Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0b0cf09f-8f2a-4093-8a89-ebff37885e09.roa
File:                     0b0cf09f-8f2a-4093-8a89-ebff37885e09.roa (raw, json)
Hash identifier:          2DRpY2yI1l5/3PUR4/0vhS1g00VuBshyYDy7fktHgwQ=
Subject key identifier:   3F:A8:C6:5E:94:E2:61:4B:F1:43:D3:96:06:F3:8F:37:DD:A5:03:96
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5F8693A16BE24BDFEE29DAD915D36D7285C4A274
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0b0cf09f-8f2a-4093-8a89-ebff37885e09.roa
Signing time:             Sat 13 Apr 2024 00:00:00 +0000
ROA not before:           Sat 13 Apr 2024 00:00:00 +0000
ROA not after:            Sat 18 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:86:93:a1:6b:e2:4b:df:ee:29:da:d9:15:d3:6d:72:85:c4:a2:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 13 00:00:00 2024 GMT
            Not After : May 18 23:59:59 2024 GMT
        Subject: serialNumber=712c404b80137331dfe7072fe81a04505933d27bb9aaafdc00f2d6e4dbec850c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ad:fc:ea:1e:09:3c:18:f5:62:34:98:7a:05:
                    a2:af:25:c5:0d:23:97:93:15:c9:65:2b:59:ab:24:
                    c1:b0:36:56:56:13:5e:cb:ee:93:48:07:29:6f:e9:
                    2d:1c:64:1e:a6:7e:d8:91:d6:7d:3a:40:5d:ba:12:
                    10:87:92:4a:e1:b7:60:71:f2:18:7e:a5:2f:46:a6:
                    7f:44:21:dc:fa:bc:c3:c0:b2:15:34:b8:24:ff:c1:
                    dc:10:9b:74:6d:c6:b8:21:c5:0e:3e:5a:fa:94:9e:
                    65:27:46:b1:15:57:ba:ac:0e:f7:b9:0d:29:85:75:
                    f3:f6:fa:ac:30:43:98:cd:b4:7e:8b:b1:8b:9d:90:
                    8e:98:ad:d1:a7:78:8e:b6:d5:08:69:39:35:58:6c:
                    2e:37:57:61:18:d6:b3:d5:5d:f6:d2:06:6e:b9:36:
                    a7:e1:60:ad:60:99:e8:62:1e:49:47:e9:e7:ff:87:
                    3b:44:17:d4:e1:28:51:90:bd:45:06:eb:39:12:ac:
                    5a:eb:9b:c7:ef:48:f9:1e:f1:0d:bb:6c:96:c4:07:
                    21:83:39:77:c5:68:09:62:9e:0d:29:70:10:69:e1:
                    f2:c1:45:2a:d4:2c:f5:7e:9f:15:a7:fd:ad:34:c6:
                    4a:ae:f4:bd:b9:0a:0a:e1:87:2b:ee:57:38:1c:7a:
                    47:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:A8:C6:5E:94:E2:61:4B:F1:43:D3:96:06:F3:8F:37:DD:A5:03:96
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0b0cf09f-8f2a-4093-8a89-ebff37885e09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:5d:87:04:33:15:a4:bc:6a:90:35:2c:08:b5:98:ab:b6:bf:
         ae:b9:60:0a:25:43:e7:03:9d:27:56:b3:18:48:c6:6f:29:5d:
         c2:cb:62:82:98:9a:e8:a3:53:70:86:b3:21:5d:bd:6c:21:74:
         91:ba:97:2f:bb:eb:3f:a5:6e:a2:b3:f8:34:d3:b9:ba:ac:06:
         94:4f:ed:e9:86:71:aa:80:dd:6f:a7:66:52:03:29:1c:ab:4c:
         1e:2a:ea:b3:84:63:a8:f6:a2:2e:82:8f:98:23:ac:02:f9:27:
         81:38:fa:8c:72:7c:26:ea:b1:52:7d:bc:0a:01:fb:52:11:7c:
         57:ce:1d:6f:f0:1e:1d:ad:50:a3:5e:b3:58:18:49:31:44:61:
         dc:8b:27:98:df:57:ca:b0:44:d2:84:41:da:72:21:86:a0:0c:
         cb:ca:b3:72:35:1b:f8:96:56:e7:1f:f0:9d:57:35:70:0e:fe:
         f8:ad:73:7b:7c:25:0c:bf:dc:9d:6c:20:f3:a8:93:66:6b:91:
         53:67:95:cd:d3:cf:63:be:73:b4:de:db:50:9d:e8:88:e6:50:
         69:18:b3:1a:96:bd:83:af:7c:85:e2:21:ae:a0:32:d0:02:89:
         00:78:65:7c:19:c3:4f:77:25:4b:09:b5:8a:bf:ad:77:04:6b:
         8a:55:88:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUX4aToWviS9/uKdrZFdNtcoXEonQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDEzMDAwMDAwWhcNMjQwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MTJjNDA0YjgwMTM3MzMxZGZlNzA3MmZlODFhMDQ1MDU5
MzNkMjdiYjlhYWFmZGMwMGYyZDZlNGRiZWM4NTBjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCorfzqHgk8GPViNJh6BaKvJcUNI5eTFcllK1mrJMGwNlZW
E17L7pNIBylv6S0cZB6mftiR1n06QF26EhCHkkrht2Bx8hh+pS9Gpn9EIdz6vMPA
shU0uCT/wdwQm3RtxrghxQ4+WvqUnmUnRrEVV7qsDve5DSmFdfP2+qwwQ5jNtH6L
sYudkI6YrdGneI621QhpOTVYbC43V2EY1rPVXfbSBm65NqfhYK1gmehiHklH6ef/
hztEF9ThKFGQvUUG6zkSrFrrm8fvSPke8Q27bJbEByGDOXfFaAling0pcBBp4fLB
RSrULPV+nxWn/a00xkqu9L25CgrhhyvuVzgcekdrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUP6jGXpTiYUvxQ9OWBvOPN92lA5YwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBiMGNmMDlmLThmMmEtNDA5My04YTg5LWViZmYzNzg4NWUwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFFdhwQzFaS8apA1LAi1mKu2v665
YAolQ+cDnSdWsxhIxm8pXcLLYoKYmuijU3CGsyFdvWwhdJG6ly+76z+lbqKz+DTT
ubqsBpRP7emGcaqA3W+nZlIDKRyrTB4q6rOEY6j2oi6Cj5gjrAL5J4E4+oxyfCbq
sVJ9vAoB+1IRfFfOHW/wHh2tUKNes1gYSTFEYdyLJ5jfV8qwRNKEQdpyIYagDMvK
s3I1G/iWVucf8J1XNXAO/vitc3t8JQy/3J1sIPOok2ZrkVNnlc3Tz2O+c7Te21Cd
6IjmUGkYsxqWvYOvfIXiIa6gMtACiQB4ZXwZw093JUsJtYq/rXcEa4pViKg=
-----END CERTIFICATE-----