Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/04df1db0-1310-44d2-9df0-882242d046a8.roa
File:                     04df1db0-1310-44d2-9df0-882242d046a8.roa (raw, json)
Hash identifier:          hVKhQzZ7Wox+07sxh4QkNLvTbUI1H/tyB30KeTwViHw=
Subject key identifier:   07:94:CD:4A:8B:40:F9:43:AF:A7:69:58:24:BB:35:56:55:14:F0:FF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       221483DD31EAAF635DB55E009DA102A69C1CEB27
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/04df1db0-1310-44d2-9df0-882242d046a8.roa
Signing time:             Thu 04 Apr 2024 00:00:00 +0000
ROA not before:           Thu 04 Apr 2024 00:00:00 +0000
ROA not after:            Thu 09 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:14:83:dd:31:ea:af:63:5d:b5:5e:00:9d:a1:02:a6:9c:1c:eb:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr  4 00:00:00 2024 GMT
            Not After : May  9 23:59:59 2024 GMT
        Subject: serialNumber=2d1a0d2cbf7d1a6fdef027ac6f29dbbe9bb3437e424c7addca131f25de09eb1e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:61:09:c7:bc:a4:b1:9d:bd:46:26:84:94:24:
                    d9:5a:d9:49:c3:dd:94:62:ae:2f:73:9b:06:63:ff:
                    86:4f:f1:95:97:14:a9:95:0c:6b:1d:29:83:23:38:
                    55:7f:da:17:85:0b:5c:5e:85:6e:8e:96:b8:74:ea:
                    64:4c:07:86:3e:dd:ba:46:87:e9:a0:cb:83:93:25:
                    be:f9:3e:e9:65:8f:d8:6c:bc:2f:a3:ad:89:eb:6b:
                    fc:fa:84:45:7e:54:b4:d3:18:b8:25:4f:b5:4c:40:
                    8e:af:0f:60:a9:9c:ee:9b:51:71:ee:a5:1a:8d:43:
                    a4:7d:84:51:2c:34:91:02:e5:7a:c9:12:e9:e3:75:
                    9c:91:b2:b0:c4:9b:99:45:6c:5d:59:23:de:7d:c0:
                    56:09:64:65:7d:ea:96:b9:89:65:31:44:d8:60:df:
                    38:4f:f6:7e:40:61:35:c7:ad:93:45:14:0f:47:e7:
                    af:54:84:3d:9a:26:43:30:3a:74:ad:fe:fc:40:33:
                    8a:f7:91:19:92:65:68:07:a2:77:46:a1:48:0f:6c:
                    9b:78:36:8b:b9:d8:d2:a3:a4:30:fa:76:87:3e:c2:
                    a7:44:ce:c8:02:21:51:60:c4:54:48:7e:0f:1a:a3:
                    69:f5:76:c5:f2:31:fe:1b:06:d5:2f:97:cc:61:ab:
                    7d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:94:CD:4A:8B:40:F9:43:AF:A7:69:58:24:BB:35:56:55:14:F0:FF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/04df1db0-1310-44d2-9df0-882242d046a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:ec:8f:41:3f:66:bc:a4:3a:5a:08:ba:7b:33:f4:26:ce:37:
         1b:71:15:42:87:f5:a0:a1:cd:cc:a7:8d:1d:a8:d9:cf:ad:ec:
         7d:1c:13:f2:c9:ba:d9:68:26:45:f5:d9:7c:45:19:cd:6f:12:
         e4:fb:3f:7b:fe:f8:39:bc:2f:71:d9:4a:10:0d:2d:7e:62:9e:
         bf:a9:99:f1:f6:7b:fb:3c:f7:ce:a0:2b:f9:16:d8:78:3e:46:
         61:c2:81:4e:7d:04:fc:87:79:24:ef:23:4e:86:a1:95:91:9b:
         a7:68:69:88:68:48:cd:71:f6:89:82:fb:c7:04:46:61:6d:8b:
         3e:8d:61:0c:ed:ae:30:d2:ff:eb:bd:87:b4:1e:89:20:db:63:
         86:ec:57:87:cf:34:e5:9d:1b:95:97:0a:b4:86:0b:f7:6f:52:
         57:c7:12:ab:42:a4:62:ce:72:c7:e5:ec:cf:30:c0:4f:16:42:
         e1:00:0b:42:86:b0:c6:61:ed:e6:33:b2:3e:cf:08:b6:31:43:
         bc:cf:99:f2:f9:3f:a9:19:c0:71:a6:db:48:3d:28:da:8e:33:
         71:ab:91:4b:91:68:62:55:fe:5c:bc:6a:45:36:f5:86:93:fd:
         ea:85:93:f2:fc:fb:0a:a9:ff:0d:0a:d4:0d:01:4f:2e:a1:14:
         c8:d1:b3:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIhSD3THqr2NdtV4AnaECppwc6ycwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDA0MDAwMDAwWhcNMjQwNTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZDFhMGQyY2JmN2QxYTZmZGVmMDI3YWM2ZjI5ZGJiZTli
YjM0MzdlNDI0YzdhZGRjYTEzMWYyNWRlMDllYjFlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlYQnHvKSxnb1GJoSUJNla2UnD3ZRiri9zmwZj/4ZP8ZWX
FKmVDGsdKYMjOFV/2heFC1xehW6Olrh06mRMB4Y+3bpGh+mgy4OTJb75Pullj9hs
vC+jrYnra/z6hEV+VLTTGLglT7VMQI6vD2CpnO6bUXHupRqNQ6R9hFEsNJEC5XrJ
EunjdZyRsrDEm5lFbF1ZI959wFYJZGV96pa5iWUxRNhg3zhP9n5AYTXHrZNFFA9H
569UhD2aJkMwOnSt/vxAM4r3kRmSZWgHondGoUgPbJt4Nou52NKjpDD6doc+wqdE
zsgCIVFgxFRIfg8ao2n1dsXyMf4bBtUvl8xhq33fAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUB5TNSotA+UOvp2lYJLs1VlUU8P8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA0ZGYxZGIwLTEzMTAtNDRkMi05ZGYwLTg4MjI0MmQwNDZhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK7sj0E/ZrykOloIunsz9CbONxtx
FUKH9aChzcynjR2o2c+t7H0cE/LJutloJkX12XxFGc1vEuT7P3v++Dm8L3HZShAN
LX5inr+pmfH2e/s8986gK/kW2Hg+RmHCgU59BPyHeSTvI06GoZWRm6doaYhoSM1x
9omC+8cERmFtiz6NYQztrjDS/+u9h7QeiSDbY4bsV4fPNOWdG5WXCrSGC/dvUlfH
EqtCpGLOcsfl7M8wwE8WQuEAC0KGsMZh7eYzsj7PCLYxQ7zPmfL5P6kZwHGm20g9
KNqOM3GrkUuRaGJV/ly8akU29YaT/eqFk/L8+wqp/w0K1A0BTy6hFMjRsyc=
-----END CERTIFICATE-----