Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2723b56b-d49b-4d21-aa73-445aa79e9f1b.roa
File:                     2723b56b-d49b-4d21-aa73-445aa79e9f1b.roa (raw, json)
Hash identifier:          yi/hgXHcnhK0gxtLaLi6Q8IFBtiFNKp1fTcAc9P0GVs=
Subject key identifier:   97:70:AC:FE:BF:30:5D:64:50:A8:D9:85:19:5D:32:A7:5E:1B:6A:BF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4A9A2080A4E845CD468EF8BAEB5B31D69AE38E8E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2723b56b-d49b-4d21-aa73-445aa79e9f1b.roa
Signing time:             Sun 18 Feb 2024 00:00:00 +0000
ROA not before:           Sun 18 Feb 2024 00:00:00 +0000
ROA not after:            Sun 24 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:9a:20:80:a4:e8:45:cd:46:8e:f8:ba:eb:5b:31:d6:9a:e3:8e:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 18 00:00:00 2024 GMT
            Not After : Mar 24 23:59:59 2024 GMT
        Subject: serialNumber=8f05e391e97d48050cdf5792554c2a76af214cff9e0eb18bc7d77f673595e7a3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:df:e7:57:78:2b:6e:29:62:f5:69:ec:d5:7b:
                    fa:b1:46:94:bf:3e:c1:d5:61:99:c9:3a:b5:35:36:
                    57:1e:e9:71:60:b5:de:1a:ca:20:b4:b8:ad:20:f2:
                    13:e3:f5:95:d4:aa:8d:67:c1:83:bd:22:64:4b:7a:
                    b4:f0:44:c3:8f:73:dc:ce:9e:8e:36:e8:4b:da:87:
                    36:ef:6d:0f:79:99:41:33:0f:ff:d5:1a:83:82:d3:
                    3d:d3:51:af:39:6b:41:da:34:b4:ff:28:4c:92:dc:
                    ef:c3:e3:3a:8e:b6:33:7f:ed:19:da:3e:be:51:ce:
                    de:e8:2a:21:dd:0b:ff:8b:cb:ad:59:6b:94:ab:c8:
                    eb:64:c3:29:73:ec:b2:03:82:eb:d9:1b:a3:a4:20:
                    0a:f7:95:bf:44:50:6f:fa:dd:d1:34:33:1c:d0:80:
                    79:66:bb:07:8f:c7:39:23:19:77:c6:a9:8b:5e:39:
                    25:bd:ac:bb:0f:1b:a0:a2:71:1a:83:6b:24:27:05:
                    a4:3d:40:65:b6:24:46:38:c7:d8:b1:eb:dd:9d:f8:
                    25:6d:af:81:23:e1:91:64:4e:96:85:d4:5a:68:57:
                    eb:ec:7b:10:75:4b:84:03:99:6a:4a:79:45:aa:fe:
                    a5:3a:c2:0e:e3:de:46:9f:78:da:25:fc:d2:9b:f3:
                    55:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:70:AC:FE:BF:30:5D:64:50:A8:D9:85:19:5D:32:A7:5E:1B:6A:BF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2723b56b-d49b-4d21-aa73-445aa79e9f1b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:79:fa:46:b2:82:ec:25:ab:f1:8c:1e:99:3e:09:99:bf:6b:
         27:f0:0c:11:aa:f4:52:3a:7f:da:a1:2a:c1:8a:9d:55:88:90:
         5b:c6:3e:68:80:26:8f:c6:d9:5d:7c:1a:da:26:1d:b0:c8:38:
         45:e7:b3:04:c1:4a:ea:d7:cc:63:60:8f:84:77:34:1c:fd:36:
         b8:81:de:f3:8d:e5:68:3e:54:61:06:e2:ef:0a:92:53:0f:e9:
         b0:58:f2:b9:92:bf:8f:a9:21:0f:49:c6:cc:3a:02:6d:90:5e:
         80:47:6a:13:30:3d:51:65:64:58:12:82:a3:4b:99:c4:3e:36:
         91:95:b9:c8:3c:fd:4a:fe:ab:85:ed:64:e8:4f:63:08:ef:34:
         dd:c0:11:9f:b1:ce:f7:6f:b5:47:eb:b8:fe:19:ed:f0:68:44:
         87:bc:a1:4c:71:e2:70:38:1f:3d:4f:39:9c:89:0a:b9:1c:de:
         e0:c1:f3:ec:27:4c:71:e0:be:de:13:fc:74:ad:94:15:52:d1:
         dd:0b:ef:20:df:52:29:c4:ec:05:da:c0:f4:07:32:55:a1:3e:
         27:4d:d0:f3:82:24:f1:2d:f6:ab:c7:4b:a8:eb:cf:b9:ea:da:
         2a:6e:57:1f:96:e6:5d:fe:7b:31:ec:a5:ed:29:f5:e0:64:2c:
         8f:e2:a7:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSpoggKToRc1Gjvi661sx1prjjo4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjE4MDAwMDAwWhcNMjQwMzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZjA1ZTM5MWU5N2Q0ODA1MGNkZjU3OTI1NTRjMmE3NmFm
MjE0Y2ZmOWUwZWIxOGJjN2Q3N2Y2NzM1OTVlN2EzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC83+dXeCtuKWL1aezVe/qxRpS/PsHVYZnJOrU1Nlce6XFg
td4ayiC0uK0g8hPj9ZXUqo1nwYO9ImRLerTwRMOPc9zOno426EvahzbvbQ95mUEz
D//VGoOC0z3TUa85a0HaNLT/KEyS3O/D4zqOtjN/7RnaPr5Rzt7oKiHdC/+Ly61Z
a5SryOtkwylz7LIDguvZG6OkIAr3lb9EUG/63dE0MxzQgHlmuwePxzkjGXfGqYte
OSW9rLsPG6CicRqDayQnBaQ9QGW2JEY4x9ix692d+CVtr4Ej4ZFkTpaF1FpoV+vs
exB1S4QDmWpKeUWq/qU6wg7j3kafeNol/NKb81WVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUl3Cs/r8wXWRQqNmFGV0yp14bar8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI3MjNiNTZiLWQ0OWItNGQyMS1hYTczLTQ0NWFhNzllOWYxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJF5+kayguwlq/GMHpk+CZm/ayfw
DBGq9FI6f9qhKsGKnVWIkFvGPmiAJo/G2V18GtomHbDIOEXnswTBSurXzGNgj4R3
NBz9NriB3vON5Wg+VGEG4u8KklMP6bBY8rmSv4+pIQ9Jxsw6Am2QXoBHahMwPVFl
ZFgSgqNLmcQ+NpGVucg8/Ur+q4XtZOhPYwjvNN3AEZ+xzvdvtUfruP4Z7fBoRIe8
oUxx4nA4Hz1POZyJCrkc3uDB8+wnTHHgvt4T/HStlBVS0d0L7yDfUinE7AXawPQH
MlWhPidN0POCJPEt9qvHS6jrz7nq2ipuVx+W5l3+ezHspe0p9eBkLI/ipxU=
-----END CERTIFICATE-----