Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d33a158a-371d-4a98-88a5-bf4d781be824.roa
File:                     d33a158a-371d-4a98-88a5-bf4d781be824.roa (raw, json)
Hash identifier:          NcgR2mQURK/HoDHUJlteRUMBdfQc4TMWaQuzo3fLI9M=
Subject key identifier:   FF:7C:13:53:CE:97:1A:DE:FB:81:4C:1D:0D:C7:E8:A5:79:86:C3:DD
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6093F2211C72D2BFD059ACF8DB4528F79AED863C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d33a158a-371d-4a98-88a5-bf4d781be824.roa
Signing time:             Sun 19 Nov 2023 00:00:00 +0000
ROA not before:           Sun 19 Nov 2023 00:00:00 +0000
ROA not after:            Sun 24 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:93:f2:21:1c:72:d2:bf:d0:59:ac:f8:db:45:28:f7:9a:ed:86:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 19 00:00:00 2023 GMT
            Not After : Dec 24 23:59:59 2023 GMT
        Subject: serialNumber=777fe44e0b38e2b08855a0643ccaff12a6fbd3299743acd6b58ce6f6fea401ae, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:93:ac:10:e9:33:ff:9f:88:06:f7:81:5f:ef:
                    da:07:8f:71:91:78:7a:54:d1:25:b3:a2:c5:46:48:
                    9b:98:eb:4c:2d:8c:0d:bf:0f:4a:bc:2e:0a:b7:7f:
                    ea:00:0f:45:51:39:55:42:95:c4:c0:3b:d4:a1:d4:
                    ac:0a:77:b2:62:d0:9a:ae:ea:b3:f7:6c:f5:5e:2e:
                    40:63:8b:16:30:81:62:6e:60:b8:73:d3:1a:63:f8:
                    48:35:9e:28:c4:9b:0d:3c:0d:a7:38:52:fb:e6:5d:
                    4c:2c:ab:6f:bd:42:dc:86:31:41:65:5f:31:90:82:
                    76:85:c2:31:3f:39:f6:c2:0d:df:f5:86:91:01:6d:
                    4f:3c:4c:f3:c3:3e:1a:06:e7:68:90:49:22:46:b1:
                    61:ff:a5:fd:07:00:40:c6:47:ad:19:52:e9:b1:7d:
                    1a:2a:ba:d2:2c:7b:25:f9:72:9e:60:01:65:f5:34:
                    97:7f:de:78:17:97:18:6f:1e:dc:56:f2:25:64:30:
                    a9:68:c8:2b:d4:2b:c4:7c:17:14:9a:b4:41:d2:1f:
                    7f:73:dc:7a:d3:a2:58:0e:77:0c:9d:43:28:4e:58:
                    b2:7f:bb:eb:89:5f:e5:7a:a4:47:5e:15:06:29:20:
                    80:19:59:6d:42:cd:d3:4b:e7:7b:64:db:62:a1:54:
                    60:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:7C:13:53:CE:97:1A:DE:FB:81:4C:1D:0D:C7:E8:A5:79:86:C3:DD
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d33a158a-371d-4a98-88a5-bf4d781be824.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:99:07:d5:d5:eb:6f:ff:e1:d1:44:d8:21:6e:a7:f5:74:c0:
         1e:b2:c5:35:08:26:23:d5:9e:eb:f6:07:0d:15:cf:82:2e:50:
         4a:50:e4:c5:71:8f:3e:49:37:9e:c6:66:a3:47:e6:d2:7d:7f:
         9e:59:f8:e2:a5:eb:61:08:f8:4d:da:ab:2a:43:56:ff:4f:87:
         77:db:a1:74:62:3f:c6:34:1f:48:b1:6d:a6:e1:8b:96:f2:f9:
         b0:02:a3:6a:b5:a0:20:e1:8c:82:c8:b8:3b:9e:2f:14:f4:7c:
         d8:14:34:eb:f3:64:f4:c2:6b:a5:33:d4:59:04:7f:a5:c6:bb:
         16:b4:b6:67:0d:89:36:a1:ef:18:77:c7:12:a3:fc:cb:86:bd:
         bc:55:be:b6:f1:de:fa:8e:a3:a2:fa:1e:95:01:e6:de:73:44:
         83:58:4f:a3:2b:8f:fb:88:7b:57:87:15:49:c5:f2:66:d4:51:
         27:b7:48:8c:31:fd:35:d8:c1:eb:75:40:f5:67:95:a7:a3:0a:
         60:d2:17:7b:e4:10:d0:53:8a:f7:03:47:ca:a5:d5:25:e2:70:
         e4:ab:95:86:7d:82:1d:d5:e8:75:3c:63:a9:35:67:1e:5a:40:
         f8:e2:a1:ec:fd:15:2b:1a:cf:13:9a:a3:74:51:03:a4:31:64:
         27:79:30:33
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYJPyIRxy0r/QWaz420Uo95rthjwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE5MDAwMDAwWhcNMjMxMjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NzdmZTQ0ZTBiMzhlMmIwODg1NWEwNjQzY2NhZmYxMmE2
ZmJkMzI5OTc0M2FjZDZiNThjZTZmNmZlYTQwMWFlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIk6wQ6TP/n4gG94Ff79oHj3GReHpU0SWzosVGSJuY60wt
jA2/D0q8Lgq3f+oAD0VROVVClcTAO9Sh1KwKd7Ji0Jqu6rP3bPVeLkBjixYwgWJu
YLhz0xpj+Eg1nijEmw08Dac4UvvmXUwsq2+9QtyGMUFlXzGQgnaFwjE/OfbCDd/1
hpEBbU88TPPDPhoG52iQSSJGsWH/pf0HAEDGR60ZUumxfRoqutIseyX5cp5gAWX1
NJd/3ngXlxhvHtxW8iVkMKloyCvUK8R8FxSatEHSH39z3HrTolgOdwydQyhOWLJ/
u+uJX+V6pEdeFQYpIIAZWW1CzdNL53tk22KhVGBvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/3wTU86XGt77gUwdDcfopXmGw90wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QzM2ExNThhLTM3MWQtNGE5OC04OGE1LWJmNGQ3ODFiZTgyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAeZB9XV62//4dFE2CFup/V0wB6y
xTUIJiPVnuv2Bw0Vz4IuUEpQ5MVxjz5JN57GZqNH5tJ9f55Z+OKl62EI+E3aqypD
Vv9Ph3fboXRiP8Y0H0ixbabhi5by+bACo2q1oCDhjILIuDueLxT0fNgUNOvzZPTC
a6Uz1FkEf6XGuxa0tmcNiTah7xh3xxKj/MuGvbxVvrbx3vqOo6L6HpUB5t5zRINY
T6Mrj/uIe1eHFUnF8mbUUSe3SIwx/TXYwet1QPVnlaejCmDSF3vkENBTivcDR8ql
1SXicOSrlYZ9gh3V6HU8Y6k1Zx5aQPjioez9FSsazxOao3RRA6QxZCd5MDM=
-----END CERTIFICATE-----