Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d3a58277-7a5b-4ddf-a3f9-b039c13baf4a.roa
File:                     d3a58277-7a5b-4ddf-a3f9-b039c13baf4a.roa (raw, json)
Hash identifier:          I39b6BKEaqrTzEKAAcGx1LJc0ET+5siYbct6NrAzc5w=
Subject key identifier:   77:99:E0:71:0B:20:34:4F:2C:ED:9D:96:96:97:0E:3C:AF:EE:D7:D5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       634BEB0264155F70358687EB96A37FAAF581EDC3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d3a58277-7a5b-4ddf-a3f9-b039c13baf4a.roa
Signing time:             Sat 18 Nov 2023 00:00:00 +0000
ROA not before:           Sat 18 Nov 2023 00:00:00 +0000
ROA not after:            Sat 23 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:4b:eb:02:64:15:5f:70:35:86:87:eb:96:a3:7f:aa:f5:81:ed:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 18 00:00:00 2023 GMT
            Not After : Dec 23 23:59:59 2023 GMT
        Subject: serialNumber=16570aa5dd72cc380ed2c744e9c2ebcf048f8efd14870111ca5144623d986f7a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:dc:14:14:cd:59:ab:35:31:0c:7c:c6:00:e1:
                    0f:92:c8:32:e6:2f:cb:c4:a1:34:80:e7:12:48:35:
                    ec:25:8f:e7:0e:9b:a8:10:8a:51:ae:e4:d8:bf:73:
                    0a:a3:63:64:d1:a0:16:fb:6a:5a:d6:a2:22:3e:c7:
                    8e:d2:ff:6f:df:4b:f6:59:81:7d:fb:4f:9e:80:30:
                    d5:12:c1:5a:45:2d:49:7c:8c:25:0b:88:22:23:75:
                    ff:0e:1c:58:15:83:7a:bc:bc:73:48:4e:ed:df:57:
                    b0:89:f0:0a:96:40:df:59:76:1e:66:66:bb:11:07:
                    b2:2c:55:e8:55:d4:06:56:f4:bb:29:dc:19:e5:79:
                    00:fe:2a:e4:49:59:14:b3:19:bf:47:8f:8d:31:a2:
                    5d:c5:21:ab:24:fb:ee:52:46:36:6a:a1:6d:4a:d0:
                    e7:ef:1f:ab:17:bb:f0:f8:09:18:9d:85:05:93:b8:
                    51:d9:af:2b:e0:7c:63:17:d8:3f:cd:7a:05:d0:66:
                    e7:9c:e8:f0:8c:ea:9f:5b:ae:71:55:82:6c:73:a7:
                    0e:fc:20:5d:f7:5d:ab:92:ff:58:7a:8a:7d:c7:cf:
                    29:2f:1d:2f:e0:55:a9:e9:ec:10:95:ec:82:5e:64:
                    6f:cb:81:f0:0c:da:a7:38:71:19:97:21:f2:cb:ea:
                    26:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:99:E0:71:0B:20:34:4F:2C:ED:9D:96:96:97:0E:3C:AF:EE:D7:D5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d3a58277-7a5b-4ddf-a3f9-b039c13baf4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:e6:89:06:cf:88:73:4e:4d:14:39:fa:aa:c4:a4:43:32:54:
         2b:4c:af:eb:0f:54:68:c7:65:86:7a:8e:fe:61:04:3b:f1:de:
         17:98:ab:07:64:45:05:b5:6b:20:8f:2d:23:60:bc:84:40:2a:
         bb:16:66:3f:f9:73:c9:e2:f2:c0:a5:5c:ef:72:87:a1:0e:de:
         a9:25:f3:65:9c:12:ef:39:f5:01:f3:73:90:ed:04:63:fd:da:
         66:7d:31:f6:4c:60:70:f7:dc:7e:a5:0b:71:a7:cb:29:ea:00:
         a9:60:01:5f:55:84:7f:3a:7d:a0:84:d5:80:12:fd:23:97:84:
         8d:de:39:12:7b:d8:62:78:80:bf:64:ee:07:46:ec:fd:14:49:
         ba:10:fd:a3:1d:a3:12:3d:c9:18:e4:e9:24:84:a4:d4:a2:99:
         b8:d7:e2:e3:58:90:2d:21:5d:db:47:4f:ed:61:2a:02:78:57:
         16:1e:38:0c:2f:cf:8a:d1:9c:13:5d:c2:4a:52:51:18:bd:18:
         75:75:94:42:4b:56:88:e9:09:1e:b1:c9:00:e5:d9:39:69:ab:
         7e:12:45:b9:28:d6:ed:c3:ab:70:df:c8:72:b1:f5:7d:9a:28:
         83:cb:99:12:78:c9:9f:3e:84:a6:d8:9f:6a:9d:13:cd:db:76:
         86:54:6c:b3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY0vrAmQVX3A1hofrlqN/qvWB7cMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE4MDAwMDAwWhcNMjMxMjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjU3MGFhNWRkNzJjYzM4MGVkMmM3NDRlOWMyZWJjZjA0
OGY4ZWZkMTQ4NzAxMTFjYTUxNDQ2MjNkOTg2ZjdhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr3BQUzVmrNTEMfMYA4Q+SyDLmL8vEoTSA5xJINewlj+cO
m6gQilGu5Ni/cwqjY2TRoBb7alrWoiI+x47S/2/fS/ZZgX37T56AMNUSwVpFLUl8
jCULiCIjdf8OHFgVg3q8vHNITu3fV7CJ8AqWQN9Zdh5mZrsRB7IsVehV1AZW9Lsp
3BnleQD+KuRJWRSzGb9Hj40xol3FIask++5SRjZqoW1K0OfvH6sXu/D4CRidhQWT
uFHZryvgfGMX2D/NegXQZuec6PCM6p9brnFVgmxzpw78IF33XauS/1h6in3Hzykv
HS/gVanp7BCV7IJeZG/LgfAM2qc4cRmXIfLL6iaDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUd5ngcQsgNE8s7Z2WlpcOPK/u19UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QzYTU4Mjc3LTdhNWItNGRkZi1hM2Y5LWIwMzljMTNiYWY0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAbmiQbPiHNOTRQ5+qrEpEMyVCtM
r+sPVGjHZYZ6jv5hBDvx3heYqwdkRQW1ayCPLSNgvIRAKrsWZj/5c8ni8sClXO9y
h6EO3qkl82WcEu859QHzc5DtBGP92mZ9MfZMYHD33H6lC3GnyynqAKlgAV9VhH86
faCE1YAS/SOXhI3eORJ72GJ4gL9k7gdG7P0USboQ/aMdoxI9yRjk6SSEpNSimbjX
4uNYkC0hXdtHT+1hKgJ4VxYeOAwvz4rRnBNdwkpSURi9GHV1lEJLVojpCR6xyQDl
2Tlpq34SRbko1u3Dq3DfyHKx9X2aKIPLmRJ4yZ8+hKbYn2qdE83bdoZUbLM=
-----END CERTIFICATE-----