Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8d233ed-635a-42e3-8433-b16883898e24.roa
File:                     d8d233ed-635a-42e3-8433-b16883898e24.roa (raw, json)
Hash identifier:          qnrU0nQNIq9vY9u3TAOoKN0CdMBWTaCEZ0ijcg8fr2k=
Subject key identifier:   57:5C:AD:9C:98:1C:7C:EF:55:8A:AC:48:6E:40:F8:F0:1D:FC:AC:D5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       60D8569B20E83DB86DF4819506AA40F85F344EEA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8d233ed-635a-42e3-8433-b16883898e24.roa
Signing time:             Tue 26 Dec 2023 00:00:00 +0000
ROA not before:           Tue 26 Dec 2023 00:00:00 +0000
ROA not after:            Tue 30 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:d8:56:9b:20:e8:3d:b8:6d:f4:81:95:06:aa:40:f8:5f:34:4e:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 26 00:00:00 2023 GMT
            Not After : Jan 30 23:59:59 2024 GMT
        Subject: serialNumber=14ee965f97f5a1247f202807449315adf4aec8e4c49cd6a83ed31f5840297108, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7d:2a:fa:02:9e:c4:a9:d3:17:f9:3f:55:75:
                    20:e9:5b:71:d5:73:32:b6:e8:af:cb:48:81:e9:e4:
                    13:9e:00:3e:f5:ee:1d:92:ae:b4:b0:1a:5d:d5:d4:
                    48:bd:77:31:fc:ea:98:49:09:81:1c:38:26:29:12:
                    54:50:b6:84:ac:c8:8a:7b:e0:6b:f3:72:ab:8b:42:
                    45:1b:5e:e3:ab:f0:27:74:2a:b6:ed:08:64:3b:58:
                    29:d7:ca:f1:56:18:26:ca:75:ff:79:42:eb:ab:47:
                    ca:5c:e6:0d:d3:1b:8a:3c:15:49:74:f8:21:22:d8:
                    26:58:44:30:2d:5e:e3:f7:79:15:f0:7d:d8:29:1e:
                    72:2b:5e:0f:b3:11:51:3c:29:25:9b:03:70:6a:48:
                    36:77:dc:88:4a:13:56:3c:92:77:e8:71:b5:5a:af:
                    02:cc:83:74:18:c0:8b:c1:36:4a:e1:98:bf:d1:62:
                    45:7b:61:65:79:a0:d4:25:e2:a4:b1:1e:a0:88:4c:
                    6c:99:37:a5:f3:f4:89:07:8d:d9:87:ec:30:9a:7c:
                    35:32:1b:74:fe:15:58:58:fd:79:31:ef:f0:96:9d:
                    d9:9d:7f:4a:d1:39:78:8a:49:45:aa:a9:9b:d3:06:
                    a0:af:68:b5:72:44:74:d1:9c:4b:9d:69:02:40:bc:
                    0d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:5C:AD:9C:98:1C:7C:EF:55:8A:AC:48:6E:40:F8:F0:1D:FC:AC:D5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8d233ed-635a-42e3-8433-b16883898e24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:a9:59:99:a9:08:3c:37:8c:b0:5a:39:59:6d:e9:c6:c8:af:
         4f:69:2b:ce:89:f1:47:38:f8:af:d0:15:0e:33:c2:c6:b4:a9:
         ef:12:a2:16:29:7f:91:88:10:38:96:89:f4:41:8c:ba:de:b4:
         4b:cf:92:c4:93:10:2f:ca:71:de:58:48:53:08:fb:0a:82:e6:
         0a:0d:48:12:61:02:01:25:db:fc:5e:18:46:07:4b:78:1b:72:
         b5:3c:2e:4e:a5:37:7e:4b:76:01:b6:00:85:b5:31:00:3f:69:
         fb:67:54:90:31:4f:28:18:0f:cd:5c:2e:11:8f:30:9b:81:2b:
         2e:e2:71:61:a9:ca:14:1c:13:82:25:d4:f0:e9:6c:16:f4:fc:
         57:5e:0e:08:37:08:0a:5d:7a:53:cc:16:f4:bc:9a:9e:66:79:
         4b:e6:d9:de:4d:46:d1:46:03:de:51:4e:38:84:83:56:4a:b1:
         2e:64:07:59:6a:1e:a7:1b:80:86:dc:e8:6b:4e:16:cf:cf:cf:
         67:bd:fe:33:e5:65:f5:bf:1b:70:52:ec:c9:a9:a4:a5:d1:9c:
         ff:65:08:b8:ec:2d:f1:91:92:14:44:bf:a0:7b:53:2c:61:0a:
         34:59:bf:44:55:a7:29:b1:26:fe:27:9f:1a:f7:d1:ac:ab:3a:
         9e:61:33:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYNhWmyDoPbht9IGVBqpA+F80TuowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjI2MDAwMDAwWhcNMjQwMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNGVlOTY1Zjk3ZjVhMTI0N2YyMDI4MDc0NDkzMTVhZGY0
YWVjOGU0YzQ5Y2Q2YTgzZWQzMWY1ODQwMjk3MTA4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7fSr6Ap7EqdMX+T9VdSDpW3HVczK26K/LSIHp5BOeAD71
7h2SrrSwGl3V1Ei9dzH86phJCYEcOCYpElRQtoSsyIp74GvzcquLQkUbXuOr8Cd0
KrbtCGQ7WCnXyvFWGCbKdf95QuurR8pc5g3TG4o8FUl0+CEi2CZYRDAtXuP3eRXw
fdgpHnIrXg+zEVE8KSWbA3BqSDZ33IhKE1Y8knfocbVarwLMg3QYwIvBNkrhmL/R
YkV7YWV5oNQl4qSxHqCITGyZN6Xz9IkHjdmH7DCafDUyG3T+FVhY/Xkx7/CWndmd
f0rROXiKSUWqqZvTBqCvaLVyRHTRnEudaQJAvA37AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV1ytnJgcfO9ViqxIbkD48B38rNUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q4ZDIzM2VkLTYzNWEtNDJlMy04NDMzLWIxNjg4Mzg5OGUyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHWpWZmpCDw3jLBaOVlt6cbIr09p
K86J8Uc4+K/QFQ4zwsa0qe8SohYpf5GIEDiWifRBjLretEvPksSTEC/Kcd5YSFMI
+wqC5goNSBJhAgEl2/xeGEYHS3gbcrU8Lk6lN35LdgG2AIW1MQA/aftnVJAxTygY
D81cLhGPMJuBKy7icWGpyhQcE4Il1PDpbBb0/FdeDgg3CApdelPMFvS8mp5meUvm
2d5NRtFGA95RTjiEg1ZKsS5kB1lqHqcbgIbc6GtOFs/Pz2e9/jPlZfW/G3BS7Mmp
pKXRnP9lCLjsLfGRkhREv6B7UyxhCjRZv0RVpymxJv4nnxr30ayrOp5hM2s=
-----END CERTIFICATE-----