Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ee0ab084-464a-43fe-98b6-e30da45e575a.roa
File:                     ee0ab084-464a-43fe-98b6-e30da45e575a.roa (raw, json)
Hash identifier:          EDOtvUlYgP1uclnR2TI15G5CfyjPbGKDApgc31BkOOM=
Subject key identifier:   B8:B3:CE:DC:C0:56:9D:D6:6F:B3:65:26:26:5A:A3:F3:7D:D1:F2:61
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       65D8CF3B9F85730FFC1DE1702802FA8A82FF8BC2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ee0ab084-464a-43fe-98b6-e30da45e575a.roa
Signing time:             Wed 13 Dec 2023 00:00:00 +0000
ROA not before:           Wed 13 Dec 2023 00:00:00 +0000
ROA not after:            Wed 17 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:d8:cf:3b:9f:85:73:0f:fc:1d:e1:70:28:02:fa:8a:82:ff:8b:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 13 00:00:00 2023 GMT
            Not After : Jan 17 23:59:59 2024 GMT
        Subject: serialNumber=23c403afd2d6712a1862070dfa59c59edfbc1b13dbcdb5899c2628b1ce6815ec, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:93:f8:62:68:fb:92:84:33:e4:66:55:c2:cc:
                    ba:ba:30:e7:68:0d:d0:bc:9f:b5:eb:2b:fd:c3:89:
                    3f:2e:3b:18:41:1a:b6:07:5a:e8:0c:3e:08:8e:09:
                    8c:f6:77:81:3f:73:9c:99:d1:45:41:19:a7:ab:93:
                    cd:e7:36:e7:8a:7b:9f:50:41:8c:a3:ab:4b:fd:21:
                    7e:57:d4:ef:df:90:ed:0b:df:bb:fa:1e:99:ec:6a:
                    23:0a:5e:29:7d:77:c3:c1:f2:98:97:06:8c:19:ba:
                    f6:25:a7:2e:65:0d:10:02:67:ec:e4:55:47:fb:f6:
                    e0:8e:31:5c:d0:88:da:1a:4a:5e:50:af:90:6e:0d:
                    41:ca:d1:8a:46:e3:3f:89:41:b3:6d:09:b1:65:15:
                    dc:2b:3c:48:bb:1d:9a:eb:ef:8e:3b:37:bd:26:c5:
                    7b:a0:a8:f9:5d:ef:78:f9:56:9a:65:22:5d:58:36:
                    cb:88:83:79:7d:92:0d:95:a5:c8:1d:48:18:40:64:
                    37:5e:00:45:b4:72:6a:ae:e4:95:42:1a:2c:b3:04:
                    d8:4d:76:2f:1b:d7:b7:dc:eb:5f:8c:b7:2c:a8:ad:
                    97:1b:3d:c0:78:5d:e6:dc:72:1b:82:a6:88:a9:42:
                    09:c8:3e:fa:cf:82:d5:1d:28:a9:9b:88:0c:83:c1:
                    a1:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:B3:CE:DC:C0:56:9D:D6:6F:B3:65:26:26:5A:A3:F3:7D:D1:F2:61
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ee0ab084-464a-43fe-98b6-e30da45e575a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:ff:41:b3:9f:8a:03:56:31:08:41:dd:c1:3a:5b:ec:63:34:
         32:54:c5:a1:5e:03:d1:43:fc:1d:e9:b8:df:36:61:4d:4f:d7:
         01:11:04:8b:c3:c7:a0:a3:9e:a2:87:fa:51:d5:b1:da:4c:09:
         5f:a6:fa:c5:ce:0b:82:a5:cf:f0:93:4f:cc:89:08:3d:2e:92:
         a3:8a:84:31:12:5e:05:02:3e:de:38:55:e3:6c:d9:5e:4e:9c:
         01:2f:3e:8d:72:12:d8:1e:de:64:49:2c:30:6f:bb:49:bb:13:
         92:2c:21:94:2d:c0:9c:1c:7b:1f:cf:80:21:46:3b:2c:69:cd:
         cb:16:60:97:ad:39:e8:50:07:80:21:d7:5b:9e:b3:20:f0:b3:
         7f:2b:75:5f:89:37:1a:3d:29:7c:9a:30:88:81:0d:18:44:11:
         ab:cc:37:ae:51:03:02:ae:d3:b5:ac:e9:a0:86:41:4b:b9:ae:
         50:da:bc:51:b2:72:64:35:bb:e4:0e:89:c8:20:1b:e6:4c:28:
         b8:39:0a:9d:68:4a:f7:dc:29:c9:04:fe:fb:50:da:35:2f:f1:
         65:9b:56:07:cb:c5:7b:39:ad:74:e7:9e:fc:ae:ee:27:33:11:
         16:03:e0:e5:55:95:07:22:2d:f0:51:e4:b6:98:93:f0:a1:36:
         6c:4e:f5:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZdjPO5+Fcw/8HeFwKAL6ioL/i8IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjEzMDAwMDAwWhcNMjQwMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyM2M0MDNhZmQyZDY3MTJhMTg2MjA3MGRmYTU5YzU5ZWRm
YmMxYjEzZGJjZGI1ODk5YzI2MjhiMWNlNjgxNWVjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsk/hiaPuShDPkZlXCzLq6MOdoDdC8n7XrK/3DiT8uOxhB
GrYHWugMPgiOCYz2d4E/c5yZ0UVBGaerk83nNueKe59QQYyjq0v9IX5X1O/fkO0L
37v6HpnsaiMKXil9d8PB8piXBowZuvYlpy5lDRACZ+zkVUf79uCOMVzQiNoaSl5Q
r5BuDUHK0YpG4z+JQbNtCbFlFdwrPEi7HZrr7447N70mxXugqPld73j5VpplIl1Y
NsuIg3l9kg2VpcgdSBhAZDdeAEW0cmqu5JVCGiyzBNhNdi8b17fc61+MtyyorZcb
PcB4XebcchuCpoipQgnIPvrPgtUdKKmbiAyDwaHxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuLPO3MBWndZvs2UmJlqj833R8mEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VlMGFiMDg0LTQ2NGEtNDNmZS05OGI2LWUzMGRhNDVlNTc1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADP/QbOfigNWMQhB3cE6W+xjNDJU
xaFeA9FD/B3puN82YU1P1wERBIvDx6CjnqKH+lHVsdpMCV+m+sXOC4Klz/CTT8yJ
CD0ukqOKhDESXgUCPt44VeNs2V5OnAEvPo1yEtge3mRJLDBvu0m7E5IsIZQtwJwc
ex/PgCFGOyxpzcsWYJetOehQB4Ah11uesyDws38rdV+JNxo9KXyaMIiBDRhEEavM
N65RAwKu07Ws6aCGQUu5rlDavFGycmQ1u+QOicggG+ZMKLg5Cp1oSvfcKckE/vtQ
2jUv8WWbVgfLxXs5rXTnnvyu7iczERYD4OVVlQciLfBR5LaYk/ChNmxO9Ug=
-----END CERTIFICATE-----