Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cdaf6c7b-12f1-4b09-92d6-d441c882fa54.roa
File:                     cdaf6c7b-12f1-4b09-92d6-d441c882fa54.roa (raw, json)
Hash identifier:          b8fEuIqvbhuyveQMBzJXdn+zFekr4oTPC/8rNdmcHlw=
Subject key identifier:   65:70:76:85:4F:63:A5:85:E0:A4:B2:EF:9C:A6:FA:46:31:AA:09:42
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       557DEAC676543933F8C11C21338260F202C75B27
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cdaf6c7b-12f1-4b09-92d6-d441c882fa54.roa
Signing time:             Tue 14 Nov 2023 00:00:00 +0000
ROA not before:           Tue 14 Nov 2023 00:00:00 +0000
ROA not after:            Tue 19 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:7d:ea:c6:76:54:39:33:f8:c1:1c:21:33:82:60:f2:02:c7:5b:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 14 00:00:00 2023 GMT
            Not After : Dec 19 23:59:59 2023 GMT
        Subject: serialNumber=2a4c49ca36e8a4017b335d983527779278f8676e6ad8e24a8d557cc09ad2a185, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f7:43:8b:17:9b:83:83:7a:7f:ba:22:98:00:
                    13:28:0e:95:5d:9a:42:42:f1:fc:48:5b:31:71:76:
                    7d:83:db:2b:df:fb:42:ba:c3:31:dc:ac:30:15:fb:
                    fd:73:05:3d:23:d7:ec:78:4a:cd:09:a5:1b:2d:4a:
                    f9:53:2a:40:7c:6e:ef:4a:80:43:96:d1:9d:0a:c7:
                    7d:29:b6:dd:7a:bd:93:91:86:c2:32:24:df:1d:c5:
                    2c:88:26:97:0a:23:5c:6e:89:68:22:1c:04:b6:38:
                    c4:40:c7:dc:25:4e:31:a8:07:85:44:b3:0a:2b:2a:
                    27:02:19:ff:6d:f5:a7:7c:f5:2b:10:28:70:79:6c:
                    59:c8:5f:db:e6:63:76:af:14:80:61:d7:fe:ea:7d:
                    97:59:94:b4:fc:88:76:4c:47:b3:22:d0:fd:4c:28:
                    ba:58:d2:37:98:bf:59:01:cb:69:6f:a5:f0:ec:da:
                    1c:d5:a9:27:e7:4b:bd:80:82:d0:89:22:9a:cb:8b:
                    b2:bd:52:31:96:00:02:ff:ce:1f:51:44:7d:23:07:
                    02:2a:c2:e9:0e:fe:80:c1:e0:ca:7e:05:4b:42:22:
                    a1:67:17:90:0a:04:fd:ec:92:4d:76:9d:92:8a:02:
                    c3:a3:de:9a:0c:23:a5:77:fb:4c:ff:9e:97:80:6c:
                    bc:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:70:76:85:4F:63:A5:85:E0:A4:B2:EF:9C:A6:FA:46:31:AA:09:42
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cdaf6c7b-12f1-4b09-92d6-d441c882fa54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:72:3c:c4:2d:17:85:08:eb:7c:ca:04:d5:1a:b2:3a:04:6c:
         d2:0f:1b:f6:a8:25:d6:13:7c:af:0b:7c:af:0f:82:0e:d2:a8:
         10:a4:fb:4c:b1:c4:62:4d:10:cb:33:9d:3d:ba:c5:ae:97:c3:
         54:36:c4:bb:ea:02:4e:0f:da:c2:bf:e5:89:10:b7:e6:03:d2:
         60:1f:a7:90:d6:6f:e7:64:38:96:ec:0e:4a:33:8f:78:e6:63:
         3f:1c:06:3d:a2:48:b1:4b:24:6e:a3:59:db:5f:74:61:75:68:
         6b:45:aa:18:f3:af:f6:9c:52:0a:6e:70:39:af:00:db:32:d5:
         b3:85:95:84:2d:12:89:92:2e:fe:19:c7:df:ce:37:b7:53:58:
         2a:37:28:8f:7f:11:b8:2e:ad:00:56:09:c0:fd:7e:0a:8f:63:
         ab:4b:bc:01:08:08:6d:78:18:82:b9:5f:39:5a:80:a9:2b:cd:
         93:1b:9f:b2:46:f5:90:cd:25:53:4f:1f:d4:77:fa:d7:21:6d:
         51:44:08:4d:28:df:6b:49:24:9d:c1:c3:53:45:b7:de:b5:08:
         cc:1f:7e:55:1e:93:22:ad:90:c7:08:06:50:dd:d2:d5:63:c7:
         e3:ea:c6:9d:f8:6d:fd:81:f4:68:9b:f0:7d:3d:84:19:2c:ec:
         20:cc:cf:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVX3qxnZUOTP4wRwhM4Jg8gLHWycwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE0MDAwMDAwWhcNMjMxMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTRjNDljYTM2ZThhNDAxN2IzMzVkOTgzNTI3Nzc5Mjc4
Zjg2NzZlNmFkOGUyNGE4ZDU1N2NjMDlhZDJhMTg1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC490OLF5uDg3p/uiKYABMoDpVdmkJC8fxIWzFxdn2D2yvf
+0K6wzHcrDAV+/1zBT0j1+x4Ss0JpRstSvlTKkB8bu9KgEOW0Z0Kx30ptt16vZOR
hsIyJN8dxSyIJpcKI1xuiWgiHAS2OMRAx9wlTjGoB4VEsworKicCGf9t9ad89SsQ
KHB5bFnIX9vmY3avFIBh1/7qfZdZlLT8iHZMR7Mi0P1MKLpY0jeYv1kBy2lvpfDs
2hzVqSfnS72AgtCJIprLi7K9UjGWAAL/zh9RRH0jBwIqwukO/oDB4Mp+BUtCIqFn
F5AKBP3skk12nZKKAsOj3poMI6V3+0z/npeAbLxLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZXB2hU9jpYXgpLLvnKb6RjGqCUIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NkYWY2YzdiLTEyZjEtNGIwOS05MmQ2LWQ0NDFjODgyZmE1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGNyPMQtF4UI63zKBNUasjoEbNIP
G/aoJdYTfK8LfK8Pgg7SqBCk+0yxxGJNEMsznT26xa6Xw1Q2xLvqAk4P2sK/5YkQ
t+YD0mAfp5DWb+dkOJbsDkozj3jmYz8cBj2iSLFLJG6jWdtfdGF1aGtFqhjzr/ac
UgpucDmvANsy1bOFlYQtEomSLv4Zx9/ON7dTWCo3KI9/EbgurQBWCcD9fgqPY6tL
vAEICG14GIK5XzlagKkrzZMbn7JG9ZDNJVNPH9R3+tchbVFECE0o32tJJJ3Bw1NF
t961CMwfflUekyKtkMcIBlDd0tVjx+Pqxp34bf2B9Gib8H09hBks7CDMzyk=
-----END CERTIFICATE-----