Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/51d47858-52fb-41b3-8f23-72503f81a93c.roa
File:                     51d47858-52fb-41b3-8f23-72503f81a93c.roa (raw, json)
Hash identifier:          t0yG0O8+XlMiNshjnQ7NzWhILt7fdlZ8Yz5G3YRft+o=
Subject key identifier:   DD:03:EF:48:90:63:C8:E2:AA:00:C6:AE:4A:0F:3C:79:2F:B9:08:11
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       01BF55E4D35E9DEF9389F2DDEDEF780B83CF1BE4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/51d47858-52fb-41b3-8f23-72503f81a93c.roa
Signing time:             Mon 30 Oct 2023 00:00:00 +0000
ROA not before:           Mon 30 Oct 2023 00:00:00 +0000
ROA not after:            Mon 04 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:bf:55:e4:d3:5e:9d:ef:93:89:f2:dd:ed:ef:78:0b:83:cf:1b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 30 00:00:00 2023 GMT
            Not After : Dec  4 23:59:59 2023 GMT
        Subject: serialNumber=8b279f1b2d22026eb1e41b1930cbdab35eb4339ec02a2b9ece48e9b445043aac, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6f:be:3a:ed:cf:f2:63:d2:a2:92:e1:9d:5c:
                    56:df:6e:dc:eb:86:18:4d:61:a2:d3:96:20:b0:1d:
                    9b:4f:32:61:d3:a1:a8:be:6c:6c:f0:ed:60:d5:4a:
                    a5:30:4d:e6:9a:f7:c6:71:fc:8c:6a:f9:db:ea:44:
                    3f:6b:21:99:35:78:8d:f6:19:7e:eb:bd:fd:5e:44:
                    c1:16:88:e4:37:08:e2:ce:ed:55:85:f8:4e:55:b9:
                    ea:84:ed:f2:22:86:0c:45:73:bb:2c:dc:3b:63:a2:
                    64:e2:6f:64:4d:99:ac:b5:e5:71:7d:25:c3:d3:8c:
                    e0:14:34:2a:9f:61:f1:06:48:82:95:87:9b:7a:4a:
                    ef:b3:1b:2d:d8:7a:8e:98:d0:02:98:1e:c7:10:c2:
                    eb:2f:85:e1:5d:c7:2f:1e:13:7d:98:3d:eb:37:a7:
                    3e:e7:f8:8f:6c:63:97:58:9c:d3:24:ea:88:1a:aa:
                    70:dc:70:1b:f6:33:f6:f5:4e:c3:60:3e:61:0a:e2:
                    e1:e5:68:96:e8:5c:f0:70:e9:36:13:40:64:83:0c:
                    ef:47:4a:72:8b:3c:59:3e:bb:ac:31:dd:07:2f:b2:
                    e4:17:c9:cc:ff:46:1e:e9:da:b0:c4:72:7b:cf:21:
                    a4:c3:4b:92:d5:25:4b:7c:89:6e:dd:60:78:22:22:
                    09:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:03:EF:48:90:63:C8:E2:AA:00:C6:AE:4A:0F:3C:79:2F:B9:08:11
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/51d47858-52fb-41b3-8f23-72503f81a93c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:85:01:63:97:79:d9:e5:28:e4:e2:41:d1:ef:8a:29:e5:3a:
         b5:ab:de:2c:7c:79:6f:58:04:39:b5:f3:5e:2a:70:03:65:e0:
         c6:ba:ca:a2:28:48:85:11:12:d2:1a:ff:4b:d8:5d:02:83:d3:
         68:d6:28:8e:dc:0a:a8:2d:9f:4c:f1:26:7f:93:e4:40:03:2e:
         0c:87:ea:e1:c8:8a:c9:d4:e0:e1:fc:74:61:bd:bb:14:c1:03:
         ef:80:b7:78:2e:9a:a8:23:6f:5c:ef:cd:7c:17:5e:15:87:59:
         27:4e:23:91:df:13:a2:1e:d6:72:15:5f:c3:48:74:54:85:86:
         e6:26:d0:d9:65:60:e0:b3:cb:a2:9d:4b:15:9c:63:b2:85:ab:
         e6:ad:bd:7a:96:d2:cd:be:75:c0:24:d4:d2:cc:7d:ec:e5:77:
         4b:72:00:d9:5b:00:47:71:49:53:75:86:38:0c:f0:a2:a5:9d:
         ac:0c:c2:f0:e4:39:ef:92:c4:9e:e4:31:15:d4:c8:80:0b:a3:
         cb:1e:48:e6:50:b9:2b:d3:b8:99:68:81:ab:95:5e:49:d8:5c:
         c9:d6:83:31:32:30:1d:72:7e:76:62:d6:57:24:92:bb:bb:4e:
         96:a9:a8:9d:71:cd:d7:66:36:2d:e0:6e:fb:f2:94:1c:b4:26:
         e7:36:d0:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAb9V5NNene+TifLd7e94C4PPG+QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDMwMDAwMDAwWhcNMjMxMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjI3OWYxYjJkMjIwMjZlYjFlNDFiMTkzMGNiZGFiMzVl
YjQzMzllYzAyYTJiOWVjZTQ4ZTliNDQ1MDQzYWFjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxb7467c/yY9KikuGdXFbfbtzrhhhNYaLTliCwHZtPMmHT
oai+bGzw7WDVSqUwTeaa98Zx/Ixq+dvqRD9rIZk1eI32GX7rvf1eRMEWiOQ3COLO
7VWF+E5VueqE7fIihgxFc7ss3DtjomTib2RNmay15XF9JcPTjOAUNCqfYfEGSIKV
h5t6Su+zGy3Yeo6Y0AKYHscQwusvheFdxy8eE32YPes3pz7n+I9sY5dYnNMk6oga
qnDccBv2M/b1TsNgPmEK4uHlaJboXPBw6TYTQGSDDO9HSnKLPFk+u6wx3QcvsuQX
ycz/Rh7p2rDEcnvPIaTDS5LVJUt8iW7dYHgiIglxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3QPvSJBjyOKqAMauSg88eS+5CBEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUxZDQ3ODU4LTUyZmItNDFiMy04ZjIzLTcyNTAzZjgxYTkzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADWFAWOXednlKOTiQdHviinlOrWr
3ix8eW9YBDm1814qcANl4Ma6yqIoSIUREtIa/0vYXQKD02jWKI7cCqgtn0zxJn+T
5EADLgyH6uHIisnU4OH8dGG9uxTBA++At3gumqgjb1zvzXwXXhWHWSdOI5HfE6Ie
1nIVX8NIdFSFhuYm0NllYOCzy6KdSxWcY7KFq+atvXqW0s2+dcAk1NLMfezld0ty
ANlbAEdxSVN1hjgM8KKlnawMwvDkOe+SxJ7kMRXUyIALo8seSOZQuSvTuJlogauV
XknYXMnWgzEyMB1yfnZi1lckkru7TpapqJ1xzddmNi3gbvvylBy0Juc20C0=
-----END CERTIFICATE-----