Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a8f5776c-c794-455c-8e81-b76a632f3f64.roa
File:                     a8f5776c-c794-455c-8e81-b76a632f3f64.roa (raw, json)
Hash identifier:          DWvD3v+fT26CBD88UMdL4iYuSLQjZTvVuxjp+PazpJQ=
Subject key identifier:   B9:4B:44:BB:58:D4:B7:98:4B:8D:5D:39:AD:AB:80:F0:AC:07:62:22
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4B41FF78D8FF4840E46C34E128B350D56851E8B1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a8f5776c-c794-455c-8e81-b76a632f3f64.roa
Signing time:             Thu 23 Nov 2023 00:00:00 +0000
ROA not before:           Thu 23 Nov 2023 00:00:00 +0000
ROA not after:            Thu 28 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:41:ff:78:d8:ff:48:40:e4:6c:34:e1:28:b3:50:d5:68:51:e8:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 23 00:00:00 2023 GMT
            Not After : Dec 28 23:59:59 2023 GMT
        Subject: serialNumber=379a8213a47a35e60c7a786a69792c4a6f33d9f6297e157bca379b706a448e48, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fe:31:a3:96:9e:53:c5:aa:c2:8c:2a:57:88:
                    66:78:56:8f:5b:68:1e:41:80:17:b5:53:f8:08:2f:
                    c8:74:f9:32:36:ac:ff:6a:a3:62:46:61:4e:83:9b:
                    99:0f:10:d9:35:18:63:dd:af:8a:fa:ec:ed:b7:a9:
                    f1:4e:1d:6c:6a:99:0e:5e:5a:52:48:cb:f6:86:10:
                    5d:85:9b:ba:ff:f3:d2:ce:b9:33:5e:a2:df:69:9a:
                    42:80:11:58:a1:1a:72:3f:88:15:ca:bf:b6:3f:6b:
                    b3:9c:a2:2b:df:aa:9a:a9:b0:4a:58:d3:fb:53:18:
                    47:75:52:c3:4e:73:3a:61:aa:c7:75:4b:cc:5f:d6:
                    59:8d:e5:4c:94:84:92:01:bb:fa:e3:2c:5a:d5:bd:
                    eb:8d:ba:50:08:ef:79:17:57:9a:56:00:1b:b4:05:
                    78:c5:eb:cd:31:1d:61:38:ed:50:1a:5e:ad:6c:fd:
                    2a:0e:1f:96:49:d9:73:9c:5d:03:0b:a5:53:b0:ab:
                    52:98:34:0b:de:55:71:94:c2:70:51:84:a4:b3:ec:
                    4b:a9:a8:2a:60:7d:0b:d3:d5:9e:b6:2a:5c:e4:23:
                    7a:fe:a6:b3:91:64:84:b2:4d:11:ee:4f:16:89:94:
                    f4:a9:e7:26:79:15:8d:55:b5:12:ce:cf:59:10:05:
                    ec:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:4B:44:BB:58:D4:B7:98:4B:8D:5D:39:AD:AB:80:F0:AC:07:62:22
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a8f5776c-c794-455c-8e81-b76a632f3f64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:8f:69:89:ba:78:64:cd:63:94:77:5f:41:ca:b5:df:bd:6c:
         e5:84:c9:66:f8:7d:d4:3e:4d:73:74:c6:43:8b:cf:fd:4b:c0:
         44:d2:97:3b:0e:13:3b:20:9e:7c:cf:3d:5a:ee:4f:0c:5b:02:
         c5:e2:26:5c:9a:70:7b:55:85:5c:11:4d:f4:3e:17:3a:0f:7b:
         cc:9a:c7:88:15:6b:86:05:4d:0f:57:cb:46:86:7c:c4:5f:f4:
         44:f0:23:3b:cc:e1:0d:ec:b5:4b:90:ec:11:33:38:46:96:3b:
         ab:21:85:ee:13:dd:e1:eb:98:35:35:02:4c:a7:44:cf:41:98:
         ba:6e:1b:1e:0b:ea:ac:53:0b:1d:15:ca:3c:44:95:5b:8c:a0:
         c6:96:5a:22:9b:d2:f2:7f:12:d7:30:5a:e1:65:fb:47:e7:ed:
         5e:a4:98:24:d1:fe:63:e9:ca:46:c4:94:40:de:ed:bf:66:a0:
         bc:56:59:ec:b9:f6:ce:96:8d:9f:37:c8:54:76:53:61:5c:a6:
         c4:09:d8:97:9c:e6:cd:77:cd:75:98:b0:d0:85:80:dd:58:71:
         ce:a1:61:43:e0:05:78:dc:7e:41:2f:69:33:ae:92:87:9b:fe:
         6f:33:3e:3f:83:23:b8:03:5f:59:93:36:a3:24:bd:9a:16:fb:
         5b:da:61:d7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUS0H/eNj/SEDkbDThKLNQ1WhR6LEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTIzMDAwMDAwWhcNMjMxMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNzlhODIxM2E0N2EzNWU2MGM3YTc4NmE2OTc5MmM0YTZm
MzNkOWY2Mjk3ZTE1N2JjYTM3OWI3MDZhNDQ4ZTQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCx/jGjlp5TxarCjCpXiGZ4Vo9baB5BgBe1U/gIL8h0+TI2
rP9qo2JGYU6Dm5kPENk1GGPdr4r67O23qfFOHWxqmQ5eWlJIy/aGEF2Fm7r/89LO
uTNeot9pmkKAEVihGnI/iBXKv7Y/a7OcoivfqpqpsEpY0/tTGEd1UsNOczphqsd1
S8xf1lmN5UyUhJIBu/rjLFrVveuNulAI73kXV5pWABu0BXjF680xHWE47VAaXq1s
/SoOH5ZJ2XOcXQMLpVOwq1KYNAveVXGUwnBRhKSz7EupqCpgfQvT1Z62KlzkI3r+
prORZISyTRHuTxaJlPSp5yZ5FY1VtRLOz1kQBex1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuUtEu1jUt5hLjV05rauA8KwHYiIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E4ZjU3NzZjLWM3OTQtNDU1Yy04ZTgxLWI3NmE2MzJmM2Y2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGWPaYm6eGTNY5R3X0HKtd+9bOWE
yWb4fdQ+TXN0xkOLz/1LwETSlzsOEzsgnnzPPVruTwxbAsXiJlyacHtVhVwRTfQ+
FzoPe8yax4gVa4YFTQ9Xy0aGfMRf9ETwIzvM4Q3stUuQ7BEzOEaWO6shhe4T3eHr
mDU1AkynRM9BmLpuGx4L6qxTCx0VyjxElVuMoMaWWiKb0vJ/EtcwWuFl+0fn7V6k
mCTR/mPpykbElEDe7b9moLxWWey59s6WjZ83yFR2U2FcpsQJ2Jec5s13zXWYsNCF
gN1Ycc6hYUPgBXjcfkEvaTOukoeb/m8zPj+DI7gDX1mTNqMkvZoW+1vaYdc=
-----END CERTIFICATE-----