Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8122d4d6-7765-45f0-9ca5-6f57aa07f577.roa
File:                     8122d4d6-7765-45f0-9ca5-6f57aa07f577.roa (raw, json)
Hash identifier:          K5Oq9lJu/OnBue9OxpKVWcHn8+X31Gsc/kkwLCGBbps=
Subject key identifier:   B7:08:87:BA:79:DC:B9:C1:DE:3D:CC:7E:41:EB:C4:4D:12:E0:58:78
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       119E0E58B71CB1814BFE5442961017BC5CD05AC1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8122d4d6-7765-45f0-9ca5-6f57aa07f577.roa
Signing time:             Mon 13 Nov 2023 00:00:00 +0000
ROA not before:           Mon 13 Nov 2023 00:00:00 +0000
ROA not after:            Mon 18 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:9e:0e:58:b7:1c:b1:81:4b:fe:54:42:96:10:17:bc:5c:d0:5a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 13 00:00:00 2023 GMT
            Not After : Dec 18 23:59:59 2023 GMT
        Subject: serialNumber=7c410eb1b83f6c12522bf306dbc3005c5e20b6bab5f925f59ee92209b5758e2b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b3:8d:b0:70:81:56:23:48:17:cb:59:4c:1e:
                    64:18:20:e4:16:3c:79:8a:2d:ba:97:6e:f7:9d:5a:
                    c0:b7:e4:5d:e1:69:e9:20:81:eb:56:22:a8:51:75:
                    27:fe:96:d5:32:f7:5c:d9:10:5c:68:7c:7e:f9:00:
                    a2:ff:e8:92:5d:7d:f8:e7:a1:a1:37:85:65:73:b4:
                    21:08:ea:a3:29:a9:85:e5:e5:5e:05:18:86:4a:c0:
                    4e:d4:81:f0:43:9c:57:a9:f9:82:ed:a1:fb:36:c7:
                    72:d2:b5:0a:4c:91:13:ce:9f:3a:bc:df:a1:6b:66:
                    98:57:08:32:dd:52:55:69:7a:ae:fe:40:82:16:90:
                    aa:dd:29:ed:b2:7a:cc:3c:d7:a9:dd:8d:09:b4:09:
                    60:4a:6c:36:08:83:50:01:e1:90:2e:02:d2:47:bf:
                    1b:2e:ac:e0:38:56:0c:09:5c:1a:b0:85:9c:5e:93:
                    c1:8b:a4:03:6d:e0:40:1b:56:e0:ee:d3:d3:fd:2b:
                    34:e3:51:b0:c6:a3:85:75:4b:06:26:90:0f:a2:c1:
                    81:66:b7:8f:8c:c3:f2:3f:cf:bc:4a:7f:d7:a1:3f:
                    b4:a7:42:71:29:88:cd:66:9b:73:79:8b:f2:0f:50:
                    a2:80:f6:32:3e:6c:a0:89:1f:f2:a1:4d:e1:49:10:
                    9a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:08:87:BA:79:DC:B9:C1:DE:3D:CC:7E:41:EB:C4:4D:12:E0:58:78
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8122d4d6-7765-45f0-9ca5-6f57aa07f577.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:2a:c2:51:10:4f:57:8d:78:80:21:51:4f:e5:fa:fd:c1:b9:
         7f:8d:ee:33:17:95:52:ed:a6:d6:8e:2b:ca:71:fb:c4:88:4f:
         40:dd:4e:22:d8:a3:03:61:ff:f4:38:88:d4:32:aa:71:31:e0:
         f1:69:25:eb:f4:c6:ed:b0:99:61:36:f1:7d:c7:3b:ff:ec:c7:
         43:73:91:f8:fb:b3:d9:63:9c:3b:96:31:bd:f6:a7:1e:8f:c6:
         06:69:69:20:6c:81:85:35:ae:61:d9:eb:c9:97:ca:31:e0:e0:
         46:b4:bb:65:71:0e:ce:25:63:20:bb:7e:0e:9c:83:09:5a:4a:
         7d:16:7f:84:93:f7:77:50:22:db:49:06:75:fd:11:d5:e6:b5:
         a2:33:6f:4f:9c:59:27:32:3c:d3:2e:0f:9b:00:8e:18:50:98:
         8a:0d:2e:6e:a9:47:34:8c:0a:b6:30:74:be:1a:3d:cb:71:2a:
         1e:a0:24:28:fa:18:56:04:8d:17:19:4c:57:63:dd:3a:8b:c2:
         a1:d8:26:28:53:d8:d9:9d:08:2e:56:9d:37:a4:bf:75:ed:7e:
         13:75:71:28:37:60:86:0a:51:af:fa:1e:7f:65:ba:54:a2:36:
         e0:b9:73:10:30:83:99:7d:e8:cd:96:23:86:19:83:61:9c:fe:
         ed:b7:56:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEZ4OWLccsYFL/lRClhAXvFzQWsEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTEzMDAwMDAwWhcNMjMxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YzQxMGViMWI4M2Y2YzEyNTIyYmYzMDZkYmMzMDA1YzVl
MjBiNmJhYjVmOTI1ZjU5ZWU5MjIwOWI1NzU4ZTJiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWs42wcIFWI0gXy1lMHmQYIOQWPHmKLbqXbvedWsC35F3h
aekggetWIqhRdSf+ltUy91zZEFxofH75AKL/6JJdffjnoaE3hWVztCEI6qMpqYXl
5V4FGIZKwE7UgfBDnFep+YLtofs2x3LStQpMkRPOnzq836FrZphXCDLdUlVpeq7+
QIIWkKrdKe2yesw816ndjQm0CWBKbDYIg1AB4ZAuAtJHvxsurOA4VgwJXBqwhZxe
k8GLpANt4EAbVuDu09P9KzTjUbDGo4V1SwYmkA+iwYFmt4+Mw/I/z7xKf9ehP7Sn
QnEpiM1mm3N5i/IPUKKA9jI+bKCJH/KhTeFJEJrrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtwiHunncucHePcx+QevETRLgWHgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgxMjJkNGQ2LTc3NjUtNDVmMC05Y2E1LTZmNTdhYTA3ZjU3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJkqwlEQT1eNeIAhUU/l+v3BuX+N
7jMXlVLtptaOK8px+8SIT0DdTiLYowNh//Q4iNQyqnEx4PFpJev0xu2wmWE28X3H
O//sx0Nzkfj7s9ljnDuWMb32px6PxgZpaSBsgYU1rmHZ68mXyjHg4Ea0u2VxDs4l
YyC7fg6cgwlaSn0Wf4ST93dQIttJBnX9EdXmtaIzb0+cWScyPNMuD5sAjhhQmIoN
Lm6pRzSMCrYwdL4aPctxKh6gJCj6GFYEjRcZTFdj3TqLwqHYJihT2NmdCC5WnTek
v3XtfhN1cSg3YIYKUa/6Hn9lulSiNuC5cxAwg5l96M2WI4YZg2Gc/u23ViI=
-----END CERTIFICATE-----