMT
        Subject: serialNumber=1b73828aba9d5d257764951b53e0b6908293132db20eadc3a91b1f03927bbe0a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ca:74:cb:70:a9:49:cb:c6:fb:ca:b9:ef:30:
                    5a:bb:de:78:71:cd:b0:f4:14:3e:c5:97:91:71:5c:
                    fb:c8:f2:cc:ca:49:3b:d9:ef:d2:dc:b5:73:65:eb:
                    87:4c:ae:65:26:21:bc:29:d5:76:97:02:6e:93:d4:
                    9c:15:99:06:14:74:02:6a:d6:4d:55:90:f0:29:86:
                    ad:48:e9:46:40:ea:54:a5:7d:ab:e9:50:48:d2:36:
                    88:88:3e:67:0d:ee:d0:bb:43:3f:42:12:52:90:0e:
                    03:ea:2b:c6:de:2e:c8:7c:4d:27:eb:79:af:f5:20:
                    c6:d5:83:a5:8d:38:af:05:c3:aa:69:18:1d:75:fc:
                    04:2f:44:10:a7:a0:d7:12:36:25:d7:1f:9a:fb:b5:
                    2d:ff:59:52:54:0e:fc:f6:e0:c2:cb:0a:a9:8e:47:
                    2f:99:e0:53:45:a7:52:43:df:f0:ca:88:7d:3e:c9:
                    c5:dc:c9:72:69:a8:ca:b7:e6:cb:15:93:18:9c:35:
                    8c:94:20:79:d5:19:bf:48:e0:00:61:90:a7:18:4d:
                    8d:3b:fa:3d:1e:ff:8d:1b:9f:c3:00:9a:57:5e:9c:
                    69:66:34:99:e9:d2:c9:e2:7a:25:61:19:f7:d7:11:
                    d5:f0:5b:b9:f7:ad:ca:4f:24:ef:14:73:51:44:a4:
                    26:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F3:69:00:FB:D8:4E:B8:DF:0B:4C:14:43:67:F5:4C:29:22:37:73
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a45b1c20-5e24-446c-a3dc-b22f005461cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:7f:05:e1:5f:9e:de:b5:50:00:6a:65:e7:01:ed:52:30:81:
         25:9a:77:c5:c4:f7:c1:45:a7:e9:bf:61:3f:85:12:5c:9f:3e:
         61:3d:ec:97:f0:34:c3:ec:a4:85:39:32:05:18:b1:42:35:17:
         a7:ad:85:84:a0:96:51:8e:da:c2:50:fa:00:d9:36:24:4a:e0:
         22:24:01:d5:42:62:80:65:f8:aa:c7:32:af:32:87:a6:74:06:
         3a:ae:23:21:ab:ca:81:02:f8:50:26:85:30:c6:d8:a5:97:7e:
         82:4b:40:4e:22:de:95:ef:75:59:07:42:65:c1:1e:3c:b2:54:
         40:10:d2:1d:ca:e6:2f:10:e0:69:21:55:73:fb:54:3d:76:8b:
         a0:f3:22:64:bf:c2:69:96:0f:f2:04:35:68:ed:9a:f5:52:53:
         b4:ea:8a:16:ad:6b:d8:e9:0e:f3:9c:99:6f:f7:2a:c3:49:92:
         18:09:89:81:8e:ec:63:bd:f2:cc:6c:9f:86:bc:7e:85:88:ee:
         ca:5a:b1:61:65:c9:6c:48:10:08:b5:62:1e:a0:8b:7c:e7:db:
         5b:08:bb:0a:af:d4:be:66:35:d6:c6:05:d3:20:a9:d7:b6:c8:
         35:21:1c:07:4e:78:7f:e6:02:56:27:e8:08:6e:1a:2d:35:de:
         78:c0:8b:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcGHs43TN3p1of8AwM1RIrJBzHAQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE5MDAwMDAwWhcNMjMxMjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYjczODI4YWJhOWQ1ZDI1Nzc2NDk1MWI1M2UwYjY5MDgy
OTMxMzJkYjIwZWFkYzNhOTFiMWYwMzkyN2JiZTBhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVynTLcKlJy8b7yrnvMFq73nhxzbD0FD7Fl5FxXPvI8szK
STvZ79LctXNl64dMrmUmIbwp1XaXAm6T1JwVmQYUdAJq1k1VkPAphq1I6UZA6lSl
favpUEjSNoiIPmcN7tC7Qz9CElKQDgPqK8beLsh8TSfrea/1IMbVg6WNOK8Fw6pp
GB11/AQvRBCnoNcSNiXXH5r7tS3/WVJUDvz24MLLCqmORy+Z4FNFp1JD3/DKiH0+
ycXcyXJpqMq35ssVkxicNYyUIHnVGb9I4ABhkKcYTY07+j0e/40bn8MAmldenGlm
NJnp0snieiVhGffXEdXwW7n3rcpPJO8Uc1FEpCZrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsPNpAPvYTrjfC0wUQ2f1TCkiN3MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E0NWIxYzIwLTVlMjQtNDQ2Yy1hM2RjLWIyMmYwMDU0NjFjYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJh/BeFfnt61UABqZecB7VIwgSWa
d8XE98FFp+m/YT+FElyfPmE97JfwNMPspIU5MgUYsUI1F6ethYSgllGO2sJQ+gDZ
NiRK4CIkAdVCYoBl+KrHMq8yh6Z0BjquIyGryoEC+FAmhTDG2KWXfoJLQE4i3pXv
dVkHQmXBHjyyVEAQ0h3K5i8Q4GkhVXP7VD12i6DzImS/wmmWD/IENWjtmvVSU7Tq
ihata9jpDvOcmW/3KsNJkhgJiYGO7GO98sxsn4a8foWI7spasWFlyWxIEAi1Yh6g
i3zn21sIuwqv1L5mNdbGBdMgqde2yDUhHAdOeH/mAlYn6AhuGi013njAiwg=
-----END CERTIFICATE-----