Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a86f30ad-b81f-470d-b651-1b4ec7305147.roa
File:                     a86f30ad-b81f-470d-b651-1b4ec7305147.roa (raw, json)
Hash identifier:          PW0ktfAefflj/hi22jSsYllys9DuxGQfI8rUFsZ5f3A=
Subject key identifier:   FB:0B:64:EE:24:70:06:5F:51:BB:87:ED:D5:F9:92:E6:88:8A:06:F8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       16780F46EA5F574F98069821799133D168D6AADF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a86f30ad-b81f-470d-b651-1b4ec7305147.roa
Signing time:             Tue 12 Dec 2023 00:00:00 +0000
ROA not before:           Tue 12 Dec 2023 00:00:00 +0000
ROA not after:            Tue 16 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:78:0f:46:ea:5f:57:4f:98:06:98:21:79:91:33:d1:68:d6:aa:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 12 00:00:00 2023 GMT
            Not After : Jan 16 23:59:59 2024 GMT
        Subject: serialNumber=94c344b9774bbba87ef8cd88be4dffd927a04222ea0370f1a20d3131296ed06b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:46:02:d0:c5:8e:e5:7c:bc:49:24:81:75:5b:
                    65:d5:cd:ca:dd:07:6f:b2:0c:0e:76:26:25:ad:80:
                    16:7a:64:49:16:08:a1:4c:24:be:17:ad:5c:3c:0b:
                    ea:6a:53:25:98:5e:0b:38:5a:3b:58:d8:44:20:d2:
                    b6:c3:74:f0:39:07:ec:ae:d7:16:b1:5d:4e:a9:02:
                    d9:25:68:20:eb:0a:c8:0a:46:6f:cc:b0:13:d7:b6:
                    ed:bf:28:f1:ca:f6:46:5d:09:db:60:fb:2e:98:33:
                    73:64:c0:18:58:1e:03:7b:5a:cb:29:ab:64:a9:c7:
                    6d:fa:96:4d:3a:85:7a:4f:4d:ce:ca:85:1a:ae:ec:
                    87:4a:fa:58:8f:40:cd:1d:71:0b:84:b6:4c:eb:06:
                    71:43:40:a8:b9:0d:93:7c:6c:1b:10:11:21:5c:32:
                    26:09:6c:c5:6f:ee:28:6d:71:be:cd:6f:00:34:85:
                    ca:ed:c9:bc:45:cd:8e:a9:24:ee:03:30:9f:11:df:
                    bb:75:ee:b7:0f:97:8d:f5:72:76:8f:54:af:ff:da:
                    ae:99:77:cb:cb:4c:60:87:c2:fa:b3:86:2c:0f:ad:
                    16:02:e4:41:90:a1:8b:2e:9b:40:3f:3b:09:c6:6a:
                    76:ba:37:f5:d1:39:e7:c7:12:75:d7:85:12:2e:b1:
                    18:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:0B:64:EE:24:70:06:5F:51:BB:87:ED:D5:F9:92:E6:88:8A:06:F8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a86f30ad-b81f-470d-b651-1b4ec7305147.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:68:42:28:e2:03:1d:80:b1:b0:81:0b:e4:c8:cd:66:6c:8e:
         20:9e:f8:d7:a0:07:60:fb:9e:71:6a:f0:7c:cd:29:11:01:2a:
         a4:aa:dd:52:8d:46:19:b8:6a:2d:ba:6f:15:7f:68:45:27:46:
         8f:83:a3:68:cf:94:57:23:84:31:a1:af:4e:83:d1:b6:2c:60:
         2c:b4:66:7c:39:61:84:d4:41:6d:ef:35:05:56:04:e0:a3:d6:
         0a:6e:39:25:03:f8:1b:ea:07:b6:4c:04:34:3f:2f:11:2f:14:
         4a:23:8b:0b:66:4b:a7:c0:56:b1:6e:a9:5e:e8:90:c3:a3:ae:
         8d:40:b6:99:67:3c:3d:e3:a0:e4:d5:bf:19:43:0f:73:9e:37:
         f8:05:ef:32:24:0c:af:15:e4:a3:d2:16:ce:5b:b0:96:bc:01:
         e6:5a:78:df:0e:ef:cb:c7:2f:3e:23:44:d6:66:c9:f6:b2:8b:
         3c:8d:73:71:be:9f:d9:4d:9c:5c:c0:53:ef:d8:a9:62:0c:88:
         e1:82:09:1a:74:f9:00:ae:bb:ec:a6:fa:cd:a0:3c:34:76:d5:
         4a:18:13:95:99:d7:87:6d:a7:3a:fb:c7:8a:09:da:98:82:55:
         e6:9a:52:fb:1c:3a:f4:d6:98:08:83:29:30:ec:6f:c6:25:f1:
         9f:7d:ea:73
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFngPRupfV0+YBpgheZEz0WjWqt8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjEyMDAwMDAwWhcNMjQwMTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NGMzNDRiOTc3NGJiYmE4N2VmOGNkODhiZTRkZmZkOTI3
YTA0MjIyZWEwMzcwZjFhMjBkMzEzMTI5NmVkMDZiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbRgLQxY7lfLxJJIF1W2XVzcrdB2+yDA52JiWtgBZ6ZEkW
CKFMJL4XrVw8C+pqUyWYXgs4WjtY2EQg0rbDdPA5B+yu1xaxXU6pAtklaCDrCsgK
Rm/MsBPXtu2/KPHK9kZdCdtg+y6YM3NkwBhYHgN7Wsspq2Spx236lk06hXpPTc7K
hRqu7IdK+liPQM0dcQuEtkzrBnFDQKi5DZN8bBsQESFcMiYJbMVv7ihtcb7NbwA0
hcrtybxFzY6pJO4DMJ8R37t17rcPl431cnaPVK//2q6Zd8vLTGCHwvqzhiwPrRYC
5EGQoYsum0A/OwnGana6N/XROefHEnXXhRIusRgLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+wtk7iRwBl9Ru4ft1fmS5oiKBvgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E4NmYzMGFkLWI4MWYtNDcwZC1iNjUxLTFiNGVjNzMwNTE0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAARoQijiAx2AsbCBC+TIzWZsjiCe
+NegB2D7nnFq8HzNKREBKqSq3VKNRhm4ai26bxV/aEUnRo+Do2jPlFcjhDGhr06D
0bYsYCy0Znw5YYTUQW3vNQVWBOCj1gpuOSUD+BvqB7ZMBDQ/LxEvFEojiwtmS6fA
VrFuqV7okMOjro1AtplnPD3joOTVvxlDD3OeN/gF7zIkDK8V5KPSFs5bsJa8AeZa
eN8O78vHLz4jRNZmyfayizyNc3G+n9lNnFzAU+/YqWIMiOGCCRp0+QCuu+ym+s2g
PDR21UoYE5WZ14dtpzr7x4oJ2piCVeaaUvscOvTWmAiDKTDsb8Yl8Z996nM=
-----END CERTIFICATE-----