Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/86f3ee45-f51f-4d7b-a795-e05fbd6152d0.roa
File:                     86f3ee45-f51f-4d7b-a795-e05fbd6152d0.roa (raw, json)
Hash identifier:          p6f7QIuvmW3w88oBIchp5uY8Ev+TA8Bd6P0guDic63k=
Subject key identifier:   E5:69:98:A1:F5:C6:B4:31:83:B1:B1:6C:D8:1C:04:67:B7:6E:D8:15
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       530C815F37F1C7BB8DA79D56313910221C9EB77E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/86f3ee45-f51f-4d7b-a795-e05fbd6152d0.roa
Signing time:             Tue 14 Nov 2023 00:00:00 +0000
ROA not before:           Tue 14 Nov 2023 00:00:00 +0000
ROA not after:            Tue 19 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:0c:81:5f:37:f1:c7:bb:8d:a7:9d:56:31:39:10:22:1c:9e:b7:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 14 00:00:00 2023 GMT
            Not After : Dec 19 23:59:59 2023 GMT
        Subject: serialNumber=b0a66a278ccd51ef05fe632eb41f9f291493b05fbf9f460ac35a72c9a54576e1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6e:93:d9:57:c7:70:b7:ff:cf:0b:9b:f0:aa:
                    83:6a:c6:a6:a5:9c:91:a5:00:cb:f6:28:e9:3e:f7:
                    92:7c:da:0e:d7:44:e2:fa:22:66:64:f3:f1:58:06:
                    e3:5c:69:5e:3f:ae:b4:1b:6f:79:fa:bf:82:62:6a:
                    43:71:87:a5:ef:f1:c9:20:90:bc:91:c8:1d:d2:53:
                    0b:61:69:46:c3:7e:a0:81:04:e5:9f:ef:2f:61:9d:
                    d7:5b:b3:c2:93:1f:02:64:6b:67:46:60:bb:e1:1a:
                    72:11:e8:a7:a4:2d:22:5e:1e:5a:7d:41:5a:aa:b4:
                    79:9b:df:34:07:10:9a:63:08:88:f7:59:4d:18:c6:
                    c8:3f:02:ff:31:00:1c:c6:c4:c3:0c:e8:55:4d:b2:
                    60:e1:50:59:5c:06:b0:dc:94:98:1d:29:6c:a3:1c:
                    20:3c:e8:3d:f0:29:d3:41:ad:cb:be:3a:7c:3e:53:
                    aa:2c:03:d0:40:4d:99:de:90:2b:cb:83:c5:aa:5c:
                    c5:54:73:39:8b:9a:4a:e6:07:75:c1:38:69:85:72:
                    7c:8d:8a:41:d5:d9:56:a0:a4:3d:d0:2e:c4:12:39:
                    b8:24:f9:b4:5b:24:1b:73:52:70:df:96:9f:62:7c:
                    7d:69:ec:28:ee:06:89:d6:4e:8f:4f:51:9b:85:af:
                    69:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:69:98:A1:F5:C6:B4:31:83:B1:B1:6C:D8:1C:04:67:B7:6E:D8:15
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/86f3ee45-f51f-4d7b-a795-e05fbd6152d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:dc:70:0f:0e:92:69:5b:bc:0f:14:16:11:17:25:08:fb:20:
         31:e5:ec:d3:a7:33:37:d0:dd:ea:ac:0a:c3:cc:00:f2:e8:d5:
         f8:86:9d:45:67:ac:c6:42:89:6c:c5:e2:8c:44:2d:bb:b0:e2:
         4e:5e:51:da:60:3e:4f:b5:a9:f6:41:48:b9:5e:40:9d:ce:8a:
         0b:ea:9b:62:5e:28:f5:f0:1d:7a:0c:a4:f3:a4:37:0a:17:a8:
         4a:c9:3e:4c:da:fb:80:6d:1d:d7:13:84:03:c7:16:50:15:5f:
         b7:56:fa:5c:15:eb:af:f8:4c:c5:23:4d:8c:01:9a:df:8a:ae:
         31:4e:80:cc:18:e5:38:f4:f5:2a:99:24:3b:51:b4:01:5f:6b:
         01:fc:fd:42:7b:2c:cf:ed:35:d9:df:ae:01:db:a7:0b:05:6c:
         6a:8b:78:31:9a:32:14:82:c8:e0:c8:49:1a:c7:b4:11:a4:0e:
         4e:bd:21:d2:60:54:95:6e:0f:5a:96:0b:bd:f9:30:29:33:e5:
         de:e9:4d:29:05:48:2f:ce:1f:ef:e8:04:21:40:cd:9f:b6:62:
         7c:6e:1a:e0:65:cd:0e:1f:d3:6e:68:29:13:c4:98:cc:ab:19:
         2f:55:58:bc:a0:61:24:2f:2c:10:c4:05:dc:23:d9:cb:61:30:
         a4:41:46:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUwyBXzfxx7uNp51WMTkQIhyet34wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE0MDAwMDAwWhcNMjMxMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMGE2NmEyNzhjY2Q1MWVmMDVmZTYzMmViNDFmOWYyOTE0
OTNiMDVmYmY5ZjQ2MGFjMzVhNzJjOWE1NDU3NmUxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfbpPZV8dwt//PC5vwqoNqxqalnJGlAMv2KOk+95J82g7X
ROL6ImZk8/FYBuNcaV4/rrQbb3n6v4JiakNxh6Xv8ckgkLyRyB3SUwthaUbDfqCB
BOWf7y9hnddbs8KTHwJka2dGYLvhGnIR6KekLSJeHlp9QVqqtHmb3zQHEJpjCIj3
WU0Yxsg/Av8xABzGxMMM6FVNsmDhUFlcBrDclJgdKWyjHCA86D3wKdNBrcu+Onw+
U6osA9BATZnekCvLg8WqXMVUczmLmkrmB3XBOGmFcnyNikHV2VagpD3QLsQSObgk
+bRbJBtzUnDflp9ifH1p7CjuBonWTo9PUZuFr2n7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5WmYofXGtDGDsbFs2BwEZ7du2BUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg2ZjNlZTQ1LWY1MWYtNGQ3Yi1hNzk1LWUwNWZiZDYxNTJkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAInccA8OkmlbvA8UFhEXJQj7IDHl
7NOnMzfQ3eqsCsPMAPLo1fiGnUVnrMZCiWzF4oxELbuw4k5eUdpgPk+1qfZBSLle
QJ3Oigvqm2JeKPXwHXoMpPOkNwoXqErJPkza+4BtHdcThAPHFlAVX7dW+lwV66/4
TMUjTYwBmt+KrjFOgMwY5Tj09SqZJDtRtAFfawH8/UJ7LM/tNdnfrgHbpwsFbGqL
eDGaMhSCyODISRrHtBGkDk69IdJgVJVuD1qWC735MCkz5d7pTSkFSC/OH+/oBCFA
zZ+2YnxuGuBlzQ4f025oKRPEmMyrGS9VWLygYSQvLBDEBdwj2cthMKRBRkg=
-----END CERTIFICATE-----