Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a69f2866-7d9b-4ff7-805b-49bf712a2a47.roa
File:                     a69f2866-7d9b-4ff7-805b-49bf712a2a47.roa (raw, json)
Hash identifier:          JO6cfe+4ozyh0xJjs8jsEtBsEF0tyMbO3cWqejPEIE0=
Subject key identifier:   6A:4F:50:32:6D:25:02:FD:38:A9:D2:F9:E4:F3:4C:B3:9F:1D:F8:68
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       17EBD1813AC0EB0A1F7963D080EFD2CF70687176
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a69f2866-7d9b-4ff7-805b-49bf712a2a47.roa
Signing time:             Sun 12 Nov 2023 00:00:00 +0000
ROA not before:           Sun 12 Nov 2023 00:00:00 +0000
ROA not after:            Sun 17 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:eb:d1:81:3a:c0:eb:0a:1f:79:63:d0:80:ef:d2:cf:70:68:71:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 12 00:00:00 2023 GMT
            Not After : Dec 17 23:59:59 2023 GMT
        Subject: serialNumber=423a9e56fb54f90d3b015b42c46854c6f44307fec536a6e711408be783080421, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:17:cc:35:7f:22:49:2b:68:e2:33:1a:31:7d:
                    09:26:63:cc:38:0a:c9:43:f4:20:93:13:0c:50:24:
                    df:7c:0c:e7:82:bc:68:f8:ab:52:6a:37:4b:53:ba:
                    9c:5e:45:e9:0a:9d:41:0b:4d:92:24:be:fe:37:d6:
                    22:11:e5:bf:cf:85:f1:25:d9:85:78:3f:81:a4:2e:
                    c1:94:ac:24:c3:39:97:c9:97:ea:89:d6:d1:8a:0f:
                    4b:dc:00:f0:b9:d8:49:0d:e0:d9:dd:c0:b3:2f:e1:
                    48:59:23:ff:19:07:84:af:7f:65:07:95:0a:9c:d6:
                    59:b3:47:5f:6a:aa:0a:49:e2:1a:23:33:5b:63:79:
                    b8:b6:7f:9e:fa:93:70:65:cb:96:a0:22:e8:9e:01:
                    e0:58:84:b9:b5:d7:80:d6:0c:c9:4b:aa:18:c9:f1:
                    d8:c7:60:33:a3:7d:bc:dd:45:d9:61:24:3d:85:78:
                    dd:ff:a9:0f:d4:c9:32:0f:1d:46:5e:af:1d:c5:a0:
                    4c:1c:06:5c:6b:de:4a:d2:2f:46:e3:04:59:1f:63:
                    bc:ae:32:9a:65:f7:0d:e2:ab:14:4c:97:10:c7:0f:
                    e2:da:20:22:9d:e3:2d:83:3a:e3:a7:ef:06:f2:de:
                    43:c8:40:c7:ba:90:20:40:4e:cf:ad:91:84:cc:9e:
                    28:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:4F:50:32:6D:25:02:FD:38:A9:D2:F9:E4:F3:4C:B3:9F:1D:F8:68
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a69f2866-7d9b-4ff7-805b-49bf712a2a47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:53:5f:7c:8e:ed:79:f7:36:f9:3f:61:0d:d4:d6:a6:aa:69:
         aa:7f:a1:24:60:0a:e2:ea:79:83:35:82:00:bc:6b:d3:aa:00:
         dc:f8:35:fd:9a:8f:52:76:21:a5:75:f2:2a:b7:4b:01:c1:44:
         ce:e3:1c:d7:63:6c:8d:17:f2:4c:d8:b8:23:d3:52:0e:73:3c:
         a6:9b:a1:44:25:bd:33:1c:e7:f9:b9:cc:16:78:7a:82:94:cc:
         3c:0b:f7:15:34:ae:fe:c0:af:28:e3:ee:4a:a6:04:38:91:1f:
         de:b1:4b:74:66:92:41:0b:c6:de:4b:a3:5e:78:51:c5:53:90:
         86:de:a8:ef:fb:a6:49:bc:92:17:7f:ee:b8:37:2f:8f:5c:59:
         b6:e8:56:0d:c4:40:c5:78:99:72:8c:98:fc:61:48:95:96:32:
         e8:32:29:d1:08:9b:90:0c:55:c8:73:91:0b:88:2e:3c:91:6e:
         68:25:0e:37:50:4c:fc:c1:82:0e:6d:ee:9e:ec:e3:89:07:2c:
         45:60:3c:ff:9e:6a:81:9f:78:ce:90:8e:5b:3a:8c:75:61:b2:
         5d:3e:1a:71:ed:23:50:6e:07:47:0f:92:75:cc:0e:f6:62:3b:
         90:9e:f5:29:43:6b:b7:18:24:ef:38:fe:69:a5:9f:b4:dc:80:
         9f:b7:63:8b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF+vRgTrA6wofeWPQgO/Sz3BocXYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTEyMDAwMDAwWhcNMjMxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MjNhOWU1NmZiNTRmOTBkM2IwMTViNDJjNDY4NTRjNmY0
NDMwN2ZlYzUzNmE2ZTcxMTQwOGJlNzgzMDgwNDIxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDF8w1fyJJK2jiMxoxfQkmY8w4CslD9CCTEwxQJN98DOeC
vGj4q1JqN0tTupxeRekKnUELTZIkvv431iIR5b/PhfEl2YV4P4GkLsGUrCTDOZfJ
l+qJ1tGKD0vcAPC52EkN4NndwLMv4UhZI/8ZB4Svf2UHlQqc1lmzR19qqgpJ4hoj
M1tjebi2f576k3Bly5agIuieAeBYhLm114DWDMlLqhjJ8djHYDOjfbzdRdlhJD2F
eN3/qQ/UyTIPHUZerx3FoEwcBlxr3krSL0bjBFkfY7yuMppl9w3iqxRMlxDHD+La
ICKd4y2DOuOn7wby3kPIQMe6kCBATs+tkYTMnii1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUak9QMm0lAv04qdL55PNMs58d+GgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E2OWYyODY2LTdkOWItNGZmNy04MDViLTQ5YmY3MTJhMmE0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAENTX3yO7Xn3Nvk/YQ3U1qaqaap/
oSRgCuLqeYM1ggC8a9OqANz4Nf2aj1J2IaV18iq3SwHBRM7jHNdjbI0X8kzYuCPT
Ug5zPKaboUQlvTMc5/m5zBZ4eoKUzDwL9xU0rv7Aryjj7kqmBDiRH96xS3RmkkEL
xt5Lo154UcVTkIbeqO/7pkm8khd/7rg3L49cWbboVg3EQMV4mXKMmPxhSJWWMugy
KdEIm5AMVchzkQuILjyRbmglDjdQTPzBgg5t7p7s44kHLEVgPP+eaoGfeM6Qjls6
jHVhsl0+GnHtI1BuB0cPknXMDvZiO5Ce9SlDa7cYJO84/mmln7TcgJ+3Y4s=
-----END CERTIFICATE-----