Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/136f6102-6e51-4cdb-a0af-3e8bff61aed1.roa
File:                     136f6102-6e51-4cdb-a0af-3e8bff61aed1.roa (raw, json)
Hash identifier:          0zPNMqUj+Sq6eiwipx/+4/amGdNiM6dS+8hcoDXZ4Wg=
Subject key identifier:   3B:73:03:F9:5D:74:A7:F8:5B:00:1F:1E:C8:72:8F:3B:22:2E:41:6E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       13812840F649D101D8A8349B280A0574674D5218
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/136f6102-6e51-4cdb-a0af-3e8bff61aed1.roa
Signing time:             Fri 17 Nov 2023 00:00:00 +0000
ROA not before:           Fri 17 Nov 2023 00:00:00 +0000
ROA not after:            Fri 22 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:81:28:40:f6:49:d1:01:d8:a8:34:9b:28:0a:05:74:67:4d:52:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 17 00:00:00 2023 GMT
            Not After : Dec 22 23:59:59 2023 GMT
        Subject: serialNumber=02e07d6b781c1c856b6c912b1b063e77a79cf3f1eb8a1397a8f47b9db134ee30, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:45:31:d3:fa:1a:14:c0:2d:8d:4a:76:08:67:
                    2d:b2:bf:65:8d:5d:48:99:f9:2b:09:bf:f2:95:db:
                    36:1e:77:8c:a4:ed:0d:b7:dc:19:f3:31:06:a0:45:
                    91:a3:75:45:8b:e3:3f:15:ee:ed:80:ce:94:9e:ce:
                    58:5c:3f:4a:ff:74:21:b4:1b:d2:f6:bc:dc:34:a4:
                    c7:5f:26:23:72:cd:13:9b:25:5f:d8:98:92:f3:3d:
                    79:3e:dc:2f:ef:e2:67:08:3e:b7:d0:c7:28:00:89:
                    a2:06:79:ff:1c:39:9e:3e:84:28:80:03:53:0a:21:
                    61:6a:df:aa:5e:4a:48:61:14:4e:f5:17:93:05:23:
                    16:f2:e9:15:d8:aa:a0:04:df:20:66:e3:aa:07:b8:
                    5e:30:81:30:30:88:f7:f8:d2:23:0e:56:18:b4:7e:
                    e9:b4:5e:8c:11:84:b1:df:54:7e:1f:0d:7a:b6:24:
                    bb:22:d8:60:97:0e:aa:39:08:57:54:1a:24:50:f6:
                    07:41:0b:9f:dc:1e:9c:bf:c0:22:be:53:55:e6:0f:
                    a4:01:30:35:ad:89:b0:33:e5:18:6c:34:c2:f6:6e:
                    43:29:51:a8:a3:47:cf:65:9c:35:03:a7:e5:f1:a3:
                    8a:dc:1f:21:ee:2f:70:a6:05:01:2e:c0:51:7f:fb:
                    6e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:73:03:F9:5D:74:A7:F8:5B:00:1F:1E:C8:72:8F:3B:22:2E:41:6E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/136f6102-6e51-4cdb-a0af-3e8bff61aed1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:ca:27:7e:44:ea:e6:67:f5:50:1b:1d:47:de:ab:62:be:f3:
         e3:89:e0:e6:0e:42:9b:f3:e4:95:e4:7b:4d:c4:0a:13:f7:bf:
         7d:8a:34:c7:7c:4a:16:cd:86:5c:43:10:38:e2:84:df:cb:09:
         db:96:5e:70:70:5e:c5:e9:45:a4:12:c5:bc:22:7e:14:71:50:
         33:90:ed:7b:7f:98:c5:a1:e3:bc:90:99:dd:00:cc:16:2d:24:
         af:1f:3c:06:ee:6a:67:76:fb:b0:45:98:65:03:e8:81:86:b0:
         63:74:a1:91:1a:a5:26:ca:8f:ac:f1:56:9f:78:29:22:bb:9f:
         e8:2e:ff:96:7a:bf:d6:15:6a:99:6d:ba:13:d6:85:3c:9d:c8:
         06:ad:31:74:a9:53:45:5f:80:5f:b0:aa:0c:29:77:a7:56:eb:
         68:2a:de:1b:7b:1e:3c:f2:8d:ee:69:d4:5e:df:7b:39:42:b6:
         ce:76:7c:a1:9b:20:b7:46:9b:d8:17:f7:f3:07:29:4d:d6:1c:
         c4:5b:bd:65:d8:28:44:c1:92:7d:63:ac:45:96:89:56:67:1e:
         6c:67:79:b1:6c:1e:cf:08:79:51:00:a5:bc:d2:5c:8b:e4:67:
         a0:15:62:7d:10:99:1a:57:0d:80:43:1a:68:88:9f:b2:5f:da:
         dc:1b:1e:77
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE4EoQPZJ0QHYqDSbKAoFdGdNUhgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE3MDAwMDAwWhcNMjMxMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMmUwN2Q2Yjc4MWMxYzg1NmI2YzkxMmIxYjA2M2U3N2E3
OWNmM2YxZWI4YTEzOTdhOGY0N2I5ZGIxMzRlZTMwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1RTHT+hoUwC2NSnYIZy2yv2WNXUiZ+SsJv/KV2zYed4yk
7Q233BnzMQagRZGjdUWL4z8V7u2AzpSezlhcP0r/dCG0G9L2vNw0pMdfJiNyzROb
JV/YmJLzPXk+3C/v4mcIPrfQxygAiaIGef8cOZ4+hCiAA1MKIWFq36peSkhhFE71
F5MFIxby6RXYqqAE3yBm46oHuF4wgTAwiPf40iMOVhi0fum0XowRhLHfVH4fDXq2
JLsi2GCXDqo5CFdUGiRQ9gdBC5/cHpy/wCK+U1XmD6QBMDWtibAz5RhsNML2bkMp
UaijR89lnDUDp+Xxo4rcHyHuL3CmBQEuwFF/+24BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUO3MD+V10p/hbAB8eyHKPOyIuQW4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzEzNmY2MTAyLTZlNTEtNGNkYi1hMGFmLTNlOGJmZjYxYWVkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACzKJ35E6uZn9VAbHUfeq2K+8+OJ
4OYOQpvz5JXke03EChP3v32KNMd8ShbNhlxDEDjihN/LCduWXnBwXsXpRaQSxbwi
fhRxUDOQ7Xt/mMWh47yQmd0AzBYtJK8fPAbuamd2+7BFmGUD6IGGsGN0oZEapSbK
j6zxVp94KSK7n+gu/5Z6v9YVapltuhPWhTydyAatMXSpU0VfgF+wqgwpd6dW62gq
3ht7Hjzyje5p1F7fezlCts52fKGbILdGm9gX9/MHKU3WHMRbvWXYKETBkn1jrEWW
iVZnHmxnebFsHs8IeVEApbzSXIvkZ6AVYn0QmRpXDYBDGmiIn7Jf2twbHnc=
-----END CERTIFICATE-----