Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0df91edd-afa1-477b-9e7a-984d6209531b.roa
File:                     0df91edd-afa1-477b-9e7a-984d6209531b.roa (raw, json)
Hash identifier:          JZSBwXp8GuZP5c80bib3A4oaNpFF9LVqqJ/OtxdFd1M=
Subject key identifier:   15:E3:49:77:54:16:84:71:78:D2:29:95:1A:A6:9A:1D:46:75:12:55
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       37C93DAF47929BE67208E26A1E81D2D46CB0951A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0df91edd-afa1-477b-9e7a-984d6209531b.roa
Signing time:             Wed 20 Mar 2024 00:00:00 +0000
ROA not before:           Wed 20 Mar 2024 00:00:00 +0000
ROA not after:            Wed 24 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:c9:3d:af:47:92:9b:e6:72:08:e2:6a:1e:81:d2:d4:6c:b0:95:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 20 00:00:00 2024 GMT
            Not After : Apr 24 23:59:59 2024 GMT
        Subject: serialNumber=680c7a83bc92e66a5433c29d23b752f74d0b6c0172ead92f7036f6099b6088ee, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a1:45:59:1c:28:aa:c5:9a:b6:9e:0f:67:0f:
                    2c:8d:56:d8:21:3c:3c:d1:63:29:ef:22:a7:4c:2e:
                    56:a1:e1:fb:07:43:d8:8e:c5:84:a4:ab:7c:34:2f:
                    53:28:41:74:c1:97:32:4d:22:2f:e6:8e:8a:dc:16:
                    b4:ac:46:fb:bb:99:4c:ed:96:58:44:ac:9c:cb:8e:
                    bf:42:9b:ac:a3:83:30:f6:3a:4c:70:3e:1c:ea:2c:
                    98:b1:19:95:eb:d9:6b:9d:7d:50:95:8b:d9:5f:e4:
                    bf:be:ee:12:8a:c3:d9:ba:68:3f:f3:58:4d:3c:83:
                    67:13:40:87:5b:8e:c0:37:b1:38:3b:f6:90:56:2e:
                    e1:4c:59:93:10:08:a0:31:35:b5:14:d6:5f:55:c4:
                    1e:72:22:76:b1:08:b7:65:78:9c:cf:06:78:91:0f:
                    cc:95:f4:bf:de:d1:f8:7d:56:41:9d:18:6c:d3:a3:
                    f3:d9:da:bb:cb:4b:03:bb:f2:01:13:fb:ee:be:e0:
                    1b:a0:3d:71:be:20:90:55:09:52:42:c3:80:6b:28:
                    76:84:62:89:40:36:05:c5:0a:c8:1d:d3:08:a9:b0:
                    f7:5b:dd:86:a4:e9:e6:06:23:85:6f:5d:d1:c4:c4:
                    b6:56:9d:d7:a7:6b:99:7c:f4:5f:38:88:0a:ee:4c:
                    fa:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:E3:49:77:54:16:84:71:78:D2:29:95:1A:A6:9A:1D:46:75:12:55
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0df91edd-afa1-477b-9e7a-984d6209531b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:11:4f:1f:d5:89:9d:5f:1d:79:c9:33:3b:78:a5:9a:d5:bd:
         b2:63:47:25:15:4d:ea:d7:9a:fe:d8:47:6c:65:3a:3c:28:94:
         c0:9f:db:5d:c6:d9:d7:c1:63:61:94:c7:4b:29:ee:f9:96:2c:
         4f:e0:9a:51:3c:74:62:2e:8b:83:92:e0:dc:18:08:dd:01:0d:
         0b:5a:78:e6:21:53:59:df:4a:1e:af:d6:c7:d2:27:8d:75:42:
         3e:32:2c:d1:c0:bb:63:88:4f:ee:50:61:c6:3b:49:b1:95:18:
         0d:41:53:bc:23:cd:b4:3a:92:15:5b:cf:6e:9a:09:44:86:62:
         61:d1:97:de:7a:79:07:26:ae:b3:4d:5b:3e:f0:96:60:1f:11:
         3b:e0:2a:ca:d6:fe:b2:a8:da:bc:c6:e6:0e:fd:d0:01:17:52:
         83:12:d8:5f:71:98:b4:1d:5d:1c:c6:f1:1b:3e:6f:98:4c:7a:
         fb:25:d4:42:0e:5f:a1:86:28:d4:4b:15:8a:1c:7f:26:92:57:
         54:79:0a:16:57:9d:0f:6f:a3:c7:46:13:a0:5b:27:55:df:52:
         80:9f:54:6b:fa:86:51:2a:03:b5:13:6e:70:78:96:de:f6:fa:
         01:d5:1e:f2:8f:56:e1:45:68:5a:09:7c:8c:2a:ba:a2:dc:53:
         33:7d:50:ef
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN8k9r0eSm+ZyCOJqHoHS1GywlRowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzIwMDAwMDAwWhcNMjQwNDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ODBjN2E4M2JjOTJlNjZhNTQzM2MyOWQyM2I3NTJmNzRk
MGI2YzAxNzJlYWQ5MmY3MDM2ZjYwOTliNjA4OGVlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/oUVZHCiqxZq2ng9nDyyNVtghPDzRYynvIqdMLlah4fsH
Q9iOxYSkq3w0L1MoQXTBlzJNIi/mjorcFrSsRvu7mUztllhErJzLjr9Cm6yjgzD2
OkxwPhzqLJixGZXr2WudfVCVi9lf5L++7hKKw9m6aD/zWE08g2cTQIdbjsA3sTg7
9pBWLuFMWZMQCKAxNbUU1l9VxB5yInaxCLdleJzPBniRD8yV9L/e0fh9VkGdGGzT
o/PZ2rvLSwO78gET++6+4BugPXG+IJBVCVJCw4BrKHaEYolANgXFCsgd0wipsPdb
3Yak6eYGI4VvXdHExLZWndena5l89F84iAruTPqJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFeNJd1QWhHF40imVGqaaHUZ1ElUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBkZjkxZWRkLWFmYTEtNDc3Yi05ZTdhLTk4NGQ2MjA5NTMxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEwRTx/ViZ1fHXnJMzt4pZrVvbJj
RyUVTerXmv7YR2xlOjwolMCf213G2dfBY2GUx0sp7vmWLE/gmlE8dGIui4OS4NwY
CN0BDQtaeOYhU1nfSh6v1sfSJ411Qj4yLNHAu2OIT+5QYcY7SbGVGA1BU7wjzbQ6
khVbz26aCUSGYmHRl956eQcmrrNNWz7wlmAfETvgKsrW/rKo2rzG5g790AEXUoMS
2F9xmLQdXRzG8Rs+b5hMevsl1EIOX6GGKNRLFYocfyaSV1R5ChZXnQ9vo8dGE6Bb
J1XfUoCfVGv6hlEqA7UTbnB4lt72+gHVHvKPVuFFaFoJfIwquqLcUzN9UO8=
-----END CERTIFICATE-----