Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a943797a-9831-4762-b193-797a052254b7.roa
File:                     a943797a-9831-4762-b193-797a052254b7.roa (raw, json)
Hash identifier:          copbmC6qIb1cu/v3/pSYz0Le4b2VeIqCSTYPYBulqfA=
Subject key identifier:   6D:94:10:93:0E:3E:15:C0:DD:FD:2E:18:A3:74:AF:62:25:AD:D1:5D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       46F202780BF7507A13DEA95DE5AE887CF7726213
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a943797a-9831-4762-b193-797a052254b7.roa
Signing time:             Tue 12 Dec 2023 00:00:00 +0000
ROA not before:           Tue 12 Dec 2023 00:00:00 +0000
ROA not after:            Tue 16 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:f2:02:78:0b:f7:50:7a:13:de:a9:5d:e5:ae:88:7c:f7:72:62:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 12 00:00:00 2023 GMT
            Not After : Jan 16 23:59:59 2024 GMT
        Subject: serialNumber=876ce9da506b0702cfb64a3232c59ab62f84d139f056307ddd291b0a2f535e29, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8d:f1:6a:49:d6:1f:e0:a1:12:3b:68:a1:bf:
                    5a:eb:1d:65:fd:c2:68:29:c4:e6:0b:e5:40:27:9a:
                    84:2a:77:75:36:6a:eb:97:ce:f7:bb:4a:7d:a9:86:
                    fd:50:d6:78:be:bf:30:39:6c:8d:0e:47:ed:6b:ab:
                    0f:ae:89:2b:d9:ee:e4:3b:59:b0:15:fb:03:55:5c:
                    a8:b3:d1:84:5d:ed:4e:f0:45:40:f2:ba:a7:36:23:
                    93:76:1c:8d:1c:e6:26:78:74:21:88:34:fe:a3:87:
                    df:b2:74:53:47:68:45:45:67:57:70:a2:2d:79:84:
                    47:9e:a8:08:e8:31:df:0e:2e:2f:b5:22:1a:1d:6e:
                    98:16:df:bc:72:f5:07:b2:41:4b:98:4b:c2:34:84:
                    95:0e:b4:8e:e2:13:2c:ef:bc:76:93:e1:cc:48:a7:
                    2c:47:89:ed:a3:77:d5:7f:3a:05:d1:3a:94:9d:60:
                    53:10:1c:2c:6a:2e:92:2f:da:3b:df:04:86:4a:25:
                    d6:0b:dd:c4:9c:2f:f5:32:95:3f:14:29:cc:80:c1:
                    37:37:2f:fe:dc:88:8d:a0:92:95:6d:a8:f1:5d:d4:
                    82:f1:64:09:84:dc:c2:a8:42:f4:91:24:81:7c:0a:
                    e8:47:61:13:81:1b:ed:59:39:2e:0a:1a:cc:99:99:
                    ff:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:94:10:93:0E:3E:15:C0:DD:FD:2E:18:A3:74:AF:62:25:AD:D1:5D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a943797a-9831-4762-b193-797a052254b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:96:47:f6:2d:02:c3:9f:99:ba:da:53:1a:9f:7d:9b:4e:90:
         e8:70:a4:3d:dc:e6:a4:43:b8:5f:31:8c:09:96:8e:e9:53:c7:
         86:c1:c0:62:a3:d1:89:6d:97:6d:59:0d:c5:87:3f:92:25:be:
         72:dd:dc:68:25:3d:c5:d9:86:75:2e:f3:38:44:76:fa:86:f0:
         d2:ee:98:1c:4b:d7:d8:55:cd:05:5e:bc:88:37:a8:ba:d3:d5:
         65:c8:4f:d8:e9:fb:da:22:ab:f1:94:98:05:b1:68:b3:e3:ea:
         31:74:ed:8e:44:61:a6:6c:8f:68:fb:c0:b0:91:d3:a8:bf:0c:
         36:05:32:5c:01:e9:62:77:2f:43:ce:d0:94:ff:90:ae:f5:2a:
         2b:24:49:a6:0f:25:81:c2:9b:80:27:b3:01:1c:12:08:09:ad:
         9c:1c:54:e5:cc:18:cf:db:fa:7c:fc:77:58:7d:8e:e4:db:fe:
         58:54:03:1d:13:5c:ef:13:85:3c:c0:d9:5b:08:f4:90:10:65:
         c9:f4:b3:c7:2e:b8:d1:9a:6d:57:55:39:d1:5f:7e:56:a4:ce:
         36:f4:48:6a:e4:88:66:ba:09:5c:ab:72:20:bd:43:bc:ca:ab:
         db:1a:af:17:ca:51:51:14:63:13:e0:eb:7f:45:35:1b:39:58:
         48:0a:b7:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURvICeAv3UHoT3qld5a6IfPdyYhMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjEyMDAwMDAwWhcNMjQwMTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NzZjZTlkYTUwNmIwNzAyY2ZiNjRhMzIzMmM1OWFiNjJm
ODRkMTM5ZjA1NjMwN2RkZDI5MWIwYTJmNTM1ZTI5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFjfFqSdYf4KESO2ihv1rrHWX9wmgpxOYL5UAnmoQqd3U2
auuXzve7Sn2phv1Q1ni+vzA5bI0OR+1rqw+uiSvZ7uQ7WbAV+wNVXKiz0YRd7U7w
RUDyuqc2I5N2HI0c5iZ4dCGINP6jh9+ydFNHaEVFZ1dwoi15hEeeqAjoMd8OLi+1
IhodbpgW37xy9QeyQUuYS8I0hJUOtI7iEyzvvHaT4cxIpyxHie2jd9V/OgXROpSd
YFMQHCxqLpIv2jvfBIZKJdYL3cScL/UylT8UKcyAwTc3L/7ciI2gkpVtqPFd1ILx
ZAmE3MKoQvSRJIF8CuhHYROBG+1ZOS4KGsyZmf+lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbZQQkw4+FcDd/S4Yo3SvYiWt0V0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E5NDM3OTdhLTk4MzEtNDc2Mi1iMTkzLTc5N2EwNTIyNTRiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFiWR/YtAsOfmbraUxqffZtOkOhw
pD3c5qRDuF8xjAmWjulTx4bBwGKj0Yltl21ZDcWHP5IlvnLd3GglPcXZhnUu8zhE
dvqG8NLumBxL19hVzQVevIg3qLrT1WXIT9jp+9oiq/GUmAWxaLPj6jF07Y5EYaZs
j2j7wLCR06i/DDYFMlwB6WJ3L0PO0JT/kK71KiskSaYPJYHCm4AnswEcEggJrZwc
VOXMGM/b+nz8d1h9juTb/lhUAx0TXO8ThTzA2VsI9JAQZcn0s8cuuNGabVdVOdFf
flakzjb0SGrkiGa6CVyrciC9Q7zKq9sarxfKUVEUYxPg639FNRs5WEgKtzc=
-----END CERTIFICATE-----