Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd701c22-a2d7-44b7-b064-eb434d27117a.roa
File:                     fd701c22-a2d7-44b7-b064-eb434d27117a.roa (raw, json)
Hash identifier:          6pghqJ4Eabrw0Mqe6XIvP7F4kTxTkzAGfWCBwVhDmb8=
Subject key identifier:   4E:37:86:83:89:2F:39:F0:B1:74:D3:0A:97:0C:0B:0E:37:36:DE:47
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       59EF98225C7968F6F5E8F3DE2B9C1D80122C5BE8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd701c22-a2d7-44b7-b064-eb434d27117a.roa
Signing time:             Fri 24 Nov 2023 00:00:00 +0000
ROA not before:           Fri 24 Nov 2023 00:00:00 +0000
ROA not after:            Fri 29 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:ef:98:22:5c:79:68:f6:f5:e8:f3:de:2b:9c:1d:80:12:2c:5b:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 24 00:00:00 2023 GMT
            Not After : Dec 29 23:59:59 2023 GMT
        Subject: serialNumber=fcd48712c2e5ebd930b0464d34f99bfeca38e74868dacc5720158e43ca9f3f84, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c5:d6:35:6e:ef:e8:c7:b8:a4:59:79:ff:5d:
                    a6:14:f5:30:b8:a0:d6:de:e3:e8:8d:16:26:32:ca:
                    9e:a5:33:43:16:47:1b:40:b3:96:a0:fa:d7:dc:bb:
                    27:80:f5:b2:b3:14:ca:ce:57:ce:fc:04:69:44:8f:
                    f3:87:88:01:86:72:a6:be:66:03:45:82:02:ed:bd:
                    f9:0a:bd:9f:37:f6:d9:92:51:a3:bf:18:6f:e4:d1:
                    f8:44:39:0e:38:ad:32:0d:46:fd:ed:b0:56:1e:c4:
                    32:a6:e2:11:53:72:24:a8:f0:e7:15:16:96:67:ae:
                    e7:f9:00:38:7f:cb:bb:f6:6f:65:37:47:70:c0:97:
                    7e:4f:9b:94:95:84:91:31:eb:bc:65:c6:c2:d4:13:
                    50:a1:11:fd:08:7a:ac:09:87:11:32:f9:83:31:20:
                    c2:c6:43:e4:0b:93:1d:50:59:45:eb:d5:02:4a:d4:
                    68:7c:a6:ba:1b:fb:35:02:64:3a:e2:ee:01:69:94:
                    3a:d0:43:2c:fb:3b:80:69:c9:61:85:a9:fa:55:99:
                    65:5e:57:96:65:ab:84:14:e8:f5:36:6f:1f:59:55:
                    1d:87:a5:7b:ee:b5:74:be:3d:29:e0:21:0f:f1:ad:
                    cb:10:b5:4e:f1:27:ca:23:6d:10:65:5d:89:32:72:
                    8e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:37:86:83:89:2F:39:F0:B1:74:D3:0A:97:0C:0B:0E:37:36:DE:47
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd701c22-a2d7-44b7-b064-eb434d27117a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:4b:34:a8:5c:9d:f2:b6:2b:fd:52:fb:2c:03:dc:8f:78:79:
         53:ac:34:61:a5:ff:62:9c:6f:71:53:ff:81:3a:5d:34:50:69:
         5d:9e:1e:ad:bb:1a:ac:22:e9:2b:a7:e6:c0:56:15:c1:5b:f5:
         09:e7:56:77:fd:28:a2:61:27:61:8f:eb:ec:97:be:71:37:a2:
         1c:d2:3d:2f:4b:c7:ce:cd:2d:bc:14:9c:12:e8:06:f2:25:23:
         0a:8b:87:c9:eb:79:e0:f6:00:bb:dc:d2:06:93:fc:5f:43:53:
         b5:48:3d:87:b7:4e:a2:6d:8e:8e:bf:41:71:c4:18:dd:16:c6:
         4c:8b:ab:b3:7c:f3:66:17:de:4b:50:e6:7f:bb:ab:cf:b0:89:
         28:ca:ac:4a:3e:2c:82:86:6d:74:e1:32:77:48:2f:99:6b:b4:
         bc:48:63:1d:53:cb:ec:90:db:8b:78:e0:e0:da:35:49:93:6a:
         df:91:65:35:83:05:03:b6:58:ce:58:8b:0d:dc:86:cc:95:1d:
         ed:8c:81:11:4b:b8:5a:fb:e6:e9:8e:c4:b7:31:aa:7d:be:e5:
         c9:44:b6:f9:ac:ac:f2:d1:d8:4d:48:e7:1f:1f:37:14:e0:0f:
         d3:ae:a5:b7:77:54:67:15:c7:b9:d9:bf:97:78:31:61:4c:9a:
         9b:73:f5:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWe+YIlx5aPb16PPeK5wdgBIsW+gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTI0MDAwMDAwWhcNMjMxMjI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmY2Q0ODcxMmMyZTVlYmQ5MzBiMDQ2NGQzNGY5OWJmZWNh
MzhlNzQ4NjhkYWNjNTcyMDE1OGU0M2NhOWYzZjg0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbxdY1bu/ox7ikWXn/XaYU9TC4oNbe4+iNFiYyyp6lM0MW
RxtAs5ag+tfcuyeA9bKzFMrOV878BGlEj/OHiAGGcqa+ZgNFggLtvfkKvZ839tmS
UaO/GG/k0fhEOQ44rTINRv3tsFYexDKm4hFTciSo8OcVFpZnruf5ADh/y7v2b2U3
R3DAl35Pm5SVhJEx67xlxsLUE1ChEf0IeqwJhxEy+YMxIMLGQ+QLkx1QWUXr1QJK
1Gh8prob+zUCZDri7gFplDrQQyz7O4BpyWGFqfpVmWVeV5Zlq4QU6PU2bx9ZVR2H
pXvutXS+PSngIQ/xrcsQtU7xJ8ojbRBlXYkyco5HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTjeGg4kvOfCxdNMKlwwLDjc23kcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZkNzAxYzIyLWEyZDctNDRiNy1iMDY0LWViNDM0ZDI3MTE3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJpLNKhcnfK2K/1S+ywD3I94eVOs
NGGl/2Kcb3FT/4E6XTRQaV2eHq27Gqwi6Sun5sBWFcFb9QnnVnf9KKJhJ2GP6+yX
vnE3ohzSPS9Lx87NLbwUnBLoBvIlIwqLh8nreeD2ALvc0gaT/F9DU7VIPYe3TqJt
jo6/QXHEGN0WxkyLq7N882YX3ktQ5n+7q8+wiSjKrEo+LIKGbXThMndIL5lrtLxI
Yx1Ty+yQ24t44ODaNUmTat+RZTWDBQO2WM5Yiw3chsyVHe2MgRFLuFr75umOxLcx
qn2+5clEtvmsrPLR2E1I5x8fNxTgD9Oupbd3VGcVx7nZv5d4MWFMmptz9W4=
-----END CERTIFICATE-----