Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1b2bd2b2-f91b-4083-b23b-c01437c2891c.roa
File:                     1b2bd2b2-f91b-4083-b23b-c01437c2891c.roa (raw, json)
Hash identifier:          +cxPZKnfLURrxbWqmYwCCrwEPFkI9u2AEKjFliCzyo8=
Subject key identifier:   02:84:73:24:73:9D:1F:A1:DF:7D:A9:0F:8B:1E:9E:2D:2E:32:13:8A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       583394249DC2E240B1B35BBF6430F98DA9448D1F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1b2bd2b2-f91b-4083-b23b-c01437c2891c.roa
Signing time:             Wed 21 Feb 2024 00:00:00 +0000
ROA not before:           Wed 21 Feb 2024 00:00:00 +0000
ROA not after:            Wed 27 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:33:94:24:9d:c2:e2:40:b1:b3:5b:bf:64:30:f9:8d:a9:44:8d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 21 00:00:00 2024 GMT
            Not After : Mar 27 23:59:59 2024 GMT
        Subject: serialNumber=ce1c18443f75782c84377254f05b97af1621f6ea7f016072e5bd23fb99306ebd, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:94:de:19:be:48:d2:11:58:ad:d8:fc:5b:82:
                    3f:4b:14:df:15:84:cf:c4:a9:c5:b5:a2:02:96:78:
                    8d:42:f2:cd:5e:80:ab:85:24:64:8f:5a:73:fc:9b:
                    d5:ea:bf:60:db:ba:76:2d:e0:a9:26:ea:58:33:e1:
                    f1:01:d6:fb:85:1f:1b:28:f4:65:5a:46:6d:c3:ae:
                    20:89:44:c9:22:c8:da:5a:56:7f:e3:5d:cc:ed:1d:
                    cd:00:e5:32:e3:63:81:df:47:db:a5:e9:33:df:97:
                    bb:20:82:0d:92:e6:75:b5:e0:f3:b2:fb:df:9f:61:
                    58:e1:a1:71:b0:2d:c2:0d:91:97:19:72:d7:21:7e:
                    fb:ef:d6:55:70:df:78:15:31:3f:e7:7c:a2:a6:31:
                    19:69:9d:0d:e6:74:3d:ec:71:8a:55:e6:f4:e1:4d:
                    e1:13:c0:46:59:c2:30:b4:24:7a:bb:a0:26:a3:d7:
                    2b:21:64:c0:a4:fa:64:db:e6:b6:a0:ce:28:0a:53:
                    b2:7e:cb:f9:6c:3b:fb:0f:12:e6:b2:3f:0b:a7:7f:
                    ab:4b:5a:46:51:c4:90:21:45:de:8d:d2:17:d7:a8:
                    f9:96:81:49:47:d0:35:09:17:c9:6e:7e:81:c3:ac:
                    47:19:de:9e:18:d2:d7:2c:47:45:0b:46:72:99:8a:
                    a3:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:84:73:24:73:9D:1F:A1:DF:7D:A9:0F:8B:1E:9E:2D:2E:32:13:8A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1b2bd2b2-f91b-4083-b23b-c01437c2891c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:f9:e2:25:e0:7e:d7:cc:76:5c:0a:7e:82:d8:1b:52:3f:fd:
         11:ee:16:25:00:8b:56:46:0f:08:36:d6:d2:8e:5f:8f:d2:1c:
         0e:ca:38:a7:40:dc:2b:76:56:2e:e0:a0:1d:bd:5c:84:d0:3b:
         9b:55:06:c8:b4:36:62:e1:64:68:5f:bf:95:f4:21:3b:62:3d:
         d4:e1:ed:c0:9c:91:93:54:af:2b:60:15:41:4a:e1:b5:95:40:
         14:97:ff:1f:aa:55:8c:95:1d:55:f1:e1:99:5e:60:50:8f:41:
         fa:bf:1c:04:a3:6a:c2:95:fc:5d:f0:ae:f5:6b:cd:db:14:54:
         1f:65:40:ba:5a:2b:d2:49:53:f4:74:d6:d6:b8:94:38:a8:60:
         6e:a1:40:a7:bf:3a:02:c2:9f:01:2d:92:9f:c8:b1:1b:da:54:
         3e:e3:5f:72:c0:ac:ea:6c:f6:b4:f4:fc:ad:38:0e:c0:16:63:
         e2:f6:f3:e6:1c:1c:95:78:dc:c0:9f:15:d5:a1:20:12:56:d7:
         a4:ca:75:22:87:ea:d4:ae:82:8f:cd:0e:82:f1:d3:7c:d9:5c:
         7a:e9:f9:36:a1:dd:8e:2e:93:ad:7f:6d:28:e9:25:85:f6:28:
         42:31:82:80:92:66:94:41:e3:5e:a9:7a:c2:ce:d0:ba:95:40:
         44:cd:84:a0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWDOUJJ3C4kCxs1u/ZDD5jalEjR8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjIxMDAwMDAwWhcNMjQwMzI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZTFjMTg0NDNmNzU3ODJjODQzNzcyNTRmMDViOTdhZjE2
MjFmNmVhN2YwMTYwNzJlNWJkMjNmYjk5MzA2ZWJkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0lN4ZvkjSEVit2Pxbgj9LFN8VhM/EqcW1ogKWeI1C8s1e
gKuFJGSPWnP8m9Xqv2DbunYt4Kkm6lgz4fEB1vuFHxso9GVaRm3DriCJRMkiyNpa
Vn/jXcztHc0A5TLjY4HfR9ul6TPfl7sggg2S5nW14POy+9+fYVjhoXGwLcINkZcZ
ctchfvvv1lVw33gVMT/nfKKmMRlpnQ3mdD3scYpV5vThTeETwEZZwjC0JHq7oCaj
1yshZMCk+mTb5ragzigKU7J+y/lsO/sPEuayPwunf6tLWkZRxJAhRd6N0hfXqPmW
gUlH0DUJF8lufoHDrEcZ3p4Y0tcsR0ULRnKZiqNxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAoRzJHOdH6HffakPix6eLS4yE4owHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFiMmJkMmIyLWY5MWItNDA4My1iMjNiLWMwMTQzN2MyODkxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAP54iXgftfMdlwKfoLYG1I//RHu
FiUAi1ZGDwg21tKOX4/SHA7KOKdA3Ct2Vi7goB29XITQO5tVBsi0NmLhZGhfv5X0
ITtiPdTh7cCckZNUrytgFUFK4bWVQBSX/x+qVYyVHVXx4ZleYFCPQfq/HASjasKV
/F3wrvVrzdsUVB9lQLpaK9JJU/R01ta4lDioYG6hQKe/OgLCnwEtkp/IsRvaVD7j
X3LArOps9rT0/K04DsAWY+L28+YcHJV43MCfFdWhIBJW16TKdSKH6tSugo/NDoLx
03zZXHrp+Tah3Y4uk61/bSjpJYX2KEIxgoCSZpRB416pesLO0LqVQETNhKA=
-----END CERTIFICATE-----