Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2e467334-4343-41a3-97f9-7909389493a2.roa
File:                     2e467334-4343-41a3-97f9-7909389493a2.roa (raw, json)
Hash identifier:          VrVDElCdhdtNzi3kiscqrZbSl1aTJF18KI23OUbpckg=
Subject key identifier:   3D:A2:88:7C:BA:39:CD:64:C9:2A:35:6C:94:A9:63:7E:F9:BD:37:20
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       293C0C7B3B960E223E1E9B30D1D5DF3AEAD3920E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2e467334-4343-41a3-97f9-7909389493a2.roa
Signing time:             Sun 28 Apr 2024 00:00:00 +0000
ROA not before:           Sun 28 Apr 2024 00:00:00 +0000
ROA not after:            Sun 02 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:3c:0c:7b:3b:96:0e:22:3e:1e:9b:30:d1:d5:df:3a:ea:d3:92:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 28 00:00:00 2024 GMT
            Not After : Jun  2 23:59:59 2024 GMT
        Subject: serialNumber=8265ac9d9fba570bdad1af1e6899cba12e444329d81a45bd61a03a78481af4cc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:93:fe:a4:bb:fc:6c:3b:52:01:e6:75:4e:97:
                    c2:ba:8d:fc:cd:65:1c:3a:03:2e:31:9d:28:7f:c4:
                    7c:28:8e:c9:2f:42:a0:b3:9f:5e:6c:86:4c:b0:b4:
                    40:5f:01:9a:7e:7c:e6:f9:94:5c:42:5d:6e:b2:02:
                    8a:48:b7:47:c4:bf:43:40:57:0f:97:d3:10:55:76:
                    f6:f9:fc:ca:7b:84:8e:06:eb:e1:99:e2:09:cc:ba:
                    c8:96:b5:5e:57:a8:8b:cf:d9:7c:21:fd:67:39:f1:
                    d1:49:73:0e:4c:db:d9:f7:ac:a5:10:13:ee:ce:0b:
                    4d:d2:0e:d1:87:2b:12:f3:67:dc:62:f3:93:b1:ac:
                    bd:5e:dc:0e:ed:38:05:c2:2d:7e:f5:41:14:a7:6b:
                    f9:93:e3:99:a4:3f:fa:19:fe:00:7a:b2:c1:42:de:
                    d5:ff:0c:da:fb:26:1e:23:d4:c8:90:d7:11:f7:2e:
                    68:47:3f:6e:37:17:9e:77:80:9e:a3:a1:49:a5:f2:
                    33:16:50:ce:d5:a0:41:e8:12:16:89:39:85:34:a1:
                    f5:fb:6d:31:47:8d:62:e0:ce:ef:b5:6a:ab:dd:64:
                    9a:12:2d:11:a2:74:5f:dc:8f:d6:fa:34:4e:20:4c:
                    c8:37:dd:11:da:d4:dd:61:dc:0e:d2:05:18:48:2d:
                    fd:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:A2:88:7C:BA:39:CD:64:C9:2A:35:6C:94:A9:63:7E:F9:BD:37:20
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2e467334-4343-41a3-97f9-7909389493a2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:64:fc:08:84:78:bb:18:79:78:af:5f:11:2b:8d:28:6b:1d:
         ae:b7:41:b0:c5:27:27:96:be:a1:8e:0e:44:7b:5b:51:02:2d:
         04:d3:02:33:0f:8a:09:37:29:c5:47:f0:c7:52:6a:94:20:c7:
         cb:3c:5d:65:2e:07:ae:35:37:36:bb:21:68:47:10:f3:cd:19:
         44:23:75:f0:c2:c1:22:a1:b5:36:9c:5e:77:80:04:6b:7e:80:
         ae:53:d1:39:0d:8c:c0:b3:9c:bf:43:89:43:72:3a:0e:ca:b9:
         39:40:88:49:a0:b6:46:52:33:33:fa:c8:0f:ec:20:92:a8:7a:
         cb:8d:72:6b:6e:43:b6:e3:8e:b7:2d:84:36:48:e7:fa:fb:99:
         5b:dc:68:90:09:c4:3e:d2:95:73:a4:82:b5:9e:70:c6:61:7a:
         50:7f:07:0f:e3:7d:81:df:be:ce:d2:10:60:7f:b7:bb:2b:be:
         ff:a6:18:bd:17:9c:86:ef:80:5a:af:e9:ab:cc:40:cd:84:f3:
         2d:27:be:4a:45:6e:90:14:94:5e:13:ac:4a:b5:35:eb:6b:68:
         fc:21:9c:55:d6:58:59:44:eb:a5:9f:f6:c6:29:3c:2c:32:c7:
         88:d5:ad:5e:94:0b:f6:51:55:e8:1a:29:93:3d:a6:35:55:4e:
         91:c0:75:a5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKTwMezuWDiI+Hpsw0dXfOurTkg4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDI4MDAwMDAwWhcNMjQwNjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MjY1YWM5ZDlmYmE1NzBiZGFkMWFmMWU2ODk5Y2JhMTJl
NDQ0MzI5ZDgxYTQ1YmQ2MWEwM2E3ODQ4MWFmNGNjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqk/6ku/xsO1IB5nVOl8K6jfzNZRw6Ay4xnSh/xHwojskv
QqCzn15shkywtEBfAZp+fOb5lFxCXW6yAopIt0fEv0NAVw+X0xBVdvb5/Mp7hI4G
6+GZ4gnMusiWtV5XqIvP2Xwh/Wc58dFJcw5M29n3rKUQE+7OC03SDtGHKxLzZ9xi
85OxrL1e3A7tOAXCLX71QRSna/mT45mkP/oZ/gB6ssFC3tX/DNr7Jh4j1MiQ1xH3
LmhHP243F553gJ6joUml8jMWUM7VoEHoEhaJOYU0ofX7bTFHjWLgzu+1aqvdZJoS
LRGidF/cj9b6NE4gTMg33RHa1N1h3A7SBRhILf1VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPaKIfLo5zWTJKjVslKljfvm9NyAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJlNDY3MzM0LTQzNDMtNDFhMy05N2Y5LTc5MDkzODk0OTNhMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ1k/AiEeLsYeXivXxErjShrHa63
QbDFJyeWvqGODkR7W1ECLQTTAjMPigk3KcVH8MdSapQgx8s8XWUuB641Nza7IWhH
EPPNGUQjdfDCwSKhtTacXneABGt+gK5T0TkNjMCznL9DiUNyOg7KuTlAiEmgtkZS
MzP6yA/sIJKoesuNcmtuQ7bjjrcthDZI5/r7mVvcaJAJxD7SlXOkgrWecMZhelB/
Bw/jfYHfvs7SEGB/t7srvv+mGL0XnIbvgFqv6avMQM2E8y0nvkpFbpAUlF4TrEq1
NetraPwhnFXWWFlE66Wf9sYpPCwyx4jVrV6UC/ZRVegaKZM9pjVVTpHAdaU=
-----END CERTIFICATE-----