Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1aa9e945-c738-499a-b19c-d3e094216ce3.roa
File:                     1aa9e945-c738-499a-b19c-d3e094216ce3.roa (raw, json)
Hash identifier:          SGcKqJaO8JOzdCLKjGVAXbPxjtTXdfIJvPqVhj+WFro=
Subject key identifier:   5F:00:6E:71:40:71:C7:27:39:B9:9A:85:6A:1E:D1:91:E9:25:DE:C3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       43DBC02B67B88F94881F36EAD62A455D20ACD5D3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1aa9e945-c738-499a-b19c-d3e094216ce3.roa
Signing time:             Fri 10 Nov 2023 00:00:00 +0000
ROA not before:           Fri 10 Nov 2023 00:00:00 +0000
ROA not after:            Fri 15 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:db:c0:2b:67:b8:8f:94:88:1f:36:ea:d6:2a:45:5d:20:ac:d5:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 10 00:00:00 2023 GMT
            Not After : Dec 15 23:59:59 2023 GMT
        Subject: serialNumber=54c8d7e9900006ded62006573c0d5a181a212468ec52f03314792ff0bf261935, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:91:09:ff:6b:df:50:b8:fa:6f:8a:45:95:42:
                    6f:b2:8e:a4:e3:16:23:fb:51:eb:8f:9b:e3:55:13:
                    66:9a:2f:09:d3:e5:96:d9:bb:ce:8e:cd:95:5c:1a:
                    19:ee:4a:9c:a9:20:1f:c1:7c:92:3c:19:77:0d:20:
                    da:76:f9:d3:f9:fc:d9:c9:2d:20:8b:d7:2e:f9:3e:
                    32:3f:36:70:a8:08:6b:03:6b:c2:89:be:c2:5b:56:
                    d8:8e:d7:7c:73:69:2e:c7:94:8b:58:a2:b6:46:57:
                    70:a3:19:0e:61:06:7d:36:f8:e9:12:37:70:79:3d:
                    34:7e:23:19:f9:7f:5a:ad:1d:b7:7b:ed:4a:1f:61:
                    d4:d4:48:bb:de:ab:d8:d7:ce:17:59:20:cc:53:1a:
                    ce:76:3e:4a:8f:18:91:ed:0b:c0:52:3a:d0:c0:1f:
                    1f:6d:1b:3d:5f:d1:61:b9:80:0c:28:2e:8e:47:06:
                    95:1f:66:01:26:f4:ab:2b:b2:a3:06:c2:bf:07:85:
                    07:cd:55:e3:b2:cd:d8:5c:ee:12:bc:70:f2:b0:70:
                    46:43:f7:93:0c:13:ef:bc:9d:63:d8:2a:e3:8a:89:
                    e8:04:f9:8a:18:90:b1:d1:f5:86:1d:cb:47:91:c6:
                    86:d4:61:49:22:31:06:25:1e:aa:ff:b8:e5:33:72:
                    8b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:00:6E:71:40:71:C7:27:39:B9:9A:85:6A:1E:D1:91:E9:25:DE:C3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1aa9e945-c738-499a-b19c-d3e094216ce3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:07:29:62:c3:20:5b:f5:9b:18:49:3d:2c:61:56:46:8d:6c:
         34:cf:5e:70:51:82:03:63:b4:90:ef:3f:1c:5a:8a:40:04:ae:
         4c:68:96:37:10:c0:da:3c:ed:af:64:bb:89:63:98:c3:20:49:
         11:b0:4c:32:3b:6b:57:87:05:7a:ef:fa:93:26:e0:8b:95:90:
         c2:af:47:83:0a:68:53:75:f8:a2:b6:05:b6:04:92:46:3a:78:
         12:f8:59:e2:31:d3:08:81:f1:ae:e9:2e:34:9f:ae:de:d9:ca:
         55:2b:b5:d4:0d:27:cb:22:33:5b:18:4a:4b:f6:72:ad:a2:f1:
         78:8d:ec:61:20:fa:3f:94:47:89:bd:b2:03:25:a1:f6:b3:69:
         18:2a:78:a2:f1:97:16:77:d4:ea:0a:78:fe:f8:41:da:fc:a9:
         9d:f4:c4:39:0b:cb:b0:82:43:de:61:09:9b:7e:9f:35:84:0a:
         5e:f1:cf:0d:c5:84:9f:d2:73:68:03:d7:e9:ba:75:bc:e8:5c:
         3b:20:7b:45:3b:cc:f9:5f:36:ac:b5:8b:53:d2:25:c1:a6:af:
         e3:88:c2:d0:d2:55:8d:97:ca:5f:70:f4:bb:da:f1:1e:fd:bb:
         a5:a8:0a:76:a5:ec:7e:88:dd:5f:b0:23:43:79:d5:87:1e:57:
         a6:bd:ef:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ9vAK2e4j5SIHzbq1ipFXSCs1dMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTEwMDAwMDAwWhcNMjMxMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NGM4ZDdlOTkwMDAwNmRlZDYyMDA2NTczYzBkNWExODFh
MjEyNDY4ZWM1MmYwMzMxNDc5MmZmMGJmMjYxOTM1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKkQn/a99QuPpvikWVQm+yjqTjFiP7UeuPm+NVE2aaLwnT
5ZbZu86OzZVcGhnuSpypIB/BfJI8GXcNINp2+dP5/NnJLSCL1y75PjI/NnCoCGsD
a8KJvsJbVtiO13xzaS7HlItYorZGV3CjGQ5hBn02+OkSN3B5PTR+Ixn5f1qtHbd7
7UofYdTUSLveq9jXzhdZIMxTGs52PkqPGJHtC8BSOtDAHx9tGz1f0WG5gAwoLo5H
BpUfZgEm9KsrsqMGwr8HhQfNVeOyzdhc7hK8cPKwcEZD95MME++8nWPYKuOKiegE
+YoYkLHR9YYdy0eRxobUYUkiMQYlHqr/uOUzcotRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXwBucUBxxyc5uZqFah7Rkekl3sMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFhYTllOTQ1LWM3MzgtNDk5YS1iMTljLWQzZTA5NDIxNmNlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC0HKWLDIFv1mxhJPSxhVkaNbDTP
XnBRggNjtJDvPxxaikAErkxoljcQwNo87a9ku4ljmMMgSRGwTDI7a1eHBXrv+pMm
4IuVkMKvR4MKaFN1+KK2BbYEkkY6eBL4WeIx0wiB8a7pLjSfrt7ZylUrtdQNJ8si
M1sYSkv2cq2i8XiN7GEg+j+UR4m9sgMlofazaRgqeKLxlxZ31OoKeP74Qdr8qZ30
xDkLy7CCQ95hCZt+nzWECl7xzw3FhJ/Sc2gD1+m6dbzoXDsge0U7zPlfNqy1i1PS
JcGmr+OIwtDSVY2Xyl9w9Lva8R79u6WoCnal7H6I3V+wI0N51YceV6a9738=
-----END CERTIFICATE-----