Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2c56676f-84ce-4409-9052-d8761b6561e3.roa
File:                     2c56676f-84ce-4409-9052-d8761b6561e3.roa (raw, json)
Hash identifier:          9ASEmL3le9qLlBkjGzWjmotzQd7t2XDKWSF3Na1bHo4=
Subject key identifier:   4E:72:C1:4C:0B:FB:3F:D1:EA:40:09:B7:B5:9A:03:64:D8:F4:89:B3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       31674425EBD9281A5F9C2E8835B6CD91CA62045C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2c56676f-84ce-4409-9052-d8761b6561e3.roa
Signing time:             Tue 14 Nov 2023 00:00:00 +0000
ROA not before:           Tue 14 Nov 2023 00:00:00 +0000
ROA not after:            Tue 19 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:67:44:25:eb:d9:28:1a:5f:9c:2e:88:35:b6:cd:91:ca:62:04:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 14 00:00:00 2023 GMT
            Not After : Dec 19 23:59:59 2023 GMT
        Subject: serialNumber=8b6b894e4acbed94b13931ce75f708a1edba55e79cea66abddcd82f5c351adfd, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b4:3b:b7:de:63:c0:40:6d:1c:09:a0:60:fa:
                    52:6b:48:65:ab:a9:d6:55:66:4a:24:8c:86:d1:79:
                    14:03:5b:2f:65:25:05:80:43:33:b1:f4:d1:6d:e2:
                    fc:28:72:1b:0f:c3:67:8b:af:de:c6:c5:54:46:b3:
                    10:a7:67:5d:e7:5b:39:9e:65:97:31:c2:6a:41:0c:
                    b5:9b:cb:dd:51:d9:97:dc:52:07:cc:91:22:ce:6c:
                    bb:aa:5b:67:89:2a:3e:76:11:9f:02:10:6a:a3:83:
                    ee:76:92:3f:f1:82:bf:e0:65:df:5d:05:f2:80:ed:
                    3c:00:cb:e1:25:bf:aa:71:56:1a:93:d1:7d:1d:a5:
                    17:5b:21:4b:43:b0:c1:9c:6d:23:fc:e1:04:b2:4a:
                    c4:2d:6e:e3:49:45:cc:07:05:9b:80:e6:5e:dc:17:
                    15:8a:36:12:f5:01:fb:15:9c:ee:ce:f4:56:19:8c:
                    fc:6d:79:d9:63:77:f6:23:c0:71:b0:4f:80:7e:90:
                    08:37:34:cc:ea:65:cf:5b:6f:be:86:33:3b:56:46:
                    71:c9:ad:d1:ee:d8:49:cf:fc:06:b3:fe:83:18:5f:
                    fc:44:5d:ec:4b:f7:34:7a:e6:8a:cf:e4:06:1d:6e:
                    4e:6c:4e:f3:be:10:f4:85:60:ab:04:7f:9a:0a:76:
                    1f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:72:C1:4C:0B:FB:3F:D1:EA:40:09:B7:B5:9A:03:64:D8:F4:89:B3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2c56676f-84ce-4409-9052-d8761b6561e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:26:54:86:2a:15:e3:a6:5a:79:b8:17:36:88:96:73:94:dc:
         fe:d8:8a:f9:0c:86:8d:b9:eb:c3:36:a4:43:9d:56:9c:44:a7:
         31:0d:7f:63:c6:ce:9e:17:1c:fd:70:c1:dd:4e:eb:4c:7c:45:
         53:12:0e:c5:29:3a:49:7f:7f:e5:d3:5c:e8:73:20:20:79:fa:
         0f:a3:12:1b:f1:df:06:14:8f:57:f0:ae:d7:18:38:19:ba:4b:
         59:4f:b8:d1:fc:50:19:42:48:b1:c7:20:e8:ac:7a:20:68:74:
         b6:81:6a:9b:64:2c:b1:a0:21:f9:3d:fe:73:02:bd:08:cc:a6:
         83:d1:fb:d6:06:84:c7:c0:31:b2:32:3e:ef:d7:d3:29:b1:89:
         42:b3:91:23:5e:55:af:a3:9b:25:61:a5:47:f4:37:30:e2:e4:
         5c:59:ba:d0:f4:40:1d:a3:6a:26:8c:aa:b1:ca:34:52:26:ee:
         de:44:d4:44:9b:50:ec:f5:37:40:7e:7e:33:83:51:b8:4f:ea:
         13:ef:3f:32:04:c0:dd:d7:a0:18:eb:d3:9a:74:0b:f3:68:7f:
         1e:3b:c0:99:f4:9d:c4:0b:d9:8c:d8:fb:bb:28:5f:ff:66:b6:
         12:9b:30:55:42:f5:8f:06:48:1f:a8:50:74:e5:1a:06:02:70:
         e8:2c:8e:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMWdEJevZKBpfnC6INbbNkcpiBFwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE0MDAwMDAwWhcNMjMxMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjZiODk0ZTRhY2JlZDk0YjEzOTMxY2U3NWY3MDhhMWVk
YmE1NWU3OWNlYTY2YWJkZGNkODJmNWMzNTFhZGZkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKtDu33mPAQG0cCaBg+lJrSGWrqdZVZkokjIbReRQDWy9l
JQWAQzOx9NFt4vwochsPw2eLr97GxVRGsxCnZ13nWzmeZZcxwmpBDLWby91R2Zfc
UgfMkSLObLuqW2eJKj52EZ8CEGqjg+52kj/xgr/gZd9dBfKA7TwAy+Elv6pxVhqT
0X0dpRdbIUtDsMGcbSP84QSySsQtbuNJRcwHBZuA5l7cFxWKNhL1AfsVnO7O9FYZ
jPxtedljd/YjwHGwT4B+kAg3NMzqZc9bb76GMztWRnHJrdHu2EnP/Aaz/oMYX/xE
XexL9zR65orP5AYdbk5sTvO+EPSFYKsEf5oKdh9NAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTnLBTAv7P9HqQAm3tZoDZNj0ibMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJjNTY2NzZmLTg0Y2UtNDQwOS05MDUyLWQ4NzYxYjY1NjFlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADkmVIYqFeOmWnm4FzaIlnOU3P7Y
ivkMho2568M2pEOdVpxEpzENf2PGzp4XHP1wwd1O60x8RVMSDsUpOkl/f+XTXOhz
ICB5+g+jEhvx3wYUj1fwrtcYOBm6S1lPuNH8UBlCSLHHIOiseiBodLaBaptkLLGg
Ifk9/nMCvQjMpoPR+9YGhMfAMbIyPu/X0ymxiUKzkSNeVa+jmyVhpUf0NzDi5FxZ
utD0QB2jaiaMqrHKNFIm7t5E1ESbUOz1N0B+fjODUbhP6hPvPzIEwN3XoBjr05p0
C/Nofx47wJn0ncQL2YzY+7soX/9mthKbMFVC9Y8GSB+oUHTlGgYCcOgsjn0=
-----END CERTIFICATE-----