Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dc106c2e-dfa1-4f16-a574-20da6d650553.roa
File:                     dc106c2e-dfa1-4f16-a574-20da6d650553.roa (raw, json)
Hash identifier:          6mhiKknRBSTpoNo0tJ7bYW478wiD/lg6eGTDexyjiNE=
Subject key identifier:   C2:5C:DA:C1:20:D0:F3:E5:F1:8F:D5:35:BD:64:8F:B2:57:CC:4D:59
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2622680809D5379B519F2465CD48B929CA122D61
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dc106c2e-dfa1-4f16-a574-20da6d650553.roa
Signing time:             Sat 18 Nov 2023 00:00:00 +0000
ROA not before:           Sat 18 Nov 2023 00:00:00 +0000
ROA not after:            Sat 23 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:22:68:08:09:d5:37:9b:51:9f:24:65:cd:48:b9:29:ca:12:2d:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 18 00:00:00 2023 GMT
            Not After : Dec 23 23:59:59 2023 GMT
        Subject: serialNumber=8519fa00eb6f6d7ff8d0ff2c6e82cfa77243f852576c76e1b97eb2e85130f9ff, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:49:b8:5e:ca:1a:2a:ba:58:a5:90:c9:e1:02:
                    23:cb:24:07:04:c2:72:c4:31:84:cf:12:b4:6e:dd:
                    08:eb:d3:cd:c8:3b:34:bd:25:59:e3:44:de:cf:de:
                    01:de:9a:24:91:d5:fb:ed:cb:e2:31:f2:a5:7a:fd:
                    49:10:fd:49:57:cd:c7:3a:e1:9b:2e:1f:10:fc:98:
                    d6:04:56:95:83:59:41:93:f2:c0:2f:94:c1:26:ec:
                    0b:d4:40:dd:8b:7e:71:42:4f:75:8c:15:d8:da:75:
                    d3:8a:c3:d6:9e:ed:72:92:f6:63:e5:3d:7a:fb:9c:
                    9c:ee:01:4f:ac:5f:2d:60:b6:56:fe:2c:fa:8e:9d:
                    46:dc:15:ad:1d:9e:16:9b:36:65:23:10:1e:54:27:
                    1c:a4:88:03:51:bf:76:1e:7c:d4:d9:89:b8:8e:44:
                    22:c1:ef:9c:f0:ab:97:77:76:1e:93:24:89:86:cf:
                    0a:6b:4e:fc:86:7b:60:cb:cf:2b:a9:f6:49:7c:53:
                    02:cc:7d:9c:e7:d0:9f:01:e2:bc:db:eb:b7:d7:1b:
                    7a:c5:94:6a:b2:9f:13:92:f1:73:1b:25:5f:2b:5e:
                    72:39:92:b1:71:ae:58:f9:15:a9:3b:08:88:22:3e:
                    cd:7a:6b:77:15:8e:ca:c0:56:b8:1a:dd:82:c6:18:
                    c1:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:5C:DA:C1:20:D0:F3:E5:F1:8F:D5:35:BD:64:8F:B2:57:CC:4D:59
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dc106c2e-dfa1-4f16-a574-20da6d650553.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:c1:9e:f4:19:af:da:d1:5f:a2:ef:5d:ee:6f:2e:76:81:d3:
         ae:59:e3:48:4f:18:f7:6f:1d:32:a7:71:d8:c4:e4:8d:ec:1c:
         40:b4:33:cd:7a:02:22:55:6e:c3:f0:92:5f:44:5b:9e:66:2c:
         60:9b:9e:c3:c5:c7:17:4c:e7:95:7a:c8:f5:ed:c1:ec:88:71:
         47:f1:f9:b7:95:dd:5b:b6:fd:c4:2b:ad:06:6f:57:9d:72:62:
         8e:8e:43:1c:55:71:20:1c:ca:3e:b2:cd:73:4a:cb:b7:4b:62:
         0e:05:b7:c4:0e:f4:8e:fc:68:20:5a:ab:bc:7b:53:04:9f:1f:
         51:37:a6:1d:f7:6e:89:d8:29:d0:28:48:89:71:64:f2:41:9b:
         c1:9e:70:68:b7:b2:4d:5a:ec:7c:33:9f:47:3d:2e:43:4a:5e:
         b1:4c:aa:e8:cf:11:5f:47:5b:32:b1:48:32:98:b3:71:eb:e5:
         1d:22:ad:37:a0:74:bb:99:da:6b:32:86:72:31:db:4b:cf:56:
         b4:30:c6:7a:ea:ca:7c:ba:47:f1:50:51:c2:22:be:00:55:5b:
         0a:4f:df:16:b1:9e:59:a9:d8:3f:59:c5:d5:10:68:0e:22:f1:
         58:60:0d:82:90:4a:5e:48:e5:22:db:03:ac:0e:5f:ee:f8:f4:
         3f:b8:4c:38
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJiJoCAnVN5tRnyRlzUi5KcoSLWEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE4MDAwMDAwWhcNMjMxMjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTE5ZmEwMGViNmY2ZDdmZjhkMGZmMmM2ZTgyY2ZhNzcy
NDNmODUyNTc2Yzc2ZTFiOTdlYjJlODUxMzBmOWZmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDESbheyhoqulilkMnhAiPLJAcEwnLEMYTPErRu3Qjr083I
OzS9JVnjRN7P3gHemiSR1fvty+Ix8qV6/UkQ/UlXzcc64ZsuHxD8mNYEVpWDWUGT
8sAvlMEm7AvUQN2LfnFCT3WMFdjaddOKw9ae7XKS9mPlPXr7nJzuAU+sXy1gtlb+
LPqOnUbcFa0dnhabNmUjEB5UJxykiANRv3YefNTZibiORCLB75zwq5d3dh6TJImG
zwprTvyGe2DLzyup9kl8UwLMfZzn0J8B4rzb67fXG3rFlGqynxOS8XMbJV8rXnI5
krFxrlj5Fak7CIgiPs16a3cVjsrAVrga3YLGGMEjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwlzawSDQ8+Xxj9U1vWSPslfMTVkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RjMTA2YzJlLWRmYTEtNGYxNi1hNTc0LTIwZGE2ZDY1MDU1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFfBnvQZr9rRX6LvXe5vLnaB065Z
40hPGPdvHTKncdjE5I3sHEC0M816AiJVbsPwkl9EW55mLGCbnsPFxxdM55V6yPXt
weyIcUfx+beV3Vu2/cQrrQZvV51yYo6OQxxVcSAcyj6yzXNKy7dLYg4Ft8QO9I78
aCBaq7x7UwSfH1E3ph33bonYKdAoSIlxZPJBm8GecGi3sk1a7Hwzn0c9LkNKXrFM
qujPEV9HWzKxSDKYs3Hr5R0irTegdLuZ2msyhnIx20vPVrQwxnrqyny6R/FQUcIi
vgBVWwpP3xaxnlmp2D9ZxdUQaA4i8VhgDYKQSl5I5SLbA6wOX+749D+4TDg=
-----END CERTIFICATE-----