Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c997b685-0a25-481c-8acf-1532e742990b.roa
File:                     c997b685-0a25-481c-8acf-1532e742990b.roa (raw, json)
Hash identifier:          BrKcag8hg2/2k7H2SE5IpjmB5bThNn33wxw4lcvEgE4=
Subject key identifier:   D5:72:31:F4:E9:A0:C5:E6:35:14:A8:69:3F:3B:AD:8F:4F:AF:0F:5B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6590FE58B5969E5A3241439D33160967785476DD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c997b685-0a25-481c-8acf-1532e742990b.roa
Signing time:             Thu 14 Dec 2023 00:00:00 +0000
ROA not before:           Thu 14 Dec 2023 00:00:00 +0000
ROA not after:            Thu 18 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:90:fe:58:b5:96:9e:5a:32:41:43:9d:33:16:09:67:78:54:76:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 14 00:00:00 2023 GMT
            Not After : Jan 18 23:59:59 2024 GMT
        Subject: serialNumber=6fc4d187a764fe21364e33be430d1e6b6e80be9c882e1633bd65754e88c38a87, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c9:58:1b:13:88:d6:a4:c9:c5:c4:f4:75:06:
                    26:ab:e3:d5:0b:34:3b:89:8e:14:69:a8:45:61:1e:
                    5a:51:27:93:d6:f9:b1:6e:80:78:46:dc:e5:b1:e6:
                    92:8b:3f:f4:d6:98:64:78:7d:ca:68:ef:73:b4:a0:
                    4b:dd:9b:89:86:f9:0c:ec:14:98:3c:b9:53:11:17:
                    37:eb:de:e4:b9:07:92:45:b0:ac:3a:12:14:11:46:
                    d1:0d:e3:b9:e9:8f:06:83:64:1a:71:93:f5:7f:dd:
                    1c:9d:09:de:d8:cf:d5:31:34:42:b5:bb:9a:c7:33:
                    f7:55:70:a9:cb:b8:dc:23:33:e3:72:e8:9f:c5:3f:
                    a8:d7:dd:26:49:72:25:7d:69:88:9e:c3:1f:09:cb:
                    47:64:7c:f4:31:54:92:90:63:6b:cf:c9:26:a4:e8:
                    14:00:6e:55:50:36:f6:ec:f3:b4:d0:82:f9:b3:a0:
                    bc:6b:60:14:83:d9:be:00:e7:29:1b:15:14:4b:4a:
                    0a:e6:0c:c7:f0:4c:85:15:66:9c:33:06:79:34:c0:
                    58:ce:03:be:92:24:32:65:85:0d:39:20:32:1a:3d:
                    b1:69:25:9e:aa:60:ec:92:ce:6d:d1:ca:0c:e6:b7:
                    56:7e:8f:42:c9:79:a1:2b:7f:bb:ae:53:f8:0c:e5:
                    a8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:72:31:F4:E9:A0:C5:E6:35:14:A8:69:3F:3B:AD:8F:4F:AF:0F:5B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c997b685-0a25-481c-8acf-1532e742990b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:b5:53:00:9c:c1:d4:10:ca:e4:ba:33:f9:3e:19:38:89:ef:
         96:d3:55:ae:34:d2:b3:db:e7:8a:ab:2a:4d:1a:3e:1b:e6:f2:
         2e:14:16:cd:4c:61:53:96:12:f5:3f:3a:09:79:c5:86:36:90:
         75:12:7e:a8:ae:dd:7c:b2:e8:e0:3b:8e:30:ae:af:17:c7:c0:
         ea:4b:b0:d5:e5:ad:09:9d:65:d6:c0:ee:5c:db:7a:51:3d:78:
         3c:87:cc:1b:45:f2:3b:1c:dd:d5:19:88:40:4f:8d:24:e5:40:
         6e:93:9e:47:3e:88:00:b6:d9:46:cd:05:ca:ba:2f:90:e8:a5:
         31:42:9d:9d:d3:b7:e7:00:c2:c7:bb:25:dc:2b:c6:d5:71:0a:
         dc:fa:02:6b:c8:de:f4:42:42:37:b1:af:5d:93:b8:4b:c9:9e:
         8d:9e:2e:fc:27:8e:31:81:6a:86:f3:09:fc:dc:31:ac:2a:6e:
         8e:d5:12:1d:29:7e:a0:09:9b:b9:9d:5c:ea:52:9e:9f:e9:46:
         d5:22:0e:4d:57:b8:74:5a:a5:de:01:84:a0:7c:c3:14:a8:eb:
         6a:4c:d5:88:d1:9b:82:3c:a3:44:8f:7c:d8:91:c1:c8:7a:a3:
         08:56:13:f8:24:58:13:c6:cf:11:87:3e:81:bb:37:da:14:3b:
         38:0a:11:ce
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZZD+WLWWnloyQUOdMxYJZ3hUdt0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjE0MDAwMDAwWhcNMjQwMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZmM0ZDE4N2E3NjRmZTIxMzY0ZTMzYmU0MzBkMWU2YjZl
ODBiZTljODgyZTE2MzNiZDY1NzU0ZTg4YzM4YTg3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgyVgbE4jWpMnFxPR1Biar49ULNDuJjhRpqEVhHlpRJ5PW
+bFugHhG3OWx5pKLP/TWmGR4fcpo73O0oEvdm4mG+QzsFJg8uVMRFzfr3uS5B5JF
sKw6EhQRRtEN47npjwaDZBpxk/V/3RydCd7Yz9UxNEK1u5rHM/dVcKnLuNwjM+Ny
6J/FP6jX3SZJciV9aYiewx8Jy0dkfPQxVJKQY2vPySak6BQAblVQNvbs87TQgvmz
oLxrYBSD2b4A5ykbFRRLSgrmDMfwTIUVZpwzBnk0wFjOA76SJDJlhQ05IDIaPbFp
JZ6qYOySzm3Rygzmt1Z+j0LJeaErf7uuU/gM5aj5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1XIx9OmgxeY1FKhpPzutj0+vD1swHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2M5OTdiNjg1LTBhMjUtNDgxYy04YWNmLTE1MzJlNzQyOTkwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEi1UwCcwdQQyuS6M/k+GTiJ75bT
Va400rPb54qrKk0aPhvm8i4UFs1MYVOWEvU/Ogl5xYY2kHUSfqiu3Xyy6OA7jjCu
rxfHwOpLsNXlrQmdZdbA7lzbelE9eDyHzBtF8jsc3dUZiEBPjSTlQG6Tnkc+iAC2
2UbNBcq6L5DopTFCnZ3Tt+cAwse7JdwrxtVxCtz6AmvI3vRCQjexr12TuEvJno2e
LvwnjjGBaobzCfzcMawqbo7VEh0pfqAJm7mdXOpSnp/pRtUiDk1XuHRapd4BhKB8
wxSo62pM1YjRm4I8o0SPfNiRwch6owhWE/gkWBPGzxGHPoG7N9oUOzgKEc4=
-----END CERTIFICATE-----