Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b579504a-a964-4c35-aed4-1486518ff62e.roa
File:                     b579504a-a964-4c35-aed4-1486518ff62e.roa (raw, json)
Hash identifier:          XQ8Chwi9xR+g2CrhIkXxoL0Zo4XuW+Wrih868mBYyrM=
Subject key identifier:   14:CD:D3:C6:94:47:90:11:37:34:06:47:B7:C9:52:F0:5B:42:25:ED
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2A39240B43287D099F924AACA69B47A93E209E06
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b579504a-a964-4c35-aed4-1486518ff62e.roa
Signing time:             Fri 24 Nov 2023 00:00:00 +0000
ROA not before:           Fri 24 Nov 2023 00:00:00 +0000
ROA not after:            Fri 29 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:39:24:0b:43:28:7d:09:9f:92:4a:ac:a6:9b:47:a9:3e:20:9e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 24 00:00:00 2023 GMT
            Not After : Dec 29 23:59:59 2023 GMT
        Subject: serialNumber=ca1ef308d8626465a7992993adf4d07da1ef7c2aaf35f6f960d5ab76b886daf8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:28:5f:7f:18:c7:de:b5:b7:4e:e5:47:c1:a5:
                    d1:9e:81:b4:39:7e:33:ef:11:6e:c4:29:65:ab:32:
                    2d:4f:2a:19:96:38:64:2f:76:72:47:5a:f5:42:c7:
                    68:44:01:dd:73:96:42:a0:f6:77:e5:d7:f1:ec:93:
                    d4:48:3b:00:2b:15:7e:c9:04:d1:a7:a8:10:ae:af:
                    5c:c9:ce:59:25:05:43:76:4c:ac:c8:28:bd:5b:1e:
                    04:b8:27:f9:fe:98:c3:aa:d4:27:2e:ec:a0:e6:93:
                    0f:9a:a2:bd:d7:32:e9:c5:ab:9b:22:12:db:8b:30:
                    40:8c:4c:ea:2c:7d:9e:ca:f1:9c:d4:c0:b3:6a:8b:
                    c8:c0:2f:99:0f:a0:88:85:98:05:7c:23:f9:b8:e3:
                    9f:77:ae:10:6a:80:68:12:50:f5:ab:2c:ad:2f:50:
                    96:91:b7:c9:45:90:fc:77:25:08:65:0a:d1:ea:7d:
                    a6:f3:17:e9:cc:4e:e1:8b:c5:b0:38:15:6a:64:0a:
                    ed:7e:15:31:ba:2f:25:63:60:8d:3e:cc:a0:ed:b5:
                    17:77:36:69:d7:25:7b:b3:ce:d2:0e:d2:07:8f:fe:
                    6f:04:f8:d4:2f:2a:1e:f5:88:73:35:44:bc:cd:9a:
                    ed:15:23:be:6c:65:2d:b6:56:c9:75:84:ef:5e:28:
                    f1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:CD:D3:C6:94:47:90:11:37:34:06:47:B7:C9:52:F0:5B:42:25:ED
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b579504a-a964-4c35-aed4-1486518ff62e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:9b:1a:39:bb:68:08:7c:83:8a:d0:ac:3a:3c:56:11:4d:f9:
         3e:be:53:41:54:f9:ad:9d:fb:37:b8:f0:5f:c0:d8:9d:21:6e:
         99:30:3f:48:b5:c3:ef:1f:f9:ad:83:2f:9a:ea:c7:20:09:9a:
         4f:15:e6:09:3e:5e:ec:87:26:a6:f7:f9:2b:1c:e5:42:fa:e8:
         23:e0:6c:e8:41:e8:96:fa:b9:1b:8f:2a:a1:ae:0f:f1:be:aa:
         db:b8:a3:05:dd:9c:f0:fe:86:b6:74:74:95:f1:ff:46:db:69:
         ac:19:cb:62:2c:2b:e6:98:84:e1:52:ef:38:c6:22:2b:95:18:
         17:43:2f:cf:e3:1f:13:7e:e4:56:10:bc:2d:b2:5d:9f:94:a4:
         b7:d6:b4:15:9c:d7:a5:20:70:a9:ad:03:ae:78:4c:37:ab:60:
         cf:a0:8c:9d:6f:9b:21:54:8a:ff:d5:ab:87:a1:2a:66:a1:4c:
         11:63:77:9f:96:86:6e:cb:6f:b2:9f:a4:b3:31:c0:78:9d:26:
         d0:9f:b1:4b:9b:5f:db:8a:a4:8f:59:2b:ff:59:8e:49:31:40:
         4d:1c:0c:2f:4e:06:4d:09:33:e1:ee:c6:92:fd:3d:fe:99:1c:
         ef:38:8e:13:5e:5a:bc:4f:3d:11:66:4e:62:e7:15:55:67:c1:
         40:71:c3:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKjkkC0MofQmfkkqspptHqT4gngYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTI0MDAwMDAwWhcNMjMxMjI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYTFlZjMwOGQ4NjI2NDY1YTc5OTI5OTNhZGY0ZDA3ZGEx
ZWY3YzJhYWYzNWY2Zjk2MGQ1YWI3NmI4ODZkYWY4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUKF9/GMfetbdO5UfBpdGegbQ5fjPvEW7EKWWrMi1PKhmW
OGQvdnJHWvVCx2hEAd1zlkKg9nfl1/Hsk9RIOwArFX7JBNGnqBCur1zJzlklBUN2
TKzIKL1bHgS4J/n+mMOq1Ccu7KDmkw+aor3XMunFq5siEtuLMECMTOosfZ7K8ZzU
wLNqi8jAL5kPoIiFmAV8I/m44593rhBqgGgSUPWrLK0vUJaRt8lFkPx3JQhlCtHq
fabzF+nMTuGLxbA4FWpkCu1+FTG6LyVjYI0+zKDttRd3NmnXJXuzztIO0geP/m8E
+NQvKh71iHM1RLzNmu0VI75sZS22Vsl1hO9eKPHHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFM3TxpRHkBE3NAZHt8lS8FtCJe0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I1Nzk1MDRhLWE5NjQtNGMzNS1hZWQ0LTE0ODY1MThmZjYyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABqbGjm7aAh8g4rQrDo8VhFN+T6+
U0FU+a2d+ze48F/A2J0hbpkwP0i1w+8f+a2DL5rqxyAJmk8V5gk+XuyHJqb3+Ssc
5UL66CPgbOhB6Jb6uRuPKqGuD/G+qtu4owXdnPD+hrZ0dJXx/0bbaawZy2IsK+aY
hOFS7zjGIiuVGBdDL8/jHxN+5FYQvC2yXZ+UpLfWtBWc16UgcKmtA654TDerYM+g
jJ1vmyFUiv/Vq4ehKmahTBFjd5+Whm7Lb7KfpLMxwHidJtCfsUubX9uKpI9ZK/9Z
jkkxQE0cDC9OBk0JM+HuxpL9Pf6ZHO84jhNeWrxPPRFmTmLnFVVnwUBxw+g=
-----END CERTIFICATE-----