Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3f7f9c8c-3f09-4c5e-89f3-165190ab91d4.roa
File:                     3f7f9c8c-3f09-4c5e-89f3-165190ab91d4.roa (raw, json)
Hash identifier:          5D5Noag4zBaaxNsItkLUFhu1MsIZz3FlKjD4EnxTIYo=
Subject key identifier:   F5:24:E7:82:10:64:CA:7A:5D:01:BA:F9:D8:7D:DF:71:49:A7:A1:15
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       49620A17BA3D63D8D3BCD4D910C8843F5586C50A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3f7f9c8c-3f09-4c5e-89f3-165190ab91d4.roa
Signing time:             Wed 15 Nov 2023 00:00:00 +0000
ROA not before:           Wed 15 Nov 2023 00:00:00 +0000
ROA not after:            Wed 20 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:62:0a:17:ba:3d:63:d8:d3:bc:d4:d9:10:c8:84:3f:55:86:c5:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 15 00:00:00 2023 GMT
            Not After : Dec 20 23:59:59 2023 GMT
        Subject: serialNumber=68fec5029f716501c896c23781537e268d5e1059dfb9637c50fd087c366dfa07, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1f:7c:de:9d:91:63:42:2b:ed:73:9a:ee:13:
                    88:f6:a5:80:6b:a6:2f:02:a6:45:b4:7b:cf:be:66:
                    01:e1:9e:66:70:16:8b:bf:8f:41:df:14:a6:42:bd:
                    83:2a:82:29:41:7a:f7:e5:12:c4:00:f6:81:78:5a:
                    20:29:4a:f7:1d:ab:b7:7b:2c:21:60:3c:32:f0:c5:
                    72:d8:3f:fa:4d:0b:07:bc:1e:10:c3:50:05:e9:4a:
                    27:43:7b:98:c5:cc:6a:6e:b0:51:6d:fc:c2:6c:1c:
                    2f:25:6a:a0:c0:28:63:14:2f:20:a7:c9:43:26:2d:
                    98:dd:c7:d5:40:ab:42:7b:a9:dc:3a:ea:c7:c4:5f:
                    cd:b1:80:f8:57:53:05:fe:3f:29:83:78:88:64:4f:
                    6d:ce:29:8c:c0:c2:a9:1f:35:c1:cc:dd:1f:ed:ae:
                    5c:31:a2:3b:f2:29:21:b0:6f:ee:03:36:42:08:95:
                    1f:4e:6f:00:10:e6:42:dd:a1:e7:b7:66:2f:d6:0f:
                    70:71:c9:f5:a7:34:a2:3a:8c:96:91:02:50:5b:4f:
                    47:a2:f7:11:49:5c:b0:1e:97:d9:f3:36:d6:3f:ed:
                    5d:6e:a8:64:f6:07:ec:f1:96:d0:e2:12:fe:c3:30:
                    f4:1e:a4:c5:fe:9a:b8:a8:8b:d8:63:73:80:68:4b:
                    28:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:24:E7:82:10:64:CA:7A:5D:01:BA:F9:D8:7D:DF:71:49:A7:A1:15
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3f7f9c8c-3f09-4c5e-89f3-165190ab91d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:01:81:e8:7e:58:f0:fa:da:c4:9a:d3:5a:a6:25:53:0c:b6:
         ff:8b:4a:4f:ad:e7:0a:26:c1:26:bf:57:37:c8:32:6d:04:82:
         4a:c8:ce:71:ad:6d:4a:79:ec:26:6c:b8:91:7e:71:c1:d2:d4:
         f1:3e:47:3f:fb:6a:f3:7d:f3:3d:25:41:97:d9:23:ad:6f:99:
         32:cb:12:61:dc:df:47:bf:bd:e9:40:09:ad:22:cc:4c:70:0c:
         45:ae:66:fb:e4:fe:22:da:c2:64:d6:dc:3a:2f:5b:33:c6:4b:
         20:3b:38:4e:b9:4c:11:2b:1b:1e:c2:b9:33:2e:89:29:da:ae:
         10:7e:e1:94:3b:6c:d3:cd:3c:a1:31:9d:86:ab:a8:e7:0b:10:
         92:73:5b:7c:e1:58:72:b5:ab:51:3a:22:77:e2:6d:92:c1:15:
         b5:73:84:0b:4e:51:d4:74:19:b5:ed:e0:4a:35:69:2c:b4:27:
         cb:92:aa:3e:44:85:cb:e4:3d:58:a5:75:0d:a4:3b:7b:76:33:
         1d:7c:87:a9:82:ae:26:21:b3:a4:70:e9:de:62:5a:b1:b1:4b:
         9d:dc:74:2b:2d:c5:c6:02:b6:95:e8:58:cd:0b:a5:1d:f0:db:
         62:21:0d:fa:97:15:4f:f1:94:b3:2c:57:e6:48:d1:64:99:aa:
         a9:44:7f:89
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSWIKF7o9Y9jTvNTZEMiEP1WGxQowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE1MDAwMDAwWhcNMjMxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2OGZlYzUwMjlmNzE2NTAxYzg5NmMyMzc4MTUzN2UyNjhk
NWUxMDU5ZGZiOTYzN2M1MGZkMDg3YzM2NmRmYTA3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzH3zenZFjQivtc5ruE4j2pYBrpi8CpkW0e8++ZgHhnmZw
Fou/j0HfFKZCvYMqgilBevflEsQA9oF4WiApSvcdq7d7LCFgPDLwxXLYP/pNCwe8
HhDDUAXpSidDe5jFzGpusFFt/MJsHC8laqDAKGMULyCnyUMmLZjdx9VAq0J7qdw6
6sfEX82xgPhXUwX+PymDeIhkT23OKYzAwqkfNcHM3R/trlwxojvyKSGwb+4DNkII
lR9ObwAQ5kLdoee3Zi/WD3BxyfWnNKI6jJaRAlBbT0ei9xFJXLAel9nzNtY/7V1u
qGT2B+zxltDiEv7DMPQepMX+mrioi9hjc4BoSygfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9STnghBkynpdAbr52H3fcUmnoRUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNmN2Y5YzhjLTNmMDktNGM1ZS04OWYzLTE2NTE5MGFiOTFkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALIBgeh+WPD62sSa01qmJVMMtv+L
Sk+t5womwSa/VzfIMm0EgkrIznGtbUp57CZsuJF+ccHS1PE+Rz/7avN98z0lQZfZ
I61vmTLLEmHc30e/velACa0izExwDEWuZvvk/iLawmTW3DovWzPGSyA7OE65TBEr
Gx7CuTMuiSnarhB+4ZQ7bNPNPKExnYarqOcLEJJzW3zhWHK1q1E6InfibZLBFbVz
hAtOUdR0GbXt4Eo1aSy0J8uSqj5EhcvkPVildQ2kO3t2Mx18h6mCriYhs6Rw6d5i
WrGxS53cdCstxcYCtpXoWM0LpR3w22IhDfqXFU/xlLMsV+ZI0WSZqqlEf4k=
-----END CERTIFICATE-----