Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/21d38ab1-76f6-46a1-b9e1-5e8ae4b6a9a4.roa
File:                     21d38ab1-76f6-46a1-b9e1-5e8ae4b6a9a4.roa (raw, json)
Hash identifier:          sqHCPxcuhUoWxjjaILtqbpahy11XHjlYxGKO8F5OGGU=
Subject key identifier:   DB:CC:F2:42:F1:35:F6:CE:AD:CA:0C:00:8E:A5:8B:94:AB:33:F1:1A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3FD4D7628E13E3D08417B998BB8D03C2ED7169EF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/21d38ab1-76f6-46a1-b9e1-5e8ae4b6a9a4.roa
Signing time:             Wed 10 Apr 2024 00:00:00 +0000
ROA not before:           Wed 10 Apr 2024 00:00:00 +0000
ROA not after:            Wed 15 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:d4:d7:62:8e:13:e3:d0:84:17:b9:98:bb:8d:03:c2:ed:71:69:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 10 00:00:00 2024 GMT
            Not After : May 15 23:59:59 2024 GMT
        Subject: serialNumber=697b992983272d82cd8eb31e5e61ec419c668bcb6a1da363d209e2c2f533a54a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f8:b7:2d:97:1e:14:2d:86:a6:34:b1:27:c1:
                    6c:cb:b7:fc:e2:78:18:c7:26:75:f5:bf:fe:1f:87:
                    6f:61:b9:c5:c3:18:b7:2e:58:cf:d9:91:02:41:c7:
                    af:f2:1d:7b:c6:90:75:75:1e:26:1a:f4:8c:79:22:
                    35:35:a0:91:24:01:30:ce:7a:af:cc:66:7a:f3:f8:
                    54:8f:78:4c:0e:ea:ee:24:75:67:7c:34:b0:ab:de:
                    27:a8:38:20:57:29:43:17:aa:84:8b:f6:cc:b9:4e:
                    a1:55:6a:41:fd:8b:ce:c8:b4:57:74:33:3c:7f:89:
                    75:d0:61:31:2b:2b:90:41:06:6e:39:c6:52:22:2a:
                    76:d0:7b:59:8f:fe:92:ae:67:47:a0:9f:5d:2d:0e:
                    17:cb:81:88:fa:ac:51:45:52:67:ad:0a:aa:6d:73:
                    0d:cf:8b:35:59:bb:34:c1:d7:b6:35:64:e3:3a:4b:
                    b1:75:fd:a1:ca:d5:48:f7:ca:f8:2a:c2:66:65:d0:
                    94:9a:9a:a4:7d:f1:8a:d9:c6:95:e7:56:3d:63:5d:
                    7a:27:93:43:6b:bd:f0:ca:a2:4c:04:39:16:d7:e1:
                    1b:e7:31:8c:f7:9a:0a:2f:21:c3:4f:fb:9a:ef:bb:
                    02:30:a1:0a:43:6c:0f:ec:46:c2:a7:c5:ba:dd:0e:
                    b6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:CC:F2:42:F1:35:F6:CE:AD:CA:0C:00:8E:A5:8B:94:AB:33:F1:1A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/21d38ab1-76f6-46a1-b9e1-5e8ae4b6a9a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:55:59:76:59:35:a9:aa:0b:1e:85:c3:99:6e:5c:95:93:6f:
         b5:27:65:b9:9d:2b:32:46:dd:72:dc:77:2d:9d:49:0b:c6:8c:
         90:c1:e8:11:0f:a0:c2:09:8b:0c:fc:a3:83:da:6d:4c:37:14:
         8f:68:1e:45:43:ef:d2:ff:d1:6f:ac:9e:19:6c:a8:89:2b:ba:
         9a:29:7f:a1:bc:c0:58:16:45:04:08:44:35:0b:88:85:90:91:
         1e:cc:93:91:25:3e:63:2e:c3:2c:2d:d6:4f:a4:fa:03:3a:7c:
         15:da:cd:e7:81:e6:18:71:99:52:40:c6:31:bb:56:49:57:ce:
         49:67:2a:4f:9f:b0:bb:5b:66:76:03:af:cb:80:0e:fc:76:2e:
         36:8b:9d:9b:04:0e:df:cb:81:65:93:47:82:dc:8a:5a:a3:32:
         10:c2:5b:3e:75:f1:c9:1a:2a:08:be:a7:47:ea:b8:75:ee:fd:
         c3:f6:47:25:09:9f:21:49:d9:43:ed:34:9c:bc:9c:71:ee:3d:
         8b:8c:2b:f5:64:12:7e:35:b2:ff:ae:d6:3b:ad:34:c1:af:0a:
         c2:98:ab:04:c4:e1:7d:c7:f7:11:06:bf:13:11:ae:50:e6:80:
         b1:b7:f5:1a:48:b6:c6:07:7c:e2:16:64:6c:cc:64:0b:90:04:
         c8:92:4d:9a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP9TXYo4T49CEF7mYu40Dwu1xae8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDEwMDAwMDAwWhcNMjQwNTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTdiOTkyOTgzMjcyZDgyY2Q4ZWIzMWU1ZTYxZWM0MTlj
NjY4YmNiNmExZGEzNjNkMjA5ZTJjMmY1MzNhNTRhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCu+Lctlx4ULYamNLEnwWzLt/zieBjHJnX1v/4fh29hucXD
GLcuWM/ZkQJBx6/yHXvGkHV1HiYa9Ix5IjU1oJEkATDOeq/MZnrz+FSPeEwO6u4k
dWd8NLCr3ieoOCBXKUMXqoSL9sy5TqFVakH9i87ItFd0Mzx/iXXQYTErK5BBBm45
xlIiKnbQe1mP/pKuZ0egn10tDhfLgYj6rFFFUmetCqptcw3PizVZuzTB17Y1ZOM6
S7F1/aHK1Uj3yvgqwmZl0JSamqR98YrZxpXnVj1jXXonk0NrvfDKokwEORbX4Rvn
MYz3mgovIcNP+5rvuwIwoQpDbA/sRsKnxbrdDrZrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU28zyQvE19s6tygwAjqWLlKsz8RowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIxZDM4YWIxLTc2ZjYtNDZhMS1iOWUxLTVlOGFlNGI2YTlhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJBVWXZZNamqCx6Fw5luXJWTb7Un
ZbmdKzJG3XLcdy2dSQvGjJDB6BEPoMIJiwz8o4PabUw3FI9oHkVD79L/0W+snhls
qIkrupopf6G8wFgWRQQIRDULiIWQkR7Mk5ElPmMuwywt1k+k+gM6fBXazeeB5hhx
mVJAxjG7VklXzklnKk+fsLtbZnYDr8uADvx2LjaLnZsEDt/LgWWTR4LcilqjMhDC
Wz518ckaKgi+p0fquHXu/cP2RyUJnyFJ2UPtNJy8nHHuPYuMK/VkEn41sv+u1jut
NMGvCsKYqwTE4X3H9xEGvxMRrlDmgLG39RpItsYHfOIWZGzMZAuQBMiSTZo=
-----END CERTIFICATE-----