Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/365474f9-22b3-417d-9206-83c8d8852fb8.roa
File:                     365474f9-22b3-417d-9206-83c8d8852fb8.roa (raw, json)
Hash identifier:          vLmeZEAjIU08KynIxPJEyJBXoKnunD0+pgjsQus8v3k=
Subject key identifier:   3B:12:28:3A:ED:B4:58:9E:95:FF:84:D2:EC:17:64:7C:DA:1E:AE:57
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       78CD57AD52232913AC80E13DE92EE1A63F276CDC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/365474f9-22b3-417d-9206-83c8d8852fb8.roa
Signing time:             Sun 19 Nov 2023 00:00:00 +0000
ROA not before:           Sun 19 Nov 2023 00:00:00 +0000
ROA not after:            Sun 24 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:cd:57:ad:52:23:29:13:ac:80:e1:3d:e9:2e:e1:a6:3f:27:6c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 19 00:00:00 2023 GMT
            Not After : Dec 24 23:59:59 2023 GMT
        Subject: serialNumber=bdd4e1619c42c5e679632214690fb414fbf85441df789268e6372997a4979736, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2d:64:6e:da:8d:ff:6a:de:32:4f:fd:8d:d7:
                    7e:5f:b1:8f:7d:54:1f:b0:cb:83:4b:17:80:ed:2a:
                    63:5a:55:98:35:ac:b4:11:4f:b0:74:04:ce:61:ad:
                    69:fe:ea:bd:33:7a:f0:dc:c4:8f:1d:7b:21:63:ea:
                    ae:89:8e:b0:3a:71:b5:55:04:16:70:02:d2:9a:75:
                    5e:0d:49:3e:5b:e7:04:39:21:f4:23:0f:fe:2e:50:
                    56:59:d5:34:67:03:a7:d6:7a:2c:ac:41:46:50:33:
                    a0:83:8f:ba:8b:24:9d:1a:b7:8b:b7:26:22:fd:f0:
                    0b:2f:78:ca:75:fe:f8:3c:36:93:aa:af:92:81:10:
                    16:98:3b:bc:f0:e0:45:f0:00:8f:c2:72:e8:06:6f:
                    95:1b:9d:ba:9b:23:64:4f:18:40:5c:6d:8e:96:29:
                    6e:ab:50:b3:00:53:53:43:06:0d:df:0a:e6:f4:73:
                    3a:32:02:20:d3:f5:78:c9:d6:a2:2f:15:c2:81:29:
                    a0:95:37:e8:79:da:a1:3c:47:6f:55:d7:a3:b1:b8:
                    23:15:3e:89:4d:88:33:19:1c:2a:fc:1a:95:34:5e:
                    c7:2f:36:ec:db:eb:15:ed:f9:64:59:b1:8f:b3:22:
                    71:05:d2:bc:9e:fe:bb:9b:6a:d6:5d:52:b8:c3:b2:
                    af:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:12:28:3A:ED:B4:58:9E:95:FF:84:D2:EC:17:64:7C:DA:1E:AE:57
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/365474f9-22b3-417d-9206-83c8d8852fb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:24:8c:71:86:aa:8b:af:15:f5:59:11:8d:0e:53:e6:5a:5a:
         a2:e2:4c:97:a1:11:22:b2:11:c4:36:44:08:97:e9:e4:c3:51:
         5f:26:0a:b0:b1:c7:0a:97:59:e9:a8:ee:89:c9:1f:01:b6:2c:
         f4:38:38:f0:0f:bc:3a:8a:d3:2f:ce:76:50:ea:8b:46:a9:06:
         1b:43:53:19:b4:ca:89:e5:81:ed:56:cf:3b:ad:47:94:4f:a6:
         58:d2:d5:67:91:04:3f:14:69:0d:17:38:02:16:6a:1a:80:f4:
         8c:eb:72:b0:9a:64:17:5e:53:15:b3:b2:ca:49:49:80:a3:c5:
         32:11:51:9f:64:f9:fa:d0:e9:c6:29:32:26:21:a5:2c:92:f4:
         98:62:28:c4:00:99:8a:81:4e:c7:1d:0b:81:1a:7f:be:80:8a:
         04:28:80:24:04:f2:e5:86:e2:98:48:91:87:ff:be:3d:27:8b:
         3d:60:27:d0:b9:3b:e7:6e:bd:25:44:76:a9:31:ea:b1:b1:00:
         1b:f3:4f:d6:7b:47:96:5d:fb:1c:82:0e:cf:34:6a:64:e4:bd:
         8c:9d:49:26:aa:02:1f:35:5e:21:ab:84:f7:e9:49:ac:b6:7a:
         25:32:0f:5a:ed:0b:08:dd:ce:da:50:30:69:2c:f0:2c:00:fe:
         3e:e6:42:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeM1XrVIjKROsgOE96S7hpj8nbNwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE5MDAwMDAwWhcNMjMxMjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZGQ0ZTE2MTljNDJjNWU2Nzk2MzIyMTQ2OTBmYjQxNGZi
Zjg1NDQxZGY3ODkyNjhlNjM3Mjk5N2E0OTc5NzM2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDLWRu2o3/at4yT/2N135fsY99VB+wy4NLF4DtKmNaVZg1
rLQRT7B0BM5hrWn+6r0zevDcxI8deyFj6q6JjrA6cbVVBBZwAtKadV4NST5b5wQ5
IfQjD/4uUFZZ1TRnA6fWeiysQUZQM6CDj7qLJJ0at4u3JiL98AsveMp1/vg8NpOq
r5KBEBaYO7zw4EXwAI/CcugGb5UbnbqbI2RPGEBcbY6WKW6rULMAU1NDBg3fCub0
czoyAiDT9XjJ1qIvFcKBKaCVN+h52qE8R29V16OxuCMVPolNiDMZHCr8GpU0Xscv
Nuzb6xXt+WRZsY+zInEF0rye/rubatZdUrjDsq/pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOxIoOu20WJ6V/4TS7BdkfNoerlcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM2NTQ3NGY5LTIyYjMtNDE3ZC05MjA2LTgzYzhkODg1MmZiOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIgkjHGGqouvFfVZEY0OU+ZaWqLi
TJehESKyEcQ2RAiX6eTDUV8mCrCxxwqXWemo7onJHwG2LPQ4OPAPvDqK0y/OdlDq
i0apBhtDUxm0yonlge1WzzutR5RPpljS1WeRBD8UaQ0XOAIWahqA9IzrcrCaZBde
UxWzsspJSYCjxTIRUZ9k+frQ6cYpMiYhpSyS9JhiKMQAmYqBTscdC4Eaf76AigQo
gCQE8uWG4phIkYf/vj0niz1gJ9C5O+duvSVEdqkx6rGxABvzT9Z7R5Zd+xyCDs80
amTkvYydSSaqAh81XiGrhPfpSay2eiUyD1rtCwjdztpQMGks8CwA/j7mQjA=
-----END CERTIFICATE-----