Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ec10176e-8a5e-4717-9401-1cdb860509f6.roa
File:                     ec10176e-8a5e-4717-9401-1cdb860509f6.roa (raw, json)
Hash identifier:          OCS6SyDk7wpA+CiMEY7yPE7DFOEp0+/1zL/MfK1+D18=
Subject key identifier:   AC:D1:8E:83:A7:BD:FC:D6:BE:C6:99:8F:3F:F4:49:21:FA:F4:49:F3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6A7C6E1B6A4D99C61B803530ED42623276971B5F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ec10176e-8a5e-4717-9401-1cdb860509f6.roa
Signing time:             Thu 09 Nov 2023 00:00:00 +0000
ROA not before:           Thu 09 Nov 2023 00:00:00 +0000
ROA not after:            Thu 14 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:7c:6e:1b:6a:4d:99:c6:1b:80:35:30:ed:42:62:32:76:97:1b:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  9 00:00:00 2023 GMT
            Not After : Dec 14 23:59:59 2023 GMT
        Subject: serialNumber=b408f0fa2aae370d4934eb855219052de01ed4d7bbd23c15542e5c38e5772072, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:02:07:5e:61:99:bc:c2:82:71:ab:50:c2:d8:
                    d0:01:1d:31:97:f7:e6:5e:ce:4b:2f:43:e4:33:58:
                    43:52:14:0b:fd:09:e4:0c:7d:a5:5e:e6:2e:89:90:
                    18:d4:c5:c1:76:16:1a:1f:9f:d4:78:4e:ef:e3:a5:
                    7e:29:8d:c3:9c:6f:ce:f3:4d:cc:f5:57:8e:4e:97:
                    e8:d9:c0:8a:49:6f:3a:b6:7d:47:3a:04:7c:8f:5d:
                    3c:f8:06:3a:24:16:61:af:ab:bb:4e:ef:38:c9:61:
                    d1:6d:77:93:15:fd:4d:bc:4a:3d:3b:92:7c:45:08:
                    a5:60:ee:9b:7a:e2:85:26:60:94:1e:47:d4:8c:ca:
                    03:a5:0a:eb:1d:6e:b3:cc:3e:bb:67:4d:2f:05:b7:
                    8a:75:eb:a3:35:ce:fc:76:83:7a:14:66:48:98:31:
                    6c:c2:d9:60:6e:c3:36:fd:df:a0:67:7e:27:44:45:
                    53:7a:7c:1a:cd:54:29:fc:87:e1:67:f1:73:68:fa:
                    b0:93:40:ea:6f:73:d9:05:5d:8e:5e:ab:7d:9e:04:
                    ed:13:fc:7b:af:fa:50:90:ad:0e:48:eb:e8:3d:7f:
                    57:63:6b:50:65:1a:0c:dc:d1:d5:bf:87:57:7d:96:
                    5a:80:43:27:26:a7:b4:77:59:94:1c:bc:72:6b:76:
                    cd:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D1:8E:83:A7:BD:FC:D6:BE:C6:99:8F:3F:F4:49:21:FA:F4:49:F3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ec10176e-8a5e-4717-9401-1cdb860509f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:55:f7:b0:12:06:d6:e6:ca:6d:44:2d:4a:73:69:fe:50:fa:
         4c:46:fd:31:74:85:a4:51:b4:81:3a:66:3f:94:69:99:87:76:
         31:45:9d:ec:b8:24:cd:97:61:e8:a6:86:4d:76:93:8f:52:c1:
         16:6f:d4:c2:bf:9e:37:ea:5a:a5:0b:37:7d:d9:8c:e8:aa:6f:
         3f:32:0c:2d:54:a9:d7:cb:38:fb:e1:a4:9f:e4:8e:64:5b:f2:
         5e:47:7a:43:8e:53:2d:a3:cf:27:bf:9a:1e:96:b4:b0:9c:98:
         81:bc:09:20:2e:a4:77:2f:f8:55:b8:31:ef:f6:24:d0:a1:9a:
         15:35:03:63:e3:0d:5d:96:b6:53:9b:a7:13:40:d9:a4:83:34:
         af:b2:c7:01:cb:b5:36:94:fb:af:6d:1b:f4:be:08:56:46:63:
         60:9a:19:1b:e9:de:d7:ba:3d:d8:87:98:4a:aa:db:f5:71:34:
         f9:3e:c9:d5:07:df:74:50:5c:49:08:73:41:b3:da:e6:e2:ab:
         0b:a1:30:61:d8:e2:f5:26:60:db:a3:15:11:45:53:e8:6e:db:
         50:0f:15:f6:c8:62:cd:15:1c:0d:00:4f:18:f5:da:cb:d0:fb:
         c4:95:02:c1:fb:ff:6c:cb:bc:7f:7d:fa:46:af:65:cc:0a:dd:
         74:04:27:13
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUanxuG2pNmcYbgDUw7UJiMnaXG18wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA5MDAwMDAwWhcNMjMxMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNDA4ZjBmYTJhYWUzNzBkNDkzNGViODU1MjE5MDUyZGUw
MWVkNGQ3YmJkMjNjMTU1NDJlNWMzOGU1NzcyMDcyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeAgdeYZm8woJxq1DC2NABHTGX9+ZezksvQ+QzWENSFAv9
CeQMfaVe5i6JkBjUxcF2Fhofn9R4Tu/jpX4pjcOcb87zTcz1V45Ol+jZwIpJbzq2
fUc6BHyPXTz4BjokFmGvq7tO7zjJYdFtd5MV/U28Sj07knxFCKVg7pt64oUmYJQe
R9SMygOlCusdbrPMPrtnTS8Ft4p166M1zvx2g3oUZkiYMWzC2WBuwzb936BnfidE
RVN6fBrNVCn8h+Fn8XNo+rCTQOpvc9kFXY5eq32eBO0T/Huv+lCQrQ5I6+g9f1dj
a1BlGgzc0dW/h1d9llqAQycmp7R3WZQcvHJrds3FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrNGOg6e9/Na+xpmPP/RJIfr0SfMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VjMTAxNzZlLThhNWUtNDcxNy05NDAxLTFjZGI4NjA1MDlmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAChV97ASBtbmym1ELUpzaf5Q+kxG
/TF0haRRtIE6Zj+UaZmHdjFFney4JM2XYeimhk12k49SwRZv1MK/njfqWqULN33Z
jOiqbz8yDC1UqdfLOPvhpJ/kjmRb8l5HekOOUy2jzye/mh6WtLCcmIG8CSAupHcv
+FW4Me/2JNChmhU1A2PjDV2WtlObpxNA2aSDNK+yxwHLtTaU+69tG/S+CFZGY2Ca
GRvp3te6PdiHmEqq2/VxNPk+ydUH33RQXEkIc0Gz2ubiqwuhMGHY4vUmYNujFRFF
U+hu21APFfbIYs0VHA0ATxj12svQ+8SVAsH7/2zLvH99+kavZcwK3XQEJxM=
-----END CERTIFICATE-----