Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d9a3f26d-0904-4884-977f-f8f2cb755be7.roa
File:                     d9a3f26d-0904-4884-977f-f8f2cb755be7.roa (raw, json)
Hash identifier:          VFirHshzcwUpH06syoc+shWZ8gdxsaoo3DyIYKkmGII=
Subject key identifier:   99:76:09:9E:4F:59:39:AE:72:4E:13:36:25:E6:27:13:0A:4D:DA:5B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0CD2DF88FB9C1EB5A0A5DC1832CC1761167758F5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d9a3f26d-0904-4884-977f-f8f2cb755be7.roa
Signing time:             Thu 09 Nov 2023 00:00:00 +0000
ROA not before:           Thu 09 Nov 2023 00:00:00 +0000
ROA not after:            Thu 14 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:d2:df:88:fb:9c:1e:b5:a0:a5:dc:18:32:cc:17:61:16:77:58:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  9 00:00:00 2023 GMT
            Not After : Dec 14 23:59:59 2023 GMT
        Subject: serialNumber=0d1cf11b658ba6ede83e4b8e3f6c961342eaa1834afc71938412aae3a768c35f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ad:f5:aa:65:0d:15:6d:44:58:49:fe:3e:72:
                    18:e3:ca:f7:0e:01:90:67:73:d0:ff:16:a4:fb:b9:
                    eb:b6:cc:37:c6:dd:aa:85:b4:b1:fc:cf:fc:ea:0e:
                    5b:f9:53:dc:76:cf:98:06:fa:db:1b:5f:16:17:ea:
                    b2:90:57:e3:be:c2:69:e3:6c:02:8c:06:f6:6f:f4:
                    fb:e4:50:55:c6:be:9d:9d:60:a7:70:1f:0a:f1:3f:
                    1a:f8:d5:c2:27:4f:50:da:53:fc:39:99:cc:92:f3:
                    04:e6:2b:c5:d5:ab:87:e5:a9:12:6f:58:17:7b:da:
                    91:1b:16:bf:62:7a:f7:27:fe:21:60:e4:51:3e:3a:
                    c5:26:2d:d5:67:b4:07:12:09:cc:11:f2:f3:8f:25:
                    cb:40:ec:1a:04:ad:3a:da:83:f4:6e:c7:2e:87:f0:
                    d1:0d:77:2d:a3:f7:25:63:51:fe:ce:df:2e:c0:b4:
                    64:60:51:69:1c:cd:96:0e:1c:94:77:e7:b3:f7:57:
                    da:76:fa:40:07:52:78:2c:e8:27:4b:25:e8:c6:17:
                    9b:2f:a6:93:95:7c:c0:9c:f6:ac:4b:bc:9e:a7:f9:
                    cf:a3:65:d6:66:c4:af:02:89:19:4a:8b:44:44:d6:
                    c7:36:89:ff:ec:95:b5:7b:d8:e9:ff:09:eb:da:ad:
                    6b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:76:09:9E:4F:59:39:AE:72:4E:13:36:25:E6:27:13:0A:4D:DA:5B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d9a3f26d-0904-4884-977f-f8f2cb755be7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:4a:95:5b:a1:39:59:47:5f:fe:9a:61:74:14:9e:19:be:50:
         17:86:9d:ca:96:77:03:54:83:f0:06:7f:b6:da:89:4b:86:86:
         c0:d1:48:10:8f:6b:24:0d:1b:59:6c:ee:2f:dc:c2:05:2c:94:
         b1:54:08:e0:68:8d:40:ef:bf:74:ae:a8:02:e4:cd:ff:76:7b:
         5a:88:fb:fa:d6:6c:24:dc:6d:a3:f8:ff:7b:cc:31:51:43:8c:
         8b:f0:74:f9:90:85:38:84:0e:08:e1:5e:a1:e0:37:f2:b8:7a:
         37:8e:2d:e0:fc:58:95:f2:2b:54:cb:f5:1b:ce:3e:70:8e:f5:
         e9:6c:f7:28:58:26:7f:44:3a:80:e6:64:26:13:f1:07:26:43:
         a3:1f:54:91:87:71:4e:45:bd:68:d8:6c:97:fe:bc:4b:ed:ff:
         a8:92:4c:08:08:85:44:f3:3f:72:af:01:b1:d6:5f:46:ac:d0:
         60:77:6e:ae:80:c6:47:e3:6f:bb:77:56:e4:3c:4e:af:95:09:
         0a:9a:cf:f7:a3:dc:20:1a:60:55:38:be:a2:ce:a6:c3:aa:20:
         f5:47:62:d9:b8:b8:c3:bf:45:45:96:37:7f:c0:9f:b4:92:30:
         e7:a5:ec:67:63:fd:fc:ff:7d:e7:46:41:f5:96:0c:67:56:06:
         14:ce:3f:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDNLfiPucHrWgpdwYMswXYRZ3WPUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA5MDAwMDAwWhcNMjMxMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZDFjZjExYjY1OGJhNmVkZTgzZTRiOGUzZjZjOTYxMzQy
ZWFhMTgzNGFmYzcxOTM4NDEyYWFlM2E3NjhjMzVmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2rfWqZQ0VbURYSf4+chjjyvcOAZBnc9D/FqT7ueu2zDfG
3aqFtLH8z/zqDlv5U9x2z5gG+tsbXxYX6rKQV+O+wmnjbAKMBvZv9PvkUFXGvp2d
YKdwHwrxPxr41cInT1DaU/w5mcyS8wTmK8XVq4flqRJvWBd72pEbFr9ievcn/iFg
5FE+OsUmLdVntAcSCcwR8vOPJctA7BoErTrag/Ruxy6H8NENdy2j9yVjUf7O3y7A
tGRgUWkczZYOHJR357P3V9p2+kAHUngs6CdLJejGF5svppOVfMCc9qxLvJ6n+c+j
ZdZmxK8CiRlKi0RE1sc2if/slbV72On/CevarWtxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmXYJnk9ZOa5yThM2JeYnEwpN2lswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q5YTNmMjZkLTA5MDQtNDg4NC05NzdmLWY4ZjJjYjc1NWJlNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB5KlVuhOVlHX/6aYXQUnhm+UBeG
ncqWdwNUg/AGf7baiUuGhsDRSBCPayQNG1ls7i/cwgUslLFUCOBojUDvv3SuqALk
zf92e1qI+/rWbCTcbaP4/3vMMVFDjIvwdPmQhTiEDgjhXqHgN/K4ejeOLeD8WJXy
K1TL9RvOPnCO9els9yhYJn9EOoDmZCYT8QcmQ6MfVJGHcU5FvWjYbJf+vEvt/6iS
TAgIhUTzP3KvAbHWX0as0GB3bq6Axkfjb7t3VuQ8Tq+VCQqaz/ej3CAaYFU4vqLO
psOqIPVHYtm4uMO/RUWWN3/An7SSMOel7Gdj/fz/fedGQfWWDGdWBhTOPx4=
-----END CERTIFICATE-----