Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1c04a84-5769-43ab-85e5-45e7deb4b25e.roa
File:                     c1c04a84-5769-43ab-85e5-45e7deb4b25e.roa (raw, json)
Hash identifier:          QinV8N/vTARWhA2RzTu9VL+NnUEmqzZ1YDgA/xp28J4=
Subject key identifier:   E2:94:5D:CF:62:06:A5:D9:5F:F2:C6:5D:3C:08:55:52:53:88:96:82
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7F974C4D9B4CCC38CA5909F7D100FAA2771F5965
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1c04a84-5769-43ab-85e5-45e7deb4b25e.roa
Signing time:             Tue 19 Dec 2023 00:00:00 +0000
ROA not before:           Tue 19 Dec 2023 00:00:00 +0000
ROA not after:            Tue 23 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:97:4c:4d:9b:4c:cc:38:ca:59:09:f7:d1:00:fa:a2:77:1f:59:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 19 00:00:00 2023 GMT
            Not After : Jan 23 23:59:59 2024 GMT
        Subject: serialNumber=6968fe6b26450fa8ae3e8643c1626ca4004056222b670f30c1247e786bdc25ba, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:67:11:69:8e:6d:11:ae:6a:14:d0:0b:7d:6a:
                    9a:8e:78:58:36:23:91:4b:86:0a:ae:b6:bd:44:a4:
                    01:30:48:52:cd:fb:22:bc:c5:89:d4:8d:4a:5e:26:
                    1f:86:f2:43:1d:76:13:f7:40:17:b0:9d:5d:73:f6:
                    bb:55:1a:1a:a0:54:7d:dc:80:77:e6:9f:04:50:f8:
                    98:3a:8e:97:4c:ea:d7:73:de:00:c2:a4:82:87:4d:
                    52:62:fe:16:a0:9e:9f:07:be:29:48:8a:00:72:25:
                    dc:8d:1f:55:08:1b:4c:ab:3f:17:df:9f:d2:34:75:
                    c9:20:8b:f9:38:5d:a7:ac:81:4c:06:dd:3b:c9:f6:
                    12:a9:ab:4f:cb:53:65:ad:2f:bf:dd:4a:f2:b6:65:
                    63:3a:f4:dc:69:23:d4:65:47:ce:5f:c6:7e:bb:2c:
                    10:3c:9f:fb:b0:46:2d:be:95:e2:aa:fd:d9:11:74:
                    7f:d0:21:41:ef:cd:0c:a3:b7:05:79:8d:97:6b:66:
                    88:b0:0f:15:00:28:a1:a3:4f:91:a4:da:ae:c5:bc:
                    9d:45:3a:ba:f7:84:bf:8f:64:2a:e4:d9:54:ce:82:
                    56:c8:c3:60:a7:2e:16:d4:1b:8a:3a:4b:48:5e:f0:
                    0f:69:76:e3:23:44:57:33:20:76:ea:44:42:2f:28:
                    18:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:94:5D:CF:62:06:A5:D9:5F:F2:C6:5D:3C:08:55:52:53:88:96:82
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1c04a84-5769-43ab-85e5-45e7deb4b25e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:fb:ef:92:fd:1e:c7:f6:97:a7:50:2f:ec:e2:1e:9d:af:4f:
         ee:55:12:94:4a:f1:25:50:e7:0e:67:68:98:c6:93:ea:42:89:
         40:0f:30:01:84:c7:77:e0:41:a6:0c:a6:09:85:92:4a:6f:de:
         50:39:e6:f4:d6:0c:d0:a9:28:53:fb:aa:ea:70:a2:1c:19:4f:
         15:b6:9d:08:05:9d:b6:a2:bb:69:52:ef:52:54:c3:6b:14:84:
         b6:1d:dd:08:85:d1:c4:a1:a2:be:1e:fc:ca:d4:dd:a1:98:e3:
         51:d4:fc:65:29:22:2a:e2:a3:64:b5:be:d4:05:09:9a:2f:15:
         e5:55:6e:f3:4b:a2:41:9d:a8:5a:5d:5a:4f:d7:c7:3f:ae:7a:
         5b:7f:e0:45:c6:15:c6:c1:81:f2:b9:59:f7:a6:5f:22:d5:23:
         ff:92:2e:95:60:ad:10:3a:db:6e:d3:6e:e8:df:d7:e8:34:d9:
         b2:d0:92:5b:d4:60:36:eb:aa:e8:88:3e:ef:37:7f:f2:a2:cc:
         7d:8c:ca:5f:6a:de:a1:1e:ce:21:ea:e6:62:a7:69:3a:1a:31:
         94:a5:8b:54:28:b5:08:c9:4d:a7:cc:ec:f9:0e:2c:bd:e4:0a:
         db:5a:56:79:fc:9c:8b:84:01:ae:61:00:0b:33:4b:dc:db:1e:
         d4:38:ba:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUf5dMTZtMzDjKWQn30QD6oncfWWUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjE5MDAwMDAwWhcNMjQwMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTY4ZmU2YjI2NDUwZmE4YWUzZTg2NDNjMTYyNmNhNDAw
NDA1NjIyMmI2NzBmMzBjMTI0N2U3ODZiZGMyNWJhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbZxFpjm0RrmoU0At9apqOeFg2I5FLhgqutr1EpAEwSFLN
+yK8xYnUjUpeJh+G8kMddhP3QBewnV1z9rtVGhqgVH3cgHfmnwRQ+Jg6jpdM6tdz
3gDCpIKHTVJi/hagnp8HvilIigByJdyNH1UIG0yrPxffn9I0dckgi/k4XaesgUwG
3TvJ9hKpq0/LU2WtL7/dSvK2ZWM69NxpI9RlR85fxn67LBA8n/uwRi2+leKq/dkR
dH/QIUHvzQyjtwV5jZdrZoiwDxUAKKGjT5Gk2q7FvJ1FOrr3hL+PZCrk2VTOglbI
w2CnLhbUG4o6S0he8A9pduMjRFczIHbqREIvKBjNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4pRdz2IGpdlf8sZdPAhVUlOIloIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2MxYzA0YTg0LTU3NjktNDNhYi04NWU1LTQ1ZTdkZWI0YjI1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALX775L9Hsf2l6dQL+ziHp2vT+5V
EpRK8SVQ5w5naJjGk+pCiUAPMAGEx3fgQaYMpgmFkkpv3lA55vTWDNCpKFP7qupw
ohwZTxW2nQgFnbaiu2lS71JUw2sUhLYd3QiF0cShor4e/MrU3aGY41HU/GUpIiri
o2S1vtQFCZovFeVVbvNLokGdqFpdWk/Xxz+uelt/4EXGFcbBgfK5WfemXyLVI/+S
LpVgrRA6227Tbujf1+g02bLQklvUYDbrquiIPu83f/KizH2Myl9q3qEeziHq5mKn
aToaMZSli1QotQjJTafM7PkOLL3kCttaVnn8nIuEAa5hAAszS9zbHtQ4uoM=
-----END CERTIFICATE-----