Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ad0f6909-0692-494f-937a-6f5b6908aceb.roa
File:                     ad0f6909-0692-494f-937a-6f5b6908aceb.roa (raw, json)
Hash identifier:          D+YUVQtT+0A60WjCTmKm1m2Dc9hmHjGd7+z4k634Cdg=
Subject key identifier:   28:3B:3B:A2:38:04:93:5C:D2:4E:55:A5:2C:C8:24:FC:F2:42:F4:0A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4F3116670755AE7498E95884950BB273733A6BB5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ad0f6909-0692-494f-937a-6f5b6908aceb.roa
Signing time:             Wed 20 Dec 2023 00:00:00 +0000
ROA not before:           Wed 20 Dec 2023 00:00:00 +0000
ROA not after:            Wed 24 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:31:16:67:07:55:ae:74:98:e9:58:84:95:0b:b2:73:73:3a:6b:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 20 00:00:00 2023 GMT
            Not After : Jan 24 23:59:59 2024 GMT
        Subject: serialNumber=6bc62a6f5cf75dbabbc70cbbfecc1893ead747c44cb60d810c0316c6ab0ca960, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:56:d5:45:ba:fe:05:dd:cf:0e:d2:35:91:05:
                    57:38:d4:3e:91:6e:79:7a:5e:72:c3:30:87:26:b5:
                    44:df:cf:a2:f2:c8:e0:f1:72:94:4e:61:f6:da:19:
                    b6:f2:3c:80:53:a4:2a:37:a5:4e:dd:32:d1:4f:cb:
                    02:72:81:0f:a9:3b:45:40:18:a6:a9:1b:d1:2a:ac:
                    6a:97:1d:21:7e:37:82:14:22:7a:01:a1:98:6f:04:
                    52:69:3b:0e:88:98:b9:c3:8a:07:4c:a5:ed:be:b0:
                    43:66:0b:4b:ed:74:e8:5c:27:31:38:5f:54:20:ed:
                    0e:a9:00:64:be:4e:9c:3d:38:04:1b:ab:43:f6:78:
                    a2:16:c3:2a:3d:10:cc:bf:b5:86:3f:57:28:a2:62:
                    b4:61:03:29:13:c8:65:ec:37:1c:25:b3:f9:b5:67:
                    e3:b3:34:b5:e5:ac:59:15:95:2f:c4:8d:59:d8:05:
                    b6:22:73:d8:32:1b:56:72:50:a0:11:9c:24:f9:5e:
                    97:d0:83:62:94:f5:ec:91:16:b9:c8:81:b2:4f:dd:
                    69:c3:22:49:8c:c6:e1:11:75:3e:f2:c9:7d:78:81:
                    47:fd:96:50:b7:c6:53:45:a0:fb:c6:57:cb:cf:80:
                    cb:74:6f:42:a4:a3:6a:5a:d7:a7:aa:8e:42:99:5d:
                    9f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:3B:3B:A2:38:04:93:5C:D2:4E:55:A5:2C:C8:24:FC:F2:42:F4:0A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ad0f6909-0692-494f-937a-6f5b6908aceb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:94:f5:7b:4c:31:87:b2:85:4e:88:12:26:fb:5b:b0:75:c1:
         b8:a5:80:cd:01:20:ea:25:a4:22:c9:bd:64:a0:19:2f:2f:7f:
         7a:16:7a:43:45:02:a5:b1:c1:60:69:6b:2a:78:3a:5d:1e:4b:
         d7:17:e5:7d:20:27:58:5f:2b:6c:3c:6c:95:42:9d:f1:0a:2f:
         45:2a:f3:82:ec:fc:92:9f:c2:51:ed:49:fc:b8:a3:70:9a:72:
         bb:44:b1:30:95:8e:00:73:7d:f8:cb:fe:65:65:44:5b:10:8c:
         9e:4f:ba:c4:2d:eb:ec:13:d7:35:cb:5d:fa:52:4b:2a:5c:d2:
         ba:c6:1b:9f:68:e5:cd:de:a9:2f:26:24:e7:16:1b:a3:5c:96:
         34:71:b3:e3:69:82:64:28:68:0d:01:b5:55:be:79:8c:0d:a1:
         56:a9:ad:7f:2c:a1:4d:f2:34:1f:20:e7:03:44:c0:30:24:1b:
         5a:90:f9:6c:62:e8:c1:07:43:39:51:05:a4:04:3b:4a:f9:21:
         7c:f0:d4:2e:07:a5:32:4c:71:65:7f:84:be:9b:06:52:11:03:
         85:b6:00:84:6c:f6:77:cc:ac:6f:34:44:72:83:70:e9:3f:11:
         4e:27:5f:25:2c:1b:69:8e:d7:91:5b:2b:0c:85:34:03:85:17:
         3a:6a:0e:9d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTzEWZwdVrnSY6ViElQuyc3M6a7UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjIwMDAwMDAwWhcNMjQwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YmM2MmE2ZjVjZjc1ZGJhYmJjNzBjYmJmZWNjMTg5M2Vh
ZDc0N2M0NGNiNjBkODEwYzAzMTZjNmFiMGNhOTYwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbVtVFuv4F3c8O0jWRBVc41D6Rbnl6XnLDMIcmtUTfz6Ly
yODxcpROYfbaGbbyPIBTpCo3pU7dMtFPywJygQ+pO0VAGKapG9EqrGqXHSF+N4IU
InoBoZhvBFJpOw6ImLnDigdMpe2+sENmC0vtdOhcJzE4X1Qg7Q6pAGS+Tpw9OAQb
q0P2eKIWwyo9EMy/tYY/VyiiYrRhAykTyGXsNxwls/m1Z+OzNLXlrFkVlS/EjVnY
BbYic9gyG1ZyUKARnCT5XpfQg2KU9eyRFrnIgbJP3WnDIkmMxuERdT7yyX14gUf9
llC3xlNFoPvGV8vPgMt0b0Kko2pa16eqjkKZXZ9dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKDs7ojgEk1zSTlWlLMgk/PJC9AowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FkMGY2OTA5LTA2OTItNDk0Zi05MzdhLTZmNWI2OTA4YWNlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEeU9XtMMYeyhU6IEib7W7B1wbil
gM0BIOolpCLJvWSgGS8vf3oWekNFAqWxwWBpayp4Ol0eS9cX5X0gJ1hfK2w8bJVC
nfEKL0Uq84Ls/JKfwlHtSfy4o3CacrtEsTCVjgBzffjL/mVlRFsQjJ5PusQt6+wT
1zXLXfpSSypc0rrGG59o5c3eqS8mJOcWG6NcljRxs+NpgmQoaA0BtVW+eYwNoVap
rX8soU3yNB8g5wNEwDAkG1qQ+Wxi6MEHQzlRBaQEO0r5IXzw1C4HpTJMcWV/hL6b
BlIRA4W2AIRs9nfMrG80RHKDcOk/EU4nXyUsG2mO15FbKwyFNAOFFzpqDp0=
-----END CERTIFICATE-----