Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53729532-f59e-428a-b87b-c619c2787f31.roa
File:                     53729532-f59e-428a-b87b-c619c2787f31.roa (raw, json)
Hash identifier:          0U6dgj8hPF1XYAEvfZqIVJpaDb8UlNqZjNglZVx61O0=
Subject key identifier:   94:04:5E:19:3A:B6:69:19:53:66:28:5F:6B:A3:6C:23:2D:3F:DB:58
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6AD552E34E3F5A44725E49B212BFB752B1198049
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53729532-f59e-428a-b87b-c619c2787f31.roa
Signing time:             Wed 08 Nov 2023 00:00:00 +0000
ROA not before:           Wed 08 Nov 2023 00:00:00 +0000
ROA not after:            Wed 13 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:d5:52:e3:4e:3f:5a:44:72:5e:49:b2:12:bf:b7:52:b1:19:80:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  8 00:00:00 2023 GMT
            Not After : Dec 13 23:59:59 2023 GMT
        Subject: serialNumber=7d80fb3708cbce88173aa715d05165ed04a69670514fefc7a30444cb8472dd55, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:8e:3b:2a:fe:9b:34:d8:02:cd:ac:2d:03:96:
                    ab:1d:74:ad:47:d7:af:81:96:bd:fe:f6:a1:01:11:
                    e0:2e:78:80:d7:c4:0d:6b:71:71:47:23:f8:5a:29:
                    91:84:ef:34:51:60:d9:1c:18:84:f5:a5:6d:19:34:
                    f9:e2:4a:d4:f9:36:c2:c3:9c:ad:ae:d2:94:16:d0:
                    b3:27:82:ba:37:4c:1c:d8:6c:cb:93:20:a4:11:c2:
                    77:d4:c0:fe:90:29:81:af:f9:6e:c2:e9:67:bb:28:
                    53:a6:08:63:5d:99:15:0f:fd:7d:da:55:91:e7:d4:
                    82:3a:37:78:b7:3d:6f:ee:bb:b9:97:5e:55:6f:2d:
                    8e:a6:6a:eb:99:e6:35:ba:78:91:0a:61:d5:7b:2f:
                    14:48:88:5d:a9:5a:ae:52:5c:9d:be:a5:22:f1:34:
                    b3:2c:3d:d0:4f:24:88:2b:9f:7d:bb:ac:62:f6:73:
                    6c:3b:37:b2:61:a7:b6:03:ec:e1:a3:ea:5e:b8:52:
                    c7:f7:bd:ee:59:93:90:8b:bb:29:46:a2:0d:78:b3:
                    48:a5:fa:95:ad:a5:a3:43:8a:e2:3d:52:c9:9e:97:
                    26:ee:5f:7c:5b:31:eb:a7:91:9d:ec:5d:95:ab:24:
                    26:2f:37:9e:3a:d1:bb:cd:b6:1a:97:65:2b:22:1a:
                    3a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:04:5E:19:3A:B6:69:19:53:66:28:5F:6B:A3:6C:23:2D:3F:DB:58
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53729532-f59e-428a-b87b-c619c2787f31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:dc:d9:7d:a3:c8:31:ba:bc:4a:22:e7:ac:da:c4:c9:31:fe:
         e9:35:72:bc:ac:b9:68:3f:d6:6f:9e:c3:3c:45:83:63:b5:04:
         8c:2f:90:bb:0e:20:2c:82:3a:71:1c:6b:ad:95:86:21:9b:03:
         11:aa:1d:3d:aa:1c:5b:69:3e:53:9f:7f:1e:1e:f2:32:e4:13:
         d4:2f:bc:8f:b9:87:90:78:32:a8:03:e1:9d:ca:68:20:bf:f0:
         bf:f0:b2:94:66:f5:11:71:68:3c:99:0a:f8:5a:80:18:36:8a:
         22:df:81:cb:2f:36:bc:64:9a:e6:e7:c8:02:46:35:0a:ea:07:
         2a:a9:56:9f:6e:1f:94:3a:be:f6:4f:6d:e8:93:7b:02:86:e5:
         cd:ad:77:02:72:88:15:2f:25:a6:d0:96:9f:9e:77:05:0e:bd:
         b3:26:00:0d:fd:93:57:2c:ef:80:fb:1f:08:59:16:13:09:f4:
         9f:94:c7:01:54:e0:c2:e3:91:98:c6:b9:93:c1:72:e2:66:7b:
         45:d3:65:12:36:a7:fd:03:d0:02:6a:9f:65:9b:af:0f:f1:c4:
         68:0d:10:28:15:a7:e6:11:2b:1e:31:77:20:1f:94:af:d4:e8:
         c7:98:54:8a:aa:2f:f1:17:84:20:af:9f:ed:6c:7b:42:19:d8:
         81:6b:1d:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUatVS404/WkRyXkmyEr+3UrEZgEkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA4MDAwMDAwWhcNMjMxMjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDgwZmIzNzA4Y2JjZTg4MTczYWE3MTVkMDUxNjVlZDA0
YTY5NjcwNTE0ZmVmYzdhMzA0NDRjYjg0NzJkZDU1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdjjsq/ps02ALNrC0DlqsddK1H16+Blr3+9qEBEeAueIDX
xA1rcXFHI/haKZGE7zRRYNkcGIT1pW0ZNPniStT5NsLDnK2u0pQW0LMngro3TBzY
bMuTIKQRwnfUwP6QKYGv+W7C6We7KFOmCGNdmRUP/X3aVZHn1II6N3i3PW/uu7mX
XlVvLY6mauuZ5jW6eJEKYdV7LxRIiF2pWq5SXJ2+pSLxNLMsPdBPJIgrn327rGL2
c2w7N7Jhp7YD7OGj6l64Usf3ve5Zk5CLuylGog14s0il+pWtpaNDiuI9Usmelybu
X3xbMeunkZ3sXZWrJCYvN5460bvNthqXZSsiGjrhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlAReGTq2aRlTZihfa6NsIy0/21gwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUzNzI5NTMyLWY1OWUtNDI4YS1iODdiLWM2MTljMjc4N2YzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFnc2X2jyDG6vEoi56zaxMkx/uk1
crysuWg/1m+ewzxFg2O1BIwvkLsOICyCOnEca62VhiGbAxGqHT2qHFtpPlOffx4e
8jLkE9QvvI+5h5B4MqgD4Z3KaCC/8L/wspRm9RFxaDyZCvhagBg2iiLfgcsvNrxk
mubnyAJGNQrqByqpVp9uH5Q6vvZPbeiTewKG5c2tdwJyiBUvJabQlp+edwUOvbMm
AA39k1cs74D7HwhZFhMJ9J+UxwFU4MLjkZjGuZPBcuJme0XTZRI2p/0D0AJqn2Wb
rw/xxGgNECgVp+YRKx4xdyAflK/U6MeYVIqqL/EXhCCvn+1se0IZ2IFrHY8=