Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b4ee7ca3-293b-4936-9f7c-a9ac90422652.roa
File:                     b4ee7ca3-293b-4936-9f7c-a9ac90422652.roa (raw, json)
Hash identifier:          rctOFSr09TrEagrrYBKfInh0ISGylgKSCNJWvvrIkNs=
Subject key identifier:   50:58:D0:7F:DF:46:CB:12:CF:46:A1:3D:3C:AD:CF:15:B0:35:2E:C9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       650C1F6572D119E0505948A081C67B8BA6EA5E77
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b4ee7ca3-293b-4936-9f7c-a9ac90422652.roa
Signing time:             Sun 24 Dec 2023 00:00:00 +0000
ROA not before:           Sun 24 Dec 2023 00:00:00 +0000
ROA not after:            Sun 28 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:0c:1f:65:72:d1:19:e0:50:59:48:a0:81:c6:7b:8b:a6:ea:5e:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 24 00:00:00 2023 GMT
            Not After : Jan 28 23:59:59 2024 GMT
        Subject: serialNumber=e2ce06a7f79a1ad4b9b2aba267882c36812339b4051de3ebdf14732d80c4e3c1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ac:bc:bc:ad:68:17:27:f1:58:25:74:03:3c:
                    61:ae:de:84:99:c3:bc:38:4c:28:6b:fc:6e:be:fb:
                    fd:ca:05:8e:30:3e:6f:01:f5:c1:24:b4:e5:11:11:
                    ec:8e:f4:4b:82:5c:a4:43:1c:e3:9f:39:5f:d0:95:
                    9b:e1:79:c9:de:cb:51:44:ec:44:f9:5b:d0:0d:f4:
                    77:06:de:29:dc:d3:2c:7a:d7:81:e7:b1:c1:1e:e4:
                    74:42:8d:5b:c2:fe:01:4c:3a:8c:13:ae:27:6f:11:
                    d7:e2:fe:e1:99:f6:df:0d:ac:2e:e5:d7:7c:fa:f2:
                    5a:c0:1a:29:dd:c7:37:d5:5e:41:be:ed:a5:3a:0e:
                    b2:91:ce:67:cf:aa:28:3f:01:61:9e:74:02:31:3a:
                    68:2d:00:fa:a5:03:53:99:46:d2:f3:52:c7:40:4d:
                    64:53:d0:1e:5f:a9:3d:3c:23:40:9f:c9:8b:80:33:
                    ca:83:e5:be:b5:de:1b:d0:8e:7d:33:47:7d:14:ac:
                    24:11:f5:98:46:a2:0d:b1:0b:38:a6:f3:2e:6b:df:
                    34:f7:9d:51:c0:fe:70:ce:8c:4e:15:94:1e:61:b3:
                    16:25:6c:3e:4a:10:f2:83:ac:df:48:d6:67:a7:de:
                    29:95:e9:df:65:9c:b0:38:49:e2:8e:25:4f:85:28:
                    19:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:58:D0:7F:DF:46:CB:12:CF:46:A1:3D:3C:AD:CF:15:B0:35:2E:C9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b4ee7ca3-293b-4936-9f7c-a9ac90422652.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:6f:85:44:bc:6e:23:cd:cf:1a:22:b0:46:16:c9:51:11:5b:
         94:0b:26:17:f6:df:c5:22:dc:a5:80:2d:7d:76:c5:fb:bc:16:
         54:31:86:2d:04:e2:19:18:9f:db:9f:cf:57:94:6f:bd:fe:38:
         4b:dd:dc:70:f3:b3:75:f4:f2:6b:3f:b6:b6:4d:3f:3d:41:26:
         43:fb:4d:03:0d:19:97:12:85:2a:5f:3a:7c:a1:20:63:5f:d5:
         65:94:3f:19:90:3a:f3:9b:5a:2f:a6:b3:78:af:76:06:97:38:
         b9:b1:47:3e:0c:54:16:d9:83:e1:f3:33:90:5d:18:01:19:4d:
         76:7d:5e:6d:81:c9:50:75:47:07:44:db:1c:9f:01:e8:4f:ac:
         5a:95:64:44:37:d0:36:36:c8:d6:cf:bb:9a:b6:04:c3:e1:97:
         5d:ca:10:9a:8d:17:81:23:c6:18:95:37:09:25:d3:cf:33:f1:
         e5:64:e8:b6:28:3d:73:45:49:e7:c6:87:da:c7:5f:b1:fe:0f:
         8f:6b:91:ca:c9:ca:b0:03:d0:81:81:22:1d:98:f4:77:a4:69:
         af:b6:bf:df:28:89:41:88:3d:9f:ff:02:43:6e:3e:25:7e:9f:
         43:6e:4b:47:9f:28:98:9c:84:ba:99:5f:d0:3b:f0:b8:01:4c:
         58:cf:f7:23
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZQwfZXLRGeBQWUiggcZ7i6bqXncwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjI0MDAwMDAwWhcNMjQwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMmNlMDZhN2Y3OWExYWQ0YjliMmFiYTI2Nzg4MmMzNjgx
MjMzOWI0MDUxZGUzZWJkZjE0NzMyZDgwYzRlM2MxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChrLy8rWgXJ/FYJXQDPGGu3oSZw7w4TChr/G6++/3KBY4w
Pm8B9cEktOUREeyO9EuCXKRDHOOfOV/QlZvhecney1FE7ET5W9AN9HcG3inc0yx6
14HnscEe5HRCjVvC/gFMOowTridvEdfi/uGZ9t8NrC7l13z68lrAGindxzfVXkG+
7aU6DrKRzmfPqig/AWGedAIxOmgtAPqlA1OZRtLzUsdATWRT0B5fqT08I0CfyYuA
M8qD5b613hvQjn0zR30UrCQR9ZhGog2xCzim8y5r3zT3nVHA/nDOjE4VlB5hsxYl
bD5KEPKDrN9I1men3imV6d9lnLA4SeKOJU+FKBmhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUFjQf99GyxLPRqE9PK3PFbA1LskwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I0ZWU3Y2EzLTI5M2ItNDkzNi05ZjdjLWE5YWM5MDQyMjY1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKFvhUS8biPNzxoisEYWyVERW5QL
Jhf238Ui3KWALX12xfu8FlQxhi0E4hkYn9ufz1eUb73+OEvd3HDzs3X08ms/trZN
Pz1BJkP7TQMNGZcShSpfOnyhIGNf1WWUPxmQOvObWi+ms3ivdgaXOLmxRz4MVBbZ
g+HzM5BdGAEZTXZ9Xm2ByVB1RwdE2xyfAehPrFqVZEQ30DY2yNbPu5q2BMPhl13K
EJqNF4EjxhiVNwkl088z8eVk6LYoPXNFSefGh9rHX7H+D49rkcrJyrAD0IGBIh2Y
9Hekaa+2v98oiUGIPZ//AkNuPiV+n0NuS0efKJichLqZX9A78LgBTFjP9yM=
-----END CERTIFICATE-----