Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b80e0343-1c66-4282-b43e-70e5383b1f11.roa
File:                     b80e0343-1c66-4282-b43e-70e5383b1f11.roa (raw, json)
Hash identifier:          BdAiuE9brAkNtTs1B/3iGfCxJLx2t5Ojic8ArC0MetM=
Subject key identifier:   75:D2:5C:C3:A7:7F:53:57:13:A6:AF:D6:6D:0F:25:05:B6:BB:8F:0A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6669618F71EE52E484AC09299045E4B33DEE0CB7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b80e0343-1c66-4282-b43e-70e5383b1f11.roa
Signing time:             Thu 11 Jan 2024 00:00:00 +0000
ROA not before:           Thu 11 Jan 2024 00:00:00 +0000
ROA not after:            Thu 15 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:69:61:8f:71:ee:52:e4:84:ac:09:29:90:45:e4:b3:3d:ee:0c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 11 00:00:00 2024 GMT
            Not After : Feb 15 23:59:59 2024 GMT
        Subject: serialNumber=af0af533673d1512d324426ae907bb06b44db64597db07b6bb4158196deebbd4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:24:ec:a7:62:ef:d6:4e:27:f6:ee:15:4f:7e:
                    64:91:87:0d:23:d2:4d:52:32:0a:07:a5:c6:97:32:
                    a4:be:a7:97:bf:39:4d:bf:cd:b5:3d:62:a0:f4:b2:
                    33:b1:38:b9:42:eb:be:46:64:72:e6:5f:ab:14:95:
                    a1:2b:53:60:aa:8d:2b:46:93:71:86:a4:14:14:74:
                    18:8c:82:e9:47:c7:04:99:9c:5b:4a:67:23:c6:dd:
                    9a:a8:eb:f1:0e:63:dd:ac:a4:ea:ba:85:bc:f0:9b:
                    13:3d:90:b4:bc:cb:d4:c8:99:e1:bd:6c:b0:63:3d:
                    01:32:ab:34:54:b0:0c:ca:d3:b2:4e:6a:9e:d3:13:
                    17:f7:90:31:98:0e:07:2a:18:73:1e:68:ba:eb:2f:
                    49:1d:7f:dc:de:6e:77:8c:30:c5:09:8c:22:48:5a:
                    72:61:e8:48:e0:10:a5:c1:3d:32:f4:26:8a:b5:5c:
                    bd:e8:66:fa:db:b2:17:12:b1:d7:a1:d4:a4:ad:cc:
                    ea:f0:b8:11:aa:9e:21:31:07:0a:00:9a:a7:29:c0:
                    46:ac:a9:0c:11:c6:e7:27:44:8e:b6:67:20:6e:08:
                    97:46:2c:1c:68:cd:03:d8:8e:ee:d2:78:c2:2c:ac:
                    9d:94:f1:b7:d7:8d:29:b5:27:3c:ce:f2:d3:87:70:
                    1f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:D2:5C:C3:A7:7F:53:57:13:A6:AF:D6:6D:0F:25:05:B6:BB:8F:0A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b80e0343-1c66-4282-b43e-70e5383b1f11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:30:5e:e4:1f:0d:f1:33:1d:66:3a:bb:17:4a:39:b0:fb:8e:
         d3:ec:25:76:aa:06:46:40:e3:94:18:18:5f:e3:ee:07:40:43:
         32:98:a8:21:4b:e2:15:44:6a:4c:f0:82:5c:44:f0:4c:f3:c7:
         6c:e1:74:a7:ff:4a:a9:24:91:74:cd:fd:53:70:18:12:72:0f:
         11:c7:b0:c6:dc:e1:90:e8:41:63:72:82:6a:02:dc:25:ca:6b:
         b0:2e:a6:24:18:5f:00:9c:6c:2f:c9:44:c9:20:f4:38:2c:8b:
         3d:51:02:f9:1f:87:88:85:59:3c:bd:b6:40:7e:2b:84:6d:7a:
         ee:ae:cc:b5:3a:90:b8:f2:c5:6c:00:aa:4e:ef:7f:7f:f0:f0:
         52:6a:d7:a1:64:7a:8f:ed:b6:2c:dc:7d:c1:f5:de:b7:a4:b1:
         5f:ca:2b:9d:69:3f:af:ce:09:00:96:9d:a8:85:62:83:0f:3d:
         7b:5e:af:d0:90:be:78:8d:ce:f8:51:65:6d:55:86:c7:3a:71:
         69:79:cd:c6:8d:b3:a3:17:f8:37:75:ea:da:c7:3a:d9:08:9b:
         79:80:78:d2:df:bf:76:a3:3d:77:54:5a:fc:d9:d8:0e:6b:ab:
         1c:75:1d:c0:e6:63:64:b5:54:9e:85:71:b0:d9:a3:8c:9f:48:
         20:ce:30:99
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZmlhj3HuUuSErAkpkEXksz3uDLcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTExMDAwMDAwWhcNMjQwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZjBhZjUzMzY3M2QxNTEyZDMyNDQyNmFlOTA3YmIwNmI0
NGRiNjQ1OTdkYjA3YjZiYjQxNTgxOTZkZWViYmQ0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpJOynYu/WTif27hVPfmSRhw0j0k1SMgoHpcaXMqS+p5e/
OU2/zbU9YqD0sjOxOLlC675GZHLmX6sUlaErU2CqjStGk3GGpBQUdBiMgulHxwSZ
nFtKZyPG3Zqo6/EOY92spOq6hbzwmxM9kLS8y9TImeG9bLBjPQEyqzRUsAzK07JO
ap7TExf3kDGYDgcqGHMeaLrrL0kdf9zebneMMMUJjCJIWnJh6EjgEKXBPTL0Joq1
XL3oZvrbshcSsdeh1KStzOrwuBGqniExBwoAmqcpwEasqQwRxucnRI62ZyBuCJdG
LBxozQPYju7SeMIsrJ2U8bfXjSm1JzzO8tOHcB+rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUddJcw6d/U1cTpq/WbQ8lBba7jwowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I4MGUwMzQzLTFjNjYtNDI4Mi1iNDNlLTcwZTUzODNiMWYxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG0wXuQfDfEzHWY6uxdKObD7jtPs
JXaqBkZA45QYGF/j7gdAQzKYqCFL4hVEakzwglxE8Ezzx2zhdKf/SqkkkXTN/VNw
GBJyDxHHsMbc4ZDoQWNygmoC3CXKa7AupiQYXwCcbC/JRMkg9Dgsiz1RAvkfh4iF
WTy9tkB+K4Rteu6uzLU6kLjyxWwAqk7vf3/w8FJq16Fkeo/ttizcfcH13reksV/K
K51pP6/OCQCWnaiFYoMPPXter9CQvniNzvhRZW1Vhsc6cWl5zcaNs6MX+Dd16trH
OtkIm3mAeNLfv3ajPXdUWvzZ2A5rqxx1HcDmY2S1VJ6FcbDZo4yfSCDOMJk=
-----END CERTIFICATE-----