Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/edb510fa-6849-4f13-a0a9-f1a9d7d07cb4.roa
File:                     edb510fa-6849-4f13-a0a9-f1a9d7d07cb4.roa (raw, json)
Hash identifier:          LbwFdhMEFaBtGIAXoZNDZIzxXhO8KrmAckBlivkMr6w=
Subject key identifier:   C4:77:81:51:82:F3:FA:4C:45:ED:87:38:4D:52:16:22:2A:10:BE:6F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       67C996CBF50A28DA334B4B20C9E1262AD9F1FAE2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/edb510fa-6849-4f13-a0a9-f1a9d7d07cb4.roa
Signing time:             Thu 14 Dec 2023 00:00:00 +0000
ROA not before:           Thu 14 Dec 2023 00:00:00 +0000
ROA not after:            Thu 18 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:c9:96:cb:f5:0a:28:da:33:4b:4b:20:c9:e1:26:2a:d9:f1:fa:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 14 00:00:00 2023 GMT
            Not After : Jan 18 23:59:59 2024 GMT
        Subject: serialNumber=57610bc0b24bbf945747f7ee78eff4eb02bedcfafa42776afc3a860abdc8f789, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:95:a4:21:3f:16:91:38:9a:31:05:69:4c:0e:
                    22:34:fe:f5:2a:ac:aa:92:d5:bc:47:ed:53:b9:7b:
                    2e:0e:7b:8d:b7:38:4f:a8:df:36:54:70:20:d2:60:
                    10:94:07:40:10:af:3d:9b:8a:3d:c2:0e:51:5a:ac:
                    23:b2:e4:84:d9:b5:9c:2d:b4:e5:1b:87:49:e3:60:
                    c9:dd:46:68:64:4a:4f:60:df:48:11:f5:8a:d5:28:
                    f0:04:62:d2:5a:07:58:da:5d:86:f8:ff:f4:8f:13:
                    04:ea:ef:2c:de:b9:3d:30:3f:3f:99:46:c5:41:b2:
                    b0:a5:4f:5d:a1:33:fc:8a:07:61:48:c4:ac:dd:5a:
                    5c:91:bd:be:1c:d8:18:6b:d7:05:29:69:e7:2a:ae:
                    30:3b:97:d8:ad:3d:6a:f8:16:74:2e:ad:13:ef:59:
                    c1:a5:47:f1:6a:89:1b:74:9c:3e:30:c6:3a:f8:af:
                    4f:ae:eb:90:a6:75:c8:14:b5:26:40:f9:6c:44:1a:
                    e3:07:a8:f7:a3:93:b4:ce:e8:fb:27:70:0c:f1:d8:
                    20:33:57:3e:79:66:b7:d6:7a:43:35:f9:a5:34:01:
                    a2:78:06:40:ab:45:aa:3c:08:c3:36:c2:90:63:1c:
                    45:98:f9:29:cb:f4:ea:69:37:dc:fe:29:88:11:b2:
                    15:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:77:81:51:82:F3:FA:4C:45:ED:87:38:4D:52:16:22:2A:10:BE:6F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/edb510fa-6849-4f13-a0a9-f1a9d7d07cb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:da:bf:68:2f:c3:8c:5d:43:77:b7:cb:27:e9:f4:aa:e5:4c:
         16:d6:52:bc:05:d0:9b:21:ff:89:2d:04:a5:84:cc:77:26:91:
         ed:be:46:f8:e2:b5:e8:13:a8:1a:0a:66:de:0e:60:66:b0:19:
         77:78:8a:4a:d6:32:01:27:13:be:13:5a:8c:5d:90:cf:67:b6:
         9b:70:fc:cd:10:c7:d1:18:99:e8:52:99:5e:7c:96:ac:e1:31:
         c5:31:62:f5:df:cf:5a:6d:d6:6d:98:4b:04:24:2b:0c:39:b1:
         97:68:76:53:99:11:bb:71:ea:f6:50:e5:40:02:6c:b8:a5:48:
         04:d6:1f:b6:30:10:92:5f:c7:60:56:53:17:b9:60:d6:64:c2:
         b2:dd:49:a3:3a:19:fc:85:c2:1a:55:3b:bd:5a:18:2d:d2:3a:
         bb:1d:63:e6:f6:a6:99:b7:45:ae:85:b3:7a:c9:61:09:8d:96:
         8d:b1:49:48:26:98:08:b9:28:1c:17:51:f7:62:8a:8d:81:c9:
         5c:40:92:27:f0:39:46:38:ed:22:cf:ed:ae:fa:0b:9b:75:49:
         40:ec:7c:10:97:c4:aa:ed:08:8a:29:45:ff:78:ca:58:a0:00:
         d1:ff:68:a9:e7:92:6b:1f:a4:91:7e:31:05:a5:e3:d4:da:ee:
         1f:a0:3f:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ8mWy/UKKNozS0sgyeEmKtnx+uIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjE0MDAwMDAwWhcNMjQwMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NzYxMGJjMGIyNGJiZjk0NTc0N2Y3ZWU3OGVmZjRlYjAy
YmVkY2ZhZmE0Mjc3NmFmYzNhODYwYWJkYzhmNzg5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDElaQhPxaROJoxBWlMDiI0/vUqrKqS1bxH7VO5ey4Oe423
OE+o3zZUcCDSYBCUB0AQrz2bij3CDlFarCOy5ITZtZwttOUbh0njYMndRmhkSk9g
30gR9YrVKPAEYtJaB1jaXYb4//SPEwTq7yzeuT0wPz+ZRsVBsrClT12hM/yKB2FI
xKzdWlyRvb4c2Bhr1wUpaecqrjA7l9itPWr4FnQurRPvWcGlR/FqiRt0nD4wxjr4
r0+u65CmdcgUtSZA+WxEGuMHqPejk7TO6PsncAzx2CAzVz55ZrfWekM1+aU0AaJ4
BkCrRao8CMM2wpBjHEWY+SnL9OppN9z+KYgRshXHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxHeBUYLz+kxF7Yc4TVIWIioQvm8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VkYjUxMGZhLTY4NDktNGYxMy1hMGE5LWYxYTlkN2QwN2NiNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAPav2gvw4xdQ3e3yyfp9KrlTBbW
UrwF0Jsh/4ktBKWEzHcmke2+RvjitegTqBoKZt4OYGawGXd4ikrWMgEnE74TWoxd
kM9ntptw/M0Qx9EYmehSmV58lqzhMcUxYvXfz1pt1m2YSwQkKww5sZdodlOZEbtx
6vZQ5UACbLilSATWH7YwEJJfx2BWUxe5YNZkwrLdSaM6GfyFwhpVO71aGC3SOrsd
Y+b2ppm3Ra6Fs3rJYQmNlo2xSUgmmAi5KBwXUfdiio2ByVxAkifwOUY47SLP7a76
C5t1SUDsfBCXxKrtCIopRf94yligANH/aKnnkmsfpJF+MQWl49Ta7h+gP6g=
-----END CERTIFICATE-----