Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/08ce8628-1bd6-4df3-868d-8ed31be9b7e0.roa
File:                     08ce8628-1bd6-4df3-868d-8ed31be9b7e0.roa (raw, json)
Hash identifier:          uXI6XvjoLU7iiOS2H6GN/U8d9HLqAMJMLzloKww/eAU=
Subject key identifier:   11:19:E8:AA:1E:49:C1:60:44:26:DA:B5:6D:05:98:58:24:4D:CE:91
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7BCE30ADAADF88BD5CC423E5024419E88F7139B2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/08ce8628-1bd6-4df3-868d-8ed31be9b7e0.roa
Signing time:             Tue 14 Nov 2023 00:00:00 +0000
ROA not before:           Tue 14 Nov 2023 00:00:00 +0000
ROA not after:            Tue 19 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:ce:30:ad:aa:df:88:bd:5c:c4:23:e5:02:44:19:e8:8f:71:39:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 14 00:00:00 2023 GMT
            Not After : Dec 19 23:59:59 2023 GMT
        Subject: serialNumber=f1f0535340072c632c8290ed5087860cd5a59da11eac19d10c63d6da9a97da48, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b1:70:b0:ee:44:24:0a:4b:7b:39:2c:0c:db:
                    aa:3c:5e:fc:18:92:10:70:04:4b:8b:36:74:4c:f7:
                    84:b2:5c:24:65:b4:6b:7b:f6:e6:25:eb:74:69:cc:
                    5b:4b:4b:24:b4:60:96:5a:bc:f2:ff:de:f1:79:ef:
                    f4:02:1f:2f:ff:f4:4a:4d:9a:7e:e8:8b:02:23:96:
                    59:ba:b6:22:3d:7e:bb:15:3a:8d:2b:a2:0a:bb:a2:
                    87:63:60:cf:66:83:75:7f:a1:25:47:64:14:2e:a6:
                    97:26:40:c6:e0:05:2d:e7:4c:17:f7:96:b7:15:9f:
                    d3:b9:5c:88:9d:61:83:7a:c3:e6:2f:00:c6:a7:f4:
                    75:32:0f:a4:fc:fb:e2:7f:64:c2:e1:e2:05:1a:99:
                    ea:d1:54:cf:6a:7a:ee:83:bc:2c:e1:05:f0:8c:f1:
                    be:83:ac:fb:20:69:7b:d9:72:35:23:e8:86:4f:b8:
                    31:66:bb:eb:9d:71:98:5d:a1:3a:c8:18:ec:e5:57:
                    8d:06:87:f6:96:43:cc:77:b2:ba:4a:de:fe:92:1f:
                    48:ce:44:9c:38:1c:de:64:66:76:f3:73:6e:a0:cc:
                    ef:2a:6b:0e:3a:83:ab:af:c7:92:5d:18:f6:fe:3f:
                    e9:2b:94:55:a9:5b:ed:4e:39:c0:e4:42:d5:91:94:
                    32:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:19:E8:AA:1E:49:C1:60:44:26:DA:B5:6D:05:98:58:24:4D:CE:91
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/08ce8628-1bd6-4df3-868d-8ed31be9b7e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:bb:b5:bf:5a:2e:c8:77:79:e0:43:59:d9:9a:df:ab:ad:57:
         5f:c8:e2:52:76:58:0d:34:75:1f:f7:35:d9:61:f3:b7:ed:62:
         e7:f2:2b:11:ca:4c:d2:5a:0c:a2:dc:17:33:67:e7:9c:35:25:
         1b:a6:51:03:26:95:48:4c:da:69:0b:23:93:08:ba:12:fa:32:
         1b:5e:b6:36:9f:5c:78:cf:f7:b5:6c:3e:fc:52:af:30:10:67:
         02:ff:df:da:6f:95:bd:2d:f4:ae:be:1e:b7:a4:cf:fe:0b:b7:
         e0:7e:a1:de:56:c8:00:9e:b4:37:1a:6e:0a:45:7c:0e:b5:f9:
         4c:3a:42:23:12:eb:d4:de:d2:ba:fc:69:46:9c:53:d3:29:42:
         00:26:0a:12:0a:2c:2d:03:7f:74:6b:b0:f4:c7:9d:5c:63:0c:
         33:d3:1e:e6:e5:a2:a4:23:e4:16:48:2e:72:45:cf:27:ef:71:
         2c:88:35:a2:d3:7b:89:24:2b:22:37:ad:8e:51:a3:24:4d:e5:
         a7:cf:fa:c0:07:5d:97:2b:24:f8:ca:b5:3d:d6:80:c4:ac:9e:
         e1:fd:aa:07:9b:d2:90:bd:d5:69:c7:3d:e1:06:68:71:ec:1e:
         39:59:bf:f6:39:a9:96:23:cb:02:bc:86:30:50:f4:b4:27:c9:
         53:1a:a4:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe84wrarfiL1cxCPlAkQZ6I9xObIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE0MDAwMDAwWhcNMjMxMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMWYwNTM1MzQwMDcyYzYzMmM4MjkwZWQ1MDg3ODYwY2Q1
YTU5ZGExMWVhYzE5ZDEwYzYzZDZkYTlhOTdkYTQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCksXCw7kQkCkt7OSwM26o8XvwYkhBwBEuLNnRM94SyXCRl
tGt79uYl63RpzFtLSyS0YJZavPL/3vF57/QCHy//9EpNmn7oiwIjllm6tiI9frsV
Oo0rogq7oodjYM9mg3V/oSVHZBQuppcmQMbgBS3nTBf3lrcVn9O5XIidYYN6w+Yv
AMan9HUyD6T8++J/ZMLh4gUamerRVM9qeu6DvCzhBfCM8b6DrPsgaXvZcjUj6IZP
uDFmu+udcZhdoTrIGOzlV40Gh/aWQ8x3srpK3v6SH0jORJw4HN5kZnbzc26gzO8q
aw46g6uvx5JdGPb+P+krlFWpW+1OOcDkQtWRlDJ9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUERnoqh5JwWBEJtq1bQWYWCRNzpEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA4Y2U4NjI4LTFiZDYtNGRmMy04NjhkLThlZDMxYmU5YjdlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGi7tb9aLsh3eeBDWdma36utV1/I
4lJ2WA00dR/3Ndlh87ftYufyKxHKTNJaDKLcFzNn55w1JRumUQMmlUhM2mkLI5MI
uhL6MhtetjafXHjP97VsPvxSrzAQZwL/39pvlb0t9K6+Hrekz/4Lt+B+od5WyACe
tDcabgpFfA61+Uw6QiMS69Te0rr8aUacU9MpQgAmChIKLC0Df3RrsPTHnVxjDDPT
HubloqQj5BZILnJFzyfvcSyINaLTe4kkKyI3rY5RoyRN5afP+sAHXZcrJPjKtT3W
gMSsnuH9qgeb0pC91WnHPeEGaHHsHjlZv/Y5qZYjywK8hjBQ9LQnyVMapBs=
-----END CERTIFICATE-----