Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4d45a98a-efaf-4ae6-a635-93dd03714377.roa
File:                     4d45a98a-efaf-4ae6-a635-93dd03714377.roa (raw, json)
Hash identifier:          Py+6nqt/Zn5M3t9RLbsV4FiO24Cfi4c9V5mU7jl+q4o=
Subject key identifier:   3A:D0:CF:15:5E:49:44:EA:AF:BB:34:C4:F4:43:9C:C1:E9:0E:56:F0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4B040910BA76124E376A4AE70B9D35EC97B6DA8C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4d45a98a-efaf-4ae6-a635-93dd03714377.roa
Signing time:             Tue 19 Mar 2024 00:00:00 +0000
ROA not before:           Tue 19 Mar 2024 00:00:00 +0000
ROA not after:            Tue 23 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:04:09:10:ba:76:12:4e:37:6a:4a:e7:0b:9d:35:ec:97:b6:da:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 19 00:00:00 2024 GMT
            Not After : Apr 23 23:59:59 2024 GMT
        Subject: serialNumber=5b1e3820ef646fcf9b965ce431d0a11943b507e08c204ef6e09bf1c29e430ef6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0b:a4:7e:fb:d2:94:3e:15:d4:d6:5a:3c:54:
                    e4:db:93:72:f0:aa:a1:ed:d2:6c:21:f2:0a:83:a8:
                    ac:79:a7:77:0c:93:65:ce:02:26:db:be:92:e8:39:
                    dd:d5:88:a3:33:ff:70:f0:70:7e:0d:b0:c5:7d:43:
                    0d:bd:00:7c:4a:29:cc:29:4a:c9:91:35:4e:48:19:
                    ad:ce:4d:04:61:c0:3a:90:49:f3:a7:a9:66:0a:ff:
                    9f:ac:46:d4:85:7f:fd:24:e6:ca:64:bc:62:6e:af:
                    0a:85:0b:dc:d4:35:83:f3:0d:d0:0e:48:00:16:df:
                    7f:f0:d9:0c:62:14:68:55:23:71:64:51:4e:1c:2e:
                    94:9c:a1:46:e5:45:72:f2:fb:44:fa:5b:89:16:c7:
                    06:18:2d:5f:5c:58:29:2d:87:b9:72:40:4a:28:d0:
                    bc:12:ae:70:26:89:96:c6:5d:58:ad:1c:0d:da:2e:
                    12:92:d5:22:c4:a3:99:9f:33:e9:9d:73:95:1b:1e:
                    5d:c9:e2:bc:0f:67:14:a1:02:cd:a6:1b:ef:02:84:
                    89:cf:9e:67:ed:5b:50:6d:96:b6:7d:68:42:49:80:
                    ad:a6:17:27:2d:28:30:56:51:84:2d:c3:48:57:e7:
                    d6:b4:d4:25:2b:07:a2:dc:f2:16:10:bd:68:6f:9c:
                    2a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:D0:CF:15:5E:49:44:EA:AF:BB:34:C4:F4:43:9C:C1:E9:0E:56:F0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4d45a98a-efaf-4ae6-a635-93dd03714377.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:90:68:84:7b:21:63:7a:b2:08:57:c3:95:24:c9:71:eb:c1:
         6a:94:28:59:1d:1f:54:31:cd:ff:35:25:cf:cb:84:85:5b:55:
         a5:ca:7f:96:12:2a:77:82:a3:dd:ef:e5:41:af:62:6c:6b:41:
         1f:fb:1e:2c:a6:28:68:25:6a:51:19:55:46:3b:34:d8:1b:d0:
         9d:8c:40:f8:a1:35:c2:4d:ba:08:00:86:f7:28:af:05:0b:bc:
         79:bb:b8:e4:85:2e:e8:24:47:30:ab:44:b5:0e:4d:f2:88:d2:
         23:4d:a6:ac:2b:55:d0:05:41:38:37:20:10:c7:e7:43:97:d4:
         70:1f:a7:ab:98:08:47:6a:ec:86:84:72:fe:8e:e7:29:45:15:
         9c:f2:57:28:8e:cc:96:a6:29:0b:80:a5:1a:24:be:39:a3:3e:
         d2:4b:a5:3d:5d:6c:6d:32:97:17:84:6c:30:72:39:db:2b:76:
         01:d1:1b:bd:75:62:bc:a2:b2:ed:f7:5e:d0:fe:b6:26:95:2e:
         08:61:bc:06:33:28:dc:3c:76:e8:ed:48:1e:41:64:6d:e2:67:
         51:d4:16:03:16:fa:92:c9:7e:b7:80:76:05:53:cf:b6:7c:dc:
         ff:4b:9f:3b:96:72:d5:94:4f:58:d3:13:7f:b1:f7:c2:76:62:
         fc:3b:48:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSwQJELp2Ek43akrnC5017Je22owwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzE5MDAwMDAwWhcNMjQwNDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YjFlMzgyMGVmNjQ2ZmNmOWI5NjVjZTQzMWQwYTExOTQz
YjUwN2UwOGMyMDRlZjZlMDliZjFjMjllNDMwZWY2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0C6R++9KUPhXU1lo8VOTbk3LwqqHt0mwh8gqDqKx5p3cM
k2XOAibbvpLoOd3ViKMz/3DwcH4NsMV9Qw29AHxKKcwpSsmRNU5IGa3OTQRhwDqQ
SfOnqWYK/5+sRtSFf/0k5spkvGJurwqFC9zUNYPzDdAOSAAW33/w2QxiFGhVI3Fk
UU4cLpScoUblRXLy+0T6W4kWxwYYLV9cWCkth7lyQEoo0LwSrnAmiZbGXVitHA3a
LhKS1SLEo5mfM+mdc5UbHl3J4rwPZxShAs2mG+8ChInPnmftW1BtlrZ9aEJJgK2m
FyctKDBWUYQtw0hX59a01CUrB6Lc8hYQvWhvnCoDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOtDPFV5JROqvuzTE9EOcwekOVvAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRkNDVhOThhLWVmYWYtNGFlNi1hNjM1LTkzZGQwMzcxNDM3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHOQaIR7IWN6sghXw5UkyXHrwWqU
KFkdH1Qxzf81Jc/LhIVbVaXKf5YSKneCo93v5UGvYmxrQR/7HiymKGglalEZVUY7
NNgb0J2MQPihNcJNuggAhvcorwULvHm7uOSFLugkRzCrRLUOTfKI0iNNpqwrVdAF
QTg3IBDH50OX1HAfp6uYCEdq7IaEcv6O5ylFFZzyVyiOzJamKQuApRokvjmjPtJL
pT1dbG0ylxeEbDByOdsrdgHRG711Yryisu33XtD+tiaVLghhvAYzKNw8dujtSB5B
ZG3iZ1HUFgMW+pLJfreAdgVTz7Z83P9LnzuWctWUT1jTE3+x98J2Yvw7SMA=
-----END CERTIFICATE-----