Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/560d4365-b88a-4142-94c4-5331a1d83b11.roa
File:                     560d4365-b88a-4142-94c4-5331a1d83b11.roa (raw, json)
Hash identifier:          H+T9qPtfuGkjVHbGO6ijvyQpvQi6wmZRAxsrDjDTsD0=
Subject key identifier:   23:70:3F:5E:D0:8A:E5:F5:41:AF:13:3C:85:8F:53:E6:C8:88:BF:D2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       474EFA401C5006890B170F9F3FFC4EBCEDFB0F83
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/560d4365-b88a-4142-94c4-5331a1d83b11.roa
Signing time:             Thu 25 Apr 2024 00:00:00 +0000
ROA not before:           Thu 25 Apr 2024 00:00:00 +0000
ROA not after:            Thu 30 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:4e:fa:40:1c:50:06:89:0b:17:0f:9f:3f:fc:4e:bc:ed:fb:0f:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 25 00:00:00 2024 GMT
            Not After : May 30 23:59:59 2024 GMT
        Subject: serialNumber=cf774b48c25809dc7e063fae87dd282034c9b7cc4c1c2a7aa3d268858c9ea8ea, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5a:6c:63:5f:7e:6b:cd:1b:ef:b8:8a:5b:62:
                    7b:44:e9:e7:2f:e7:96:34:b7:42:b7:f9:65:10:97:
                    13:12:04:6c:ae:d8:a9:a8:9e:fa:51:84:c6:52:ae:
                    a8:e0:94:83:90:48:42:15:c3:50:20:30:a5:27:85:
                    14:08:18:78:7e:8f:09:27:0a:5c:6e:fc:f1:ab:b4:
                    39:03:30:f9:7c:61:cc:68:b5:11:97:59:c2:43:cf:
                    1a:62:e0:71:80:e5:d7:bf:02:ac:a0:06:1f:1c:f9:
                    c9:1f:36:3c:55:ed:e6:07:87:55:59:2f:ae:0b:43:
                    75:f7:8d:2f:63:0a:c0:21:8f:73:f5:12:13:1e:eb:
                    a0:65:66:39:18:b0:36:33:69:48:8a:57:43:cb:80:
                    f2:b5:fa:63:1d:de:c6:3e:f4:58:fa:7f:9b:b2:b1:
                    c1:68:2c:14:02:24:ca:53:ea:32:22:13:87:7e:8b:
                    32:6a:54:1f:bf:a1:8c:b9:a8:0b:a3:16:d5:0a:ca:
                    7b:7b:19:7d:34:db:eb:38:2b:21:2b:65:a8:75:86:
                    29:a0:c8:f1:d8:b7:f2:a1:33:82:5c:db:40:a0:88:
                    0e:9e:b3:bd:73:01:23:2a:6f:9e:72:ff:f3:34:a8:
                    63:f4:95:51:de:6b:33:96:f9:74:b1:99:e9:ef:be:
                    eb:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:70:3F:5E:D0:8A:E5:F5:41:AF:13:3C:85:8F:53:E6:C8:88:BF:D2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/560d4365-b88a-4142-94c4-5331a1d83b11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:8c:6c:82:0f:14:0a:23:55:f0:eb:38:8c:db:f2:f7:3b:70:
         58:44:6f:0f:b4:ee:81:1f:ed:ec:3a:02:0d:9f:8a:4e:ee:7d:
         e9:37:68:3d:5e:42:cc:7b:95:7d:5a:7b:a4:08:4f:07:35:ec:
         d0:99:e3:c7:ac:cf:72:fd:9f:ca:32:36:64:cc:af:2e:1d:c7:
         09:c0:85:e0:83:69:ba:ec:a5:d9:54:3c:c0:90:03:c4:24:cb:
         b0:2f:46:2a:c3:b8:1a:58:d5:1c:0c:55:02:7e:d2:cf:ec:15:
         fd:7e:af:cf:36:6f:6c:8e:1b:ce:e8:2f:ff:31:a0:0e:6b:ca:
         ea:92:4d:b4:29:f8:6e:4b:2d:f7:1e:4d:76:2d:74:f0:3c:b0:
         45:cf:38:d8:30:13:94:8f:71:81:ed:5f:75:74:db:e2:7d:f1:
         c5:e6:bc:a0:73:9d:47:d4:21:59:aa:cb:87:8a:7b:d8:02:b0:
         ee:62:fa:54:c1:89:75:36:33:6b:7c:d6:74:6e:ce:b6:62:1f:
         ee:79:89:a7:62:79:05:4f:d4:ee:ea:8b:02:11:b4:79:ab:46:
         d4:d3:c3:51:dd:ca:b2:94:f4:8b:af:f6:56:16:cc:cb:bd:b4:
         96:cd:5f:a5:07:80:2c:36:72:4b:f8:62:dc:11:63:d8:b6:c3:
         fa:0c:93:33
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR076QBxQBokLFw+fP/xOvO37D4MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDI1MDAwMDAwWhcNMjQwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZjc3NGI0OGMyNTgwOWRjN2UwNjNmYWU4N2RkMjgyMDM0
YzliN2NjNGMxYzJhN2FhM2QyNjg4NThjOWVhOGVhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwWmxjX35rzRvvuIpbYntE6ecv55Y0t0K3+WUQlxMSBGyu
2KmonvpRhMZSrqjglIOQSEIVw1AgMKUnhRQIGHh+jwknClxu/PGrtDkDMPl8Ycxo
tRGXWcJDzxpi4HGA5de/AqygBh8c+ckfNjxV7eYHh1VZL64LQ3X3jS9jCsAhj3P1
EhMe66BlZjkYsDYzaUiKV0PLgPK1+mMd3sY+9Fj6f5uyscFoLBQCJMpT6jIiE4d+
izJqVB+/oYy5qAujFtUKynt7GX002+s4KyErZah1himgyPHYt/KhM4Jc20CgiA6e
s71zASMqb55y//M0qGP0lVHeazOW+XSxmenvvuv5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUI3A/XtCK5fVBrxM8hY9T5siIv9IwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU2MGQ0MzY1LWI4OGEtNDE0Mi05NGM0LTUzMzFhMWQ4M2IxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFqMbIIPFAojVfDrOIzb8vc7cFhE
bw+07oEf7ew6Ag2fik7ufek3aD1eQsx7lX1ae6QITwc17NCZ48esz3L9n8oyNmTM
ry4dxwnAheCDabrspdlUPMCQA8Qky7AvRirDuBpY1RwMVQJ+0s/sFf1+r882b2yO
G87oL/8xoA5ryuqSTbQp+G5LLfceTXYtdPA8sEXPONgwE5SPcYHtX3V02+J98cXm
vKBznUfUIVmqy4eKe9gCsO5i+lTBiXU2M2t81nRuzrZiH+55iadieQVP1O7qiwIR
tHmrRtTTw1HdyrKU9Iuv9lYWzMu9tJbNX6UHgCw2ckv4YtwRY9i2w/oMkzM=
-----END CERTIFICATE-----