Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d924f33a-644f-402e-8d19-d70bf3ac077f.roa
File:                     d924f33a-644f-402e-8d19-d70bf3ac077f.roa (raw, json)
Hash identifier:          fKYzrOXt296dUoxpGvGpU9UlDqcbmlI/WmSTRRisRww=
Subject key identifier:   36:27:C9:85:18:E6:29:36:20:BA:0A:0B:72:DA:A0:6F:CB:C2:04:FA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       778FE99ADCD9D5ACA3FD6EA38E53F2E7C22D7A19
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d924f33a-644f-402e-8d19-d70bf3ac077f.roa
Signing time:             Sun 05 Nov 2023 00:00:00 +0000
ROA not before:           Sun 05 Nov 2023 00:00:00 +0000
ROA not after:            Sun 10 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:8f:e9:9a:dc:d9:d5:ac:a3:fd:6e:a3:8e:53:f2:e7:c2:2d:7a:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  5 00:00:00 2023 GMT
            Not After : Dec 10 23:59:59 2023 GMT
        Subject: serialNumber=18ee743b1e23d21f71a56845fd18b09b7cc104e84d0dc19d16393142dda038fc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:db:ec:74:66:13:d2:97:92:52:17:7d:38:b4:
                    42:57:a7:07:96:86:04:bb:cc:f2:14:64:ca:c1:18:
                    7e:18:36:c6:3c:17:e0:5a:ae:3d:a3:ac:8c:58:f3:
                    46:4c:b7:8c:54:75:e5:9d:0a:4f:76:d7:a7:c7:3d:
                    6c:24:ea:ae:d7:35:13:9d:65:cd:f6:22:58:29:60:
                    e0:c4:03:a9:fe:5f:df:c6:41:0f:e8:9c:52:cd:cc:
                    af:c7:c9:c6:db:23:c6:35:5b:cf:a6:9e:ea:23:6d:
                    79:81:19:e1:56:6e:6b:34:81:11:95:4d:78:88:9d:
                    9b:32:53:97:14:e8:32:b1:b5:18:72:62:d5:14:fc:
                    be:a9:1a:52:eb:32:53:c7:9e:8f:df:42:51:82:13:
                    03:c0:32:57:2c:22:d3:f5:26:62:8c:bf:ad:fb:98:
                    31:66:39:67:44:e5:cb:f1:60:2d:cf:7a:fc:02:95:
                    09:b3:61:73:a2:a1:05:f6:cb:19:1d:ec:88:3e:cc:
                    7a:f4:72:cd:de:ee:68:e5:23:54:f6:cf:b4:a9:d5:
                    5c:6c:87:03:d1:ee:31:bc:df:f9:81:69:2f:d8:4d:
                    d9:f8:69:f9:2b:9c:28:97:a2:f3:2c:b1:ff:a7:f7:
                    1a:06:24:65:e4:94:c0:f8:f2:ab:a9:75:3f:1a:8d:
                    60:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:27:C9:85:18:E6:29:36:20:BA:0A:0B:72:DA:A0:6F:CB:C2:04:FA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d924f33a-644f-402e-8d19-d70bf3ac077f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:85:2f:9c:db:c7:14:5e:b4:1f:0f:97:34:9f:c7:a1:cb:8f:
         69:a4:8a:9f:28:e8:51:a9:69:80:6a:60:ab:dc:3d:23:32:1b:
         8f:60:b5:1a:19:51:17:a2:77:20:a2:12:e0:a4:9e:30:b3:0a:
         cf:74:6f:a5:9d:da:c4:f9:a4:6f:90:52:3b:32:6a:4d:88:54:
         16:dd:92:1b:9c:4f:10:08:c3:cf:bd:0c:b2:a1:1e:57:61:18:
         04:57:19:2b:a4:f4:1c:9f:af:40:d1:eb:69:40:33:4c:6f:4c:
         40:99:e4:34:d0:3e:3e:76:21:86:fe:36:93:a8:5e:6f:5a:72:
         1e:e4:9d:d6:4f:10:08:98:3c:67:f8:51:9f:8a:e3:3c:83:1f:
         e0:a5:1f:51:c5:d8:15:2d:f2:7f:ec:5d:9d:cf:95:48:4c:74:
         18:9a:c6:2b:1f:aa:0b:33:ca:92:23:c7:56:34:83:fa:85:bf:
         9a:9b:23:b8:9b:57:8e:84:cb:97:e0:48:55:5e:0f:ea:32:4c:
         13:d2:6e:b6:2c:5e:eb:93:4d:9c:fb:ab:e4:f6:b3:35:1a:3e:
         4d:6c:62:60:17:4f:ca:70:08:fb:2a:f9:6e:a4:b9:27:36:fe:
         b5:c8:be:01:1f:1a:76:ca:5f:a1:e0:9c:c3:8e:a5:ce:1e:8e:
         48:43:e7:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd4/pmtzZ1ayj/W6jjlPy58ItehkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA1MDAwMDAwWhcNMjMxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxOGVlNzQzYjFlMjNkMjFmNzFhNTY4NDVmZDE4YjA5Yjdj
YzEwNGU4NGQwZGMxOWQxNjM5MzE0MmRkYTAzOGZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDP2+x0ZhPSl5JSF304tEJXpweWhgS7zPIUZMrBGH4YNsY8
F+Barj2jrIxY80ZMt4xUdeWdCk9216fHPWwk6q7XNROdZc32IlgpYODEA6n+X9/G
QQ/onFLNzK/HycbbI8Y1W8+mnuojbXmBGeFWbms0gRGVTXiInZsyU5cU6DKxtRhy
YtUU/L6pGlLrMlPHno/fQlGCEwPAMlcsItP1JmKMv637mDFmOWdE5cvxYC3PevwC
lQmzYXOioQX2yxkd7Ig+zHr0cs3e7mjlI1T2z7Sp1VxshwPR7jG83/mBaS/YTdn4
afkrnCiXovMssf+n9xoGJGXklMD48qupdT8ajWDTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNifJhRjmKTYgugoLctqgb8vCBPowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q5MjRmMzNhLTY0NGYtNDAyZS04ZDE5LWQ3MGJmM2FjMDc3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH6FL5zbxxRetB8PlzSfx6HLj2mk
ip8o6FGpaYBqYKvcPSMyG49gtRoZUReidyCiEuCknjCzCs90b6Wd2sT5pG+QUjsy
ak2IVBbdkhucTxAIw8+9DLKhHldhGARXGSuk9Byfr0DR62lAM0xvTECZ5DTQPj52
IYb+NpOoXm9ach7kndZPEAiYPGf4UZ+K4zyDH+ClH1HF2BUt8n/sXZ3PlUhMdBia
xisfqgszypIjx1Y0g/qFv5qbI7ibV46Ey5fgSFVeD+oyTBPSbrYsXuuTTZz7q+T2
szUaPk1sYmAXT8pwCPsq+W6kuSc2/rXIvgEfGnbKX6HgnMOOpc4ejkhD5xk=
-----END CERTIFICATE-----