Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22903791-bbf6-4965-849e-d07191a83ebf.roa
File:                     22903791-bbf6-4965-849e-d07191a83ebf.roa (raw, json)
Hash identifier:          CSTX09i22/WMtoTcpLMCs6YNvHoK7Yy3IxSRDgNuR+g=
Subject key identifier:   AA:22:CA:1B:48:EB:C1:E6:85:15:90:3A:38:F3:DA:C0:84:AC:F9:8E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0D698198C5091F1C155AEE6842D2797BC038994C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22903791-bbf6-4965-849e-d07191a83ebf.roa
Signing time:             Wed 24 Apr 2024 00:00:00 +0000
ROA not before:           Wed 24 Apr 2024 00:00:00 +0000
ROA not after:            Wed 29 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:69:81:98:c5:09:1f:1c:15:5a:ee:68:42:d2:79:7b:c0:38:99:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 24 00:00:00 2024 GMT
            Not After : May 29 23:59:59 2024 GMT
        Subject: serialNumber=9848b4d0d01565d8d6f5ad0f1231d0c359db3c93539c71f879e8b74161ffa365, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:84:f1:c4:c2:55:49:79:9b:aa:ce:ad:e0:93:
                    c5:53:e5:7d:19:66:aa:72:1f:b9:59:db:1d:33:46:
                    6e:93:6f:78:f9:f8:ec:db:b1:14:ff:08:6e:b5:1b:
                    55:3e:df:c9:55:c2:06:e8:97:0a:83:4e:80:77:ec:
                    72:ac:fc:da:6d:04:0f:17:3a:97:cf:57:a9:25:fd:
                    76:88:f7:71:d9:d6:94:fe:4f:f8:ea:be:99:24:fc:
                    dd:0c:8a:9d:97:80:27:ba:d3:75:3d:9d:a3:e0:f3:
                    d5:a6:41:be:b8:6e:e7:d5:e7:a1:0b:81:8e:ee:7e:
                    f4:59:a5:ff:12:49:83:24:15:01:19:15:7a:8e:39:
                    f0:7a:a8:43:2e:09:da:8f:a2:7c:9b:d9:01:18:65:
                    de:13:2d:79:71:60:31:a0:40:61:a9:b0:18:c7:fb:
                    8a:82:66:ef:b6:3f:77:71:d3:63:f8:30:94:0a:0a:
                    56:f3:a9:c6:ef:f2:9f:c7:1e:91:47:d8:12:b1:df:
                    57:e6:be:f1:42:fb:08:4c:1a:ba:32:8a:c0:57:28:
                    b1:a3:ff:fb:f9:d8:6a:e1:88:cc:b2:d7:e4:e6:ee:
                    a0:60:5b:25:2b:49:ad:9a:5f:8e:1e:dd:62:13:3b:
                    24:ff:14:fd:85:3e:89:43:07:aa:1d:8c:a3:73:d6:
                    31:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:22:CA:1B:48:EB:C1:E6:85:15:90:3A:38:F3:DA:C0:84:AC:F9:8E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22903791-bbf6-4965-849e-d07191a83ebf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:3b:86:3d:ec:8e:94:42:4f:bc:0c:e6:03:b1:f1:de:fe:df:
         b2:cb:3b:d6:34:1a:9f:07:f3:91:0f:60:62:27:0f:80:51:9f:
         3e:d0:52:c8:e5:b4:bb:45:46:85:28:98:7a:e7:ca:e9:59:ad:
         84:e7:89:88:35:b6:9e:a4:9d:e5:65:53:c3:99:3b:c3:66:90:
         69:c4:85:c7:65:3a:e5:0f:0a:1d:25:a4:58:a1:1d:48:75:f2:
         7b:84:af:dd:ef:69:ab:57:04:c0:f8:5d:2c:ac:a4:58:9b:8e:
         df:5f:45:c2:ea:08:ce:4a:a3:b8:54:3c:91:3b:77:cc:c9:b5:
         b7:ce:c9:c7:9a:09:80:d3:06:1e:f5:6a:6f:e3:a4:f3:14:f4:
         4b:c1:68:14:5e:db:62:69:e7:a5:17:83:3c:9e:a0:e2:7a:64:
         5d:30:bd:1d:0e:06:a4:d9:76:dd:ab:ce:56:df:b5:09:f6:d2:
         02:3d:f4:65:36:c1:46:eb:33:72:8b:8c:71:d8:ad:be:06:51:
         90:3e:5e:ef:52:93:a8:95:0e:bc:29:21:82:24:e1:8b:4d:17:
         6a:20:94:ad:0a:f2:0f:a0:24:05:c3:0d:bd:a7:39:dc:2b:cc:
         63:47:e4:c7:bb:7c:dd:38:c5:7e:13:70:b4:00:bf:c2:60:93:
         76:d5:b3:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDWmBmMUJHxwVWu5oQtJ5e8A4mUwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDI0MDAwMDAwWhcNMjQwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ODQ4YjRkMGQwMTU2NWQ4ZDZmNWFkMGYxMjMxZDBjMzU5
ZGIzYzkzNTM5YzcxZjg3OWU4Yjc0MTYxZmZhMzY1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCihPHEwlVJeZuqzq3gk8VT5X0ZZqpyH7lZ2x0zRm6Tb3j5
+OzbsRT/CG61G1U+38lVwgbolwqDToB37HKs/NptBA8XOpfPV6kl/XaI93HZ1pT+
T/jqvpkk/N0Mip2XgCe603U9naPg89WmQb64bufV56ELgY7ufvRZpf8SSYMkFQEZ
FXqOOfB6qEMuCdqPonyb2QEYZd4TLXlxYDGgQGGpsBjH+4qCZu+2P3dx02P4MJQK
Clbzqcbv8p/HHpFH2BKx31fmvvFC+whMGroyisBXKLGj//v52GrhiMyy1+Tm7qBg
WyUrSa2aX44e3WITOyT/FP2FPolDB6odjKNz1jGdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqiLKG0jrweaFFZA6OPPawISs+Y4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIyOTAzNzkxLWJiZjYtNDk2NS04NDllLWQwNzE5MWE4M2ViZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJY7hj3sjpRCT7wM5gOx8d7+37LL
O9Y0Gp8H85EPYGInD4BRnz7QUsjltLtFRoUomHrnyulZrYTniYg1tp6kneVlU8OZ
O8NmkGnEhcdlOuUPCh0lpFihHUh18nuEr93vaatXBMD4XSyspFibjt9fRcLqCM5K
o7hUPJE7d8zJtbfOyceaCYDTBh71am/jpPMU9EvBaBRe22Jp56UXgzyeoOJ6ZF0w
vR0OBqTZdt2rzlbftQn20gI99GU2wUbrM3KLjHHYrb4GUZA+Xu9Sk6iVDrwpIYIk
4YtNF2oglK0K8g+gJAXDDb2nOdwrzGNH5Me7fN04xX4TcLQAv8Jgk3bVs8Q=
-----END CERTIFICATE-----