Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ca781f47-8cab-497e-b369-60b9f87a774d.roa
File:                     ca781f47-8cab-497e-b369-60b9f87a774d.roa (raw, json)
Hash identifier:          X9eYo5J46aXItuohxJNiJ1CShnPL6PtwXstGUu/fKM8=
Subject key identifier:   EA:2E:59:F0:A8:ED:D7:66:76:20:16:F1:DE:4C:88:AF:B2:99:09:99
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2602DEA27AEB8F90BAFE79D354982DD294590323
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ca781f47-8cab-497e-b369-60b9f87a774d.roa
Signing time:             Fri 17 Nov 2023 00:00:00 +0000
ROA not before:           Fri 17 Nov 2023 00:00:00 +0000
ROA not after:            Fri 22 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:02:de:a2:7a:eb:8f:90:ba:fe:79:d3:54:98:2d:d2:94:59:03:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 17 00:00:00 2023 GMT
            Not After : Dec 22 23:59:59 2023 GMT
        Subject: serialNumber=432c520e59e879f805756acb5a8daf842195c9bbb70adff42a19bec92d592efc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:aa:be:01:8c:31:f2:50:1e:bf:0f:40:f2:44:
                    f4:ae:fb:76:04:02:a4:92:86:1e:af:97:72:56:14:
                    83:c5:9a:70:d5:00:16:88:ed:0e:ff:0d:5f:b0:57:
                    38:d1:93:f9:e1:a7:31:2a:2d:28:03:56:f4:5a:30:
                    71:1e:c4:f2:c0:17:fe:9e:92:6d:e2:d2:91:fa:b7:
                    b5:c5:a1:c1:ec:52:c7:f8:d3:d1:b4:10:24:8d:9a:
                    15:f0:70:70:a1:35:a8:4e:3a:de:06:82:05:1e:f9:
                    a6:a0:e6:e6:85:5c:ef:67:fa:5e:b3:50:ec:f2:60:
                    cc:c9:8e:f2:74:59:7a:f8:91:a5:1c:a5:d6:15:bc:
                    ab:93:00:dc:cc:00:cc:af:a8:69:fb:6d:78:15:af:
                    16:f7:dd:3d:ae:07:03:0c:76:25:a2:9e:4c:54:be:
                    ef:2d:23:bc:22:cc:48:6d:ef:05:97:f0:e9:5d:c4:
                    8d:dd:96:a0:2e:e2:7a:c6:2e:79:86:0a:bd:1e:cd:
                    e1:93:21:16:12:77:64:06:6d:dc:8a:45:94:15:af:
                    ff:cd:a8:f0:6b:f4:82:4c:d1:05:59:d8:67:f0:6f:
                    78:1c:be:f4:12:a6:ab:54:55:72:18:52:c8:fe:98:
                    04:af:d2:e9:71:37:52:bb:fb:0c:24:38:99:23:d2:
                    91:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:2E:59:F0:A8:ED:D7:66:76:20:16:F1:DE:4C:88:AF:B2:99:09:99
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ca781f47-8cab-497e-b369-60b9f87a774d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:6f:a5:7f:7a:c5:9e:33:2d:d0:6a:b7:09:da:e3:e4:41:1f:
         4e:95:de:c1:9b:cb:2a:cb:db:89:61:aa:80:32:59:7c:9d:62:
         5c:de:06:0d:91:92:a7:59:e7:94:47:fa:a0:30:d3:5a:5c:4a:
         28:12:f2:50:7b:a9:98:73:c0:59:6c:a6:14:84:a7:31:12:e3:
         dc:cf:98:20:e0:c2:26:c6:f0:69:d0:9f:b8:b1:15:01:b2:9e:
         c4:b9:b2:f2:cf:32:96:9c:1a:46:02:bc:29:ba:14:b8:06:09:
         8a:3a:7f:86:f7:79:fc:d9:4c:8b:3d:dd:a8:19:e8:3c:d9:70:
         d4:1c:e4:87:af:40:1b:42:fc:2a:a1:00:c5:5c:09:3d:bb:f4:
         09:87:04:8c:e3:83:1a:59:87:26:1d:ab:53:62:97:32:00:7c:
         10:2a:9a:8f:b8:b6:bf:a5:bc:aa:9d:40:05:64:8d:7b:bb:aa:
         2f:66:ed:85:ab:8c:32:d8:d3:f2:3f:70:96:1b:a7:de:1f:96:
         ea:d9:1e:ba:55:7f:54:62:a9:e1:d0:30:6c:79:90:2e:5a:ed:
         ec:9a:10:69:8b:01:c7:3e:c6:57:3d:e7:5f:af:77:16:d7:d8:
         14:9b:91:24:2c:36:64:a0:ef:cb:4d:79:a6:f4:ab:5b:dd:21:
         d0:84:e2:04
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJgLeonrrj5C6/nnTVJgt0pRZAyMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE3MDAwMDAwWhcNMjMxMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MzJjNTIwZTU5ZTg3OWY4MDU3NTZhY2I1YThkYWY4NDIx
OTVjOWJiYjcwYWRmZjQyYTE5YmVjOTJkNTkyZWZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEqr4BjDHyUB6/D0DyRPSu+3YEAqSShh6vl3JWFIPFmnDV
ABaI7Q7/DV+wVzjRk/nhpzEqLSgDVvRaMHEexPLAF/6ekm3i0pH6t7XFocHsUsf4
09G0ECSNmhXwcHChNahOOt4GggUe+aag5uaFXO9n+l6zUOzyYMzJjvJ0WXr4kaUc
pdYVvKuTANzMAMyvqGn7bXgVrxb33T2uBwMMdiWinkxUvu8tI7wizEht7wWX8Old
xI3dlqAu4nrGLnmGCr0ezeGTIRYSd2QGbdyKRZQVr//NqPBr9IJM0QVZ2Gfwb3gc
vvQSpqtUVXIYUsj+mASv0ulxN1K7+wwkOJkj0pE7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6i5Z8Kjt12Z2IBbx3kyIr7KZCZkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NhNzgxZjQ3LThjYWItNDk3ZS1iMzY5LTYwYjlmODdhNzc0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALJvpX96xZ4zLdBqtwna4+RBH06V
3sGbyyrL24lhqoAyWXydYlzeBg2RkqdZ55RH+qAw01pcSigS8lB7qZhzwFlsphSE
pzES49zPmCDgwibG8GnQn7ixFQGynsS5svLPMpacGkYCvCm6FLgGCYo6f4b3efzZ
TIs93agZ6DzZcNQc5IevQBtC/CqhAMVcCT279AmHBIzjgxpZhyYdq1NilzIAfBAq
mo+4tr+lvKqdQAVkjXu7qi9m7YWrjDLY0/I/cJYbp94flurZHrpVf1RiqeHQMGx5
kC5a7eyaEGmLAcc+xlc951+vdxbX2BSbkSQsNmSg78tNeab0q1vdIdCE4gQ=
-----END CERTIFICATE-----