Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c53dd3ba-e111-48e1-9b49-0dab5ea11e64.roa
File:                     c53dd3ba-e111-48e1-9b49-0dab5ea11e64.roa (raw, json)
Hash identifier:          /cNBRDGXrXFiXR7n3Icb2afkj3DJrvqGqTqI09cdQfo=
Subject key identifier:   02:DF:46:4F:8E:3E:E6:FE:B1:ED:F9:73:09:51:2F:CD:A4:E8:D0:06
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5CFACE732B488967AC75454D97EA2ABBF8D4433E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c53dd3ba-e111-48e1-9b49-0dab5ea11e64.roa
Signing time:             Sat 23 Dec 2023 00:00:00 +0000
ROA not before:           Sat 23 Dec 2023 00:00:00 +0000
ROA not after:            Sat 27 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:fa:ce:73:2b:48:89:67:ac:75:45:4d:97:ea:2a:bb:f8:d4:43:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 23 00:00:00 2023 GMT
            Not After : Jan 27 23:59:59 2024 GMT
        Subject: serialNumber=07fa1ee94af1628943a4f92a646b9fe76ea15408243bc827e149329344a104cc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9a:bf:0f:4c:6f:59:5a:51:cd:29:2e:6b:ff:
                    fc:1d:c8:bf:aa:8a:1c:aa:8b:3b:54:d4:05:bc:80:
                    5f:e3:51:a4:aa:56:3a:b5:c1:7d:88:b0:fe:cc:ab:
                    ba:7f:20:07:7a:28:48:92:32:d3:6b:c7:80:9e:9f:
                    3b:86:e1:14:cf:e3:43:af:ad:be:e3:b9:b6:61:aa:
                    b3:3c:ee:a6:43:21:f2:20:bb:e4:ad:de:b0:27:51:
                    e9:8f:0e:0a:2c:a8:6b:58:7b:d2:5e:80:a6:e4:f6:
                    28:f3:37:d2:ba:a8:9c:9c:5f:77:51:e0:7f:3b:ba:
                    1a:1b:85:f1:de:35:a5:99:f9:b3:c9:1d:40:96:81:
                    7b:36:fe:24:83:c2:76:a5:04:ab:45:d2:d0:76:98:
                    db:bf:1b:10:44:07:92:e9:4f:32:e3:ce:b7:bc:52:
                    3f:9c:5a:b3:4e:e8:11:66:a2:40:75:cf:d6:43:85:
                    ad:42:d7:25:75:02:93:4c:e5:c7:2f:70:e7:9e:54:
                    35:8b:21:60:0b:b4:8b:fd:7e:4b:ec:0c:76:02:25:
                    e0:88:5a:60:89:a5:9c:dd:a3:50:2d:0f:91:ae:14:
                    ea:28:5e:ca:61:d6:1a:d4:fe:dc:08:8d:b1:89:6f:
                    6c:bb:ce:82:44:69:b3:71:47:d9:3d:4c:38:8b:83:
                    b2:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:DF:46:4F:8E:3E:E6:FE:B1:ED:F9:73:09:51:2F:CD:A4:E8:D0:06
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c53dd3ba-e111-48e1-9b49-0dab5ea11e64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:23:70:60:c6:e0:88:a5:48:32:c4:e6:ec:03:65:e7:37:1a:
         de:03:4d:4b:70:b2:d2:12:9c:a8:e4:83:29:28:5b:8b:4e:92:
         ed:6e:22:67:68:fe:0c:7f:7b:19:9f:83:65:88:8d:eb:15:ca:
         f1:0b:0b:15:f9:c8:05:c5:4b:cc:22:07:c4:79:7f:0d:f5:e7:
         f9:f4:11:76:17:4e:1b:55:6c:34:d8:1c:33:28:ed:da:a9:e1:
         58:f4:06:82:c3:64:bc:12:b9:fd:de:8c:a0:b2:82:ee:8f:98:
         4f:5c:6d:9c:5e:5f:8b:7e:41:95:7b:8b:be:48:3c:c7:ec:13:
         c2:30:9e:1e:17:80:43:b1:3a:ed:5f:36:01:e6:85:8b:b6:91:
         5d:60:0b:9b:99:ce:08:04:3a:f4:f4:4f:53:42:58:07:08:a9:
         50:ce:11:d7:8e:f0:66:bb:b1:b1:29:72:5e:8e:32:9b:c0:c2:
         2d:be:16:51:d6:af:63:59:db:54:dd:48:f9:e8:26:bf:9e:02:
         27:47:6f:c4:4b:cc:93:17:96:c5:50:bd:23:10:f7:a0:99:a7:
         cf:19:26:26:19:02:97:ad:29:2e:5c:a2:24:28:0a:14:c9:0c:
         c2:2b:6e:96:9c:f4:e8:2e:c8:d7:29:83:9c:02:fc:73:87:8b:
         84:37:cb:1d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXPrOcytIiWesdUVNl+oqu/jUQz4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjIzMDAwMDAwWhcNMjQwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwN2ZhMWVlOTRhZjE2Mjg5NDNhNGY5MmE2NDZiOWZlNzZl
YTE1NDA4MjQzYmM4MjdlMTQ5MzI5MzQ0YTEwNGNjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZmr8PTG9ZWlHNKS5r//wdyL+qihyqiztU1AW8gF/jUaSq
Vjq1wX2IsP7Mq7p/IAd6KEiSMtNrx4CenzuG4RTP40Ovrb7jubZhqrM87qZDIfIg
u+St3rAnUemPDgosqGtYe9JegKbk9ijzN9K6qJycX3dR4H87uhobhfHeNaWZ+bPJ
HUCWgXs2/iSDwnalBKtF0tB2mNu/GxBEB5LpTzLjzre8Uj+cWrNO6BFmokB1z9ZD
ha1C1yV1ApNM5ccvcOeeVDWLIWALtIv9fkvsDHYCJeCIWmCJpZzdo1AtD5GuFOoo
Xsph1hrU/twIjbGJb2y7zoJEabNxR9k9TDiLg7KPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAt9GT44+5v6x7flzCVEvzaTo0AYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2M1M2RkM2JhLWUxMTEtNDhlMS05YjQ5LTBkYWI1ZWExMWU2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGojcGDG4IilSDLE5uwDZec3Gt4D
TUtwstISnKjkgykoW4tOku1uImdo/gx/exmfg2WIjesVyvELCxX5yAXFS8wiB8R5
fw315/n0EXYXThtVbDTYHDMo7dqp4Vj0BoLDZLwSuf3ejKCygu6PmE9cbZxeX4t+
QZV7i75IPMfsE8Iwnh4XgEOxOu1fNgHmhYu2kV1gC5uZzggEOvT0T1NCWAcIqVDO
EdeO8Ga7sbEpcl6OMpvAwi2+FlHWr2NZ21TdSPnoJr+eAidHb8RLzJMXlsVQvSMQ
96CZp88ZJiYZApetKS5coiQoChTJDMIrbpac9OguyNcpg5wC/HOHi4Q3yx0=
-----END CERTIFICATE-----