Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/013e96fb-8f46-499f-a09e-2a8de32a4fe3.roa
File:                     013e96fb-8f46-499f-a09e-2a8de32a4fe3.roa (raw, json)
Hash identifier:          legEhRgKkLcUMAEzTS89B7IATCS+/tdAFF6ZlBJHYb4=
Subject key identifier:   F8:62:E0:30:4E:7D:62:0B:06:F4:59:9C:E7:5E:04:A0:D0:F7:1E:4D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0A7950D29084BC3442D517880BD43F913D81E189
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/013e96fb-8f46-499f-a09e-2a8de32a4fe3.roa
Signing time:             Mon 11 Mar 2024 00:00:00 +0000
ROA not before:           Mon 11 Mar 2024 00:00:00 +0000
ROA not after:            Mon 15 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:79:50:d2:90:84:bc:34:42:d5:17:88:0b:d4:3f:91:3d:81:e1:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 11 00:00:00 2024 GMT
            Not After : Apr 15 23:59:59 2024 GMT
        Subject: serialNumber=e2f1225f434bfb682ad2c266a0c48b7eac55a99c60e427a8ae604a3906aae314, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d0:24:b9:a6:e5:28:05:34:dc:33:bb:ac:64:
                    40:51:b4:49:ca:bf:23:fa:e8:94:0e:c1:b6:63:03:
                    ed:ce:7f:fe:7e:59:34:a6:59:6c:5d:9d:df:35:cc:
                    f4:d5:f4:32:cc:6b:0d:7d:34:c9:95:97:a6:b6:fd:
                    f4:8a:de:34:f2:eb:0c:33:f5:55:7f:f3:3e:1b:12:
                    04:cd:09:01:5b:ab:ed:a2:6d:0b:65:0d:2d:ca:8e:
                    0c:b1:4a:51:75:59:c9:4a:69:1c:67:c4:cd:fc:75:
                    c8:63:63:16:46:55:a6:19:a2:bd:86:84:49:52:45:
                    5a:dc:07:bd:56:ff:c3:4e:de:1e:0e:ab:df:cf:9d:
                    30:d4:25:2d:a0:8f:35:c9:32:58:5f:aa:62:be:9b:
                    3e:1e:87:71:c0:ab:bf:59:d2:e3:df:18:43:bf:33:
                    ed:ea:ea:39:ed:4e:ea:09:17:78:a7:cc:db:f8:b3:
                    b1:02:37:1f:81:f3:25:76:b8:f4:05:4b:cc:46:4e:
                    13:be:14:25:9f:a8:3d:00:f9:78:9b:89:d0:ab:08:
                    b3:71:63:76:69:6d:9e:9d:28:52:7b:08:ee:6f:0e:
                    4d:fa:2c:29:6b:12:59:d6:da:e6:75:77:b2:21:2f:
                    d0:a0:93:ff:7d:9c:72:97:91:a2:2e:70:a3:fe:fd:
                    ca:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:62:E0:30:4E:7D:62:0B:06:F4:59:9C:E7:5E:04:A0:D0:F7:1E:4D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/013e96fb-8f46-499f-a09e-2a8de32a4fe3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:51:ef:52:e1:82:a0:97:18:8c:32:63:71:ac:1e:8a:37:4a:
         6b:76:63:8d:e6:21:9c:bf:66:33:ea:6e:81:69:88:6a:21:a1:
         72:26:b3:01:75:35:b4:bb:52:97:32:11:12:a6:b0:39:f0:13:
         e8:0e:de:57:dc:d6:d4:6e:ab:1d:1e:fa:6e:7e:57:c0:ff:46:
         73:6c:b9:9f:ed:e8:64:ad:3f:d3:14:d3:33:36:8a:ed:29:e9:
         64:60:bb:7c:64:af:1c:b0:5e:6c:1e:52:c2:28:b3:18:86:84:
         53:c1:c8:39:67:45:a6:86:c8:65:c4:30:90:d8:c3:8f:96:70:
         0b:c8:56:13:ab:23:6c:96:f9:8e:fd:21:f4:96:4e:42:ea:f4:
         62:5f:37:5e:33:48:9a:cb:31:e3:db:c6:33:3b:2a:af:73:9e:
         3e:3b:9e:1d:ed:65:8b:6a:f2:a1:2a:d6:99:9e:0e:95:ee:e9:
         e4:cf:21:c1:9d:0a:35:8d:33:5b:09:a0:32:7f:7c:bc:20:8d:
         ff:c9:97:e0:88:ad:4b:d3:5d:b3:19:ab:ed:ff:f0:a4:9d:28:
         cc:c8:a2:30:d3:9a:ad:20:be:59:81:a6:66:60:ab:87:34:d9:
         3a:33:7d:8c:df:37:30:86:02:91:6e:2b:64:45:be:c0:8d:00:
         05:40:47:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCnlQ0pCEvDRC1ReIC9Q/kT2B4YkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzExMDAwMDAwWhcNMjQwNDE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMmYxMjI1ZjQzNGJmYjY4MmFkMmMyNjZhMGM0OGI3ZWFj
NTVhOTljNjBlNDI3YThhZTYwNGEzOTA2YWFlMzE0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCl0CS5puUoBTTcM7usZEBRtEnKvyP66JQOwbZjA+3Of/5+
WTSmWWxdnd81zPTV9DLMaw19NMmVl6a2/fSK3jTy6wwz9VV/8z4bEgTNCQFbq+2i
bQtlDS3KjgyxSlF1WclKaRxnxM38dchjYxZGVaYZor2GhElSRVrcB71W/8NO3h4O
q9/PnTDUJS2gjzXJMlhfqmK+mz4eh3HAq79Z0uPfGEO/M+3q6jntTuoJF3inzNv4
s7ECNx+B8yV2uPQFS8xGThO+FCWfqD0A+XibidCrCLNxY3ZpbZ6dKFJ7CO5vDk36
LClrElnW2uZ1d7IhL9Cgk/99nHKXkaIucKP+/co9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+GLgME59YgsG9Fmc514EoND3Hk0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzAxM2U5NmZiLThmNDYtNDk5Zi1hMDllLTJhOGRlMzJhNGZlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKVR71LhgqCXGIwyY3GsHoo3Smt2
Y43mIZy/ZjPqboFpiGohoXImswF1NbS7UpcyERKmsDnwE+gO3lfc1tRuqx0e+m5+
V8D/RnNsuZ/t6GStP9MU0zM2iu0p6WRgu3xkrxywXmweUsIosxiGhFPByDlnRaaG
yGXEMJDYw4+WcAvIVhOrI2yW+Y79IfSWTkLq9GJfN14zSJrLMePbxjM7Kq9znj47
nh3tZYtq8qEq1pmeDpXu6eTPIcGdCjWNM1sJoDJ/fLwgjf/Jl+CIrUvTXbMZq+3/
8KSdKMzIojDTmq0gvlmBpmZgq4c02TozfYzfNzCGApFuK2RFvsCNAAVAR2Y=
-----END CERTIFICATE-----