Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aac92646-914a-43d0-9716-0355cc5efd97.roa
File:                     aac92646-914a-43d0-9716-0355cc5efd97.roa (raw, json)
Hash identifier:          j2dyc3DxjRV6i+LzWf03qhGb90xmxNzIxZtLSnpD0JI=
Subject key identifier:   97:F4:CF:2C:FE:8A:6B:BD:00:12:AD:25:E6:F0:D8:9C:D8:57:3A:DB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       18A96922C12339AD6FDDBC4083525DB2CEACC0D5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aac92646-914a-43d0-9716-0355cc5efd97.roa
Signing time:             Wed 29 Nov 2023 00:00:00 +0000
ROA not before:           Wed 29 Nov 2023 00:00:00 +0000
ROA not after:            Wed 03 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:a9:69:22:c1:23:39:ad:6f:dd:bc:40:83:52:5d:b2:ce:ac:c0:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 29 00:00:00 2023 GMT
            Not After : Jan  3 23:59:59 2024 GMT
        Subject: serialNumber=8ba5e83f978000b2e63a89ebc6389300b14bf95d6ccbb531d6d96b97d59d48a4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d7:f1:c0:cb:53:33:7c:79:aa:48:34:b2:e7:
                    6f:60:40:5a:53:a5:92:c6:2c:cc:65:30:90:9a:8d:
                    8b:e4:fa:a0:7a:1f:a6:7d:ff:60:b0:62:af:88:2f:
                    d4:b3:34:bd:e4:96:06:51:ad:6d:92:d7:a0:0d:1d:
                    ed:6e:5a:3e:d1:0b:71:bc:a6:ce:f2:8a:f2:c1:8b:
                    71:ea:b2:b4:26:cb:ec:3b:a4:dd:a5:d9:f7:62:1f:
                    a2:5e:03:6c:57:f0:81:1e:d2:92:62:c9:37:16:c6:
                    4c:44:2b:e1:69:80:6e:c1:48:ee:ad:7d:96:05:27:
                    27:47:5a:30:f3:6e:12:27:d3:2d:0d:73:a4:f6:bb:
                    92:2d:24:41:ed:7b:a6:52:7c:84:5d:40:cb:b6:85:
                    47:37:62:6a:01:4f:14:18:84:22:86:72:cb:16:74:
                    7b:05:ee:4b:4c:51:b3:d0:0f:0c:af:a1:34:a2:8f:
                    d8:20:8c:d8:81:8b:73:e7:b6:60:f2:4d:da:d1:a7:
                    f9:ec:81:55:9d:e1:b0:e9:10:16:d6:bc:7e:4c:04:
                    4f:46:30:0c:f8:c9:da:a8:e0:66:49:58:d6:52:bd:
                    f5:25:b5:54:30:0e:80:6c:4c:f7:f7:a0:6e:b8:a8:
                    44:79:5a:8d:3b:fd:2b:c7:f7:a4:b3:59:10:d3:8b:
                    cf:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:F4:CF:2C:FE:8A:6B:BD:00:12:AD:25:E6:F0:D8:9C:D8:57:3A:DB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aac92646-914a-43d0-9716-0355cc5efd97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:e4:1b:59:c9:ba:d1:94:2b:94:61:62:94:03:73:6f:bd:82:
         5e:61:bd:0c:45:af:8d:07:c5:30:d0:8a:95:bc:5b:16:34:02:
         35:95:60:65:d4:5d:46:ba:3b:66:a6:79:a7:be:96:da:ee:23:
         fa:ce:7e:aa:20:d4:5d:82:d6:11:47:99:5e:fe:fb:44:21:f2:
         3c:3e:55:9b:d9:a2:db:36:f6:a4:a4:ab:8a:61:26:c7:43:c6:
         bf:fd:ef:24:23:10:ef:0a:06:95:15:90:a3:a7:c0:07:23:a2:
         3c:90:da:09:44:a5:3c:c8:89:6b:bd:66:b4:44:a2:a6:4a:ee:
         c4:e2:09:cc:5b:59:98:a3:78:d7:c5:64:6b:6e:d5:da:c7:47:
         b7:18:75:b9:e7:1e:95:a5:55:bd:96:7d:e4:11:73:9c:d6:de:
         53:57:09:52:df:70:5b:9d:2d:0f:8f:dc:f4:69:68:84:62:af:
         48:ea:4c:17:e4:6e:5c:8d:25:49:33:2b:40:0d:78:10:f7:0b:
         5b:5a:b1:b1:4e:f2:3a:c6:7a:1e:6b:7d:91:42:3a:11:da:b9:
         67:d5:bd:3d:f6:ca:2f:ca:ed:12:7c:36:a0:17:20:04:25:49:
         2e:00:d8:b1:2e:95:ae:5c:e1:25:d4:97:be:c3:73:8a:7f:f1:
         1b:e6:89:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGKlpIsEjOa1v3bxAg1Jdss6swNUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTI5MDAwMDAwWhcNMjQwMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YmE1ZTgzZjk3ODAwMGIyZTYzYTg5ZWJjNjM4OTMwMGIx
NGJmOTVkNmNjYmI1MzFkNmQ5NmI5N2Q1OWQ0OGE0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCy1/HAy1MzfHmqSDSy529gQFpTpZLGLMxlMJCajYvk+qB6
H6Z9/2CwYq+IL9SzNL3klgZRrW2S16ANHe1uWj7RC3G8ps7yivLBi3HqsrQmy+w7
pN2l2fdiH6JeA2xX8IEe0pJiyTcWxkxEK+FpgG7BSO6tfZYFJydHWjDzbhIn0y0N
c6T2u5ItJEHte6ZSfIRdQMu2hUc3YmoBTxQYhCKGcssWdHsF7ktMUbPQDwyvoTSi
j9ggjNiBi3PntmDyTdrRp/nsgVWd4bDpEBbWvH5MBE9GMAz4ydqo4GZJWNZSvfUl
tVQwDoBsTPf3oG64qER5Wo07/SvH96SzWRDTi8+rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUl/TPLP6Ka70AEq0l5vDYnNhXOtswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FhYzkyNjQ2LTkxNGEtNDNkMC05NzE2LTAzNTVjYzVlZmQ5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJnkG1nJutGUK5RhYpQDc2+9gl5h
vQxFr40HxTDQipW8WxY0AjWVYGXUXUa6O2ameae+ltruI/rOfqog1F2C1hFHmV7+
+0Qh8jw+VZvZots29qSkq4phJsdDxr/97yQjEO8KBpUVkKOnwAcjojyQ2glEpTzI
iWu9ZrREoqZK7sTiCcxbWZijeNfFZGtu1drHR7cYdbnnHpWlVb2WfeQRc5zW3lNX
CVLfcFudLQ+P3PRpaIRir0jqTBfkblyNJUkzK0ANeBD3C1tasbFO8jrGeh5rfZFC
OhHauWfVvT32yi/K7RJ8NqAXIAQlSS4A2LEula5c4SXUl77Dc4p/8RvmiVQ=
-----END CERTIFICATE-----