Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7335a0fb-629b-422a-b9db-f6330c7645f3.roa
File:                     7335a0fb-629b-422a-b9db-f6330c7645f3.roa (raw, json)
Hash identifier:          7IvvZvp1PB4PdM2uUlfSfFRHV8SNMTHLLWKc+WLPjw8=
Subject key identifier:   20:10:CE:F2:08:77:49:AA:99:E5:A8:5C:5D:A9:34:D9:62:79:47:1E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2CDFCEFB312BED2D5E77790589D04ECEBFCC0FAD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7335a0fb-629b-422a-b9db-f6330c7645f3.roa
Signing time:             Tue 20 Feb 2024 00:00:00 +0000
ROA not before:           Tue 20 Feb 2024 00:00:00 +0000
ROA not after:            Tue 26 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:df:ce:fb:31:2b:ed:2d:5e:77:79:05:89:d0:4e:ce:bf:cc:0f:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 20 00:00:00 2024 GMT
            Not After : Mar 26 23:59:59 2024 GMT
        Subject: serialNumber=23cfda2cb5ccb17003a5d0bd9f06f2e4dc129bf67104c16e6dd7858c8c6e2cc7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:26:e4:5f:e2:b7:32:31:c0:07:75:cd:24:60:
                    fc:32:ad:56:a0:51:dc:d8:31:82:f6:1b:c7:66:e9:
                    df:c7:36:6e:48:01:13:00:58:f0:15:24:09:c7:d3:
                    ea:46:58:43:45:26:3d:dc:c9:a7:17:b0:84:1a:bb:
                    48:ac:8a:32:bd:58:65:c2:d0:d0:ed:2e:47:a2:ce:
                    48:92:3e:67:05:f0:fa:eb:ce:89:58:96:0e:91:b7:
                    67:9a:ee:8d:f4:91:4a:6d:81:d0:39:68:a5:03:c9:
                    be:03:14:10:df:7b:56:6e:dd:9a:10:6a:e3:cb:28:
                    49:f5:eb:91:77:6e:9a:36:89:e7:1a:ef:0d:53:1d:
                    7c:b3:17:f8:64:65:a3:52:f5:42:8a:43:c1:29:5e:
                    be:de:d5:49:00:49:a2:b3:57:44:9b:85:49:c5:b5:
                    de:ea:48:85:bc:ec:fb:14:4c:44:67:1f:db:93:d7:
                    3a:b3:ed:e8:6d:64:c1:ea:22:ac:7e:94:e2:6e:dc:
                    4f:7f:ed:40:1a:ca:34:ba:86:de:6d:43:91:fb:80:
                    4b:e0:1e:36:d8:fe:71:c4:54:34:1a:5b:67:38:2e:
                    4c:87:a3:2f:1f:f4:dc:57:61:ea:de:c9:99:1f:8e:
                    c2:8c:5a:3a:c7:28:11:16:21:9d:a9:46:4c:f7:60:
                    80:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:10:CE:F2:08:77:49:AA:99:E5:A8:5C:5D:A9:34:D9:62:79:47:1E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7335a0fb-629b-422a-b9db-f6330c7645f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:5b:db:cd:0a:b0:62:e1:63:ed:45:cf:92:ef:f9:99:c9:68:
         34:95:3a:d2:24:0b:94:ab:80:84:5a:31:8e:f3:26:08:c4:55:
         9c:3a:f2:ec:a6:0e:43:c5:f8:c9:e1:e8:4a:1e:61:62:4b:52:
         a3:20:3c:1f:74:83:99:eb:20:84:ea:08:d1:cf:bf:e0:71:cb:
         2a:b5:89:a7:2a:c5:58:94:31:8c:61:87:36:a6:78:fd:7c:19:
         dd:5c:c3:09:a8:63:0e:de:30:93:05:76:d8:d1:74:bb:3d:a1:
         f4:13:b0:09:4a:9f:0d:72:ff:fb:40:7b:af:28:b7:0f:d4:e8:
         c0:08:db:b2:d7:df:e0:da:8f:a6:68:27:a9:b7:48:f9:ed:88:
         b6:ce:31:73:70:36:b5:ca:4a:92:22:97:84:0f:7e:47:1d:22:
         11:ff:19:de:ac:6c:31:18:b2:74:e9:c7:14:de:3d:56:66:d2:
         4d:2f:a0:72:c6:82:ff:95:8b:7e:5f:29:d2:5c:e5:f2:5c:ad:
         ca:c1:84:de:91:3f:43:49:0f:9e:c1:c0:82:08:cd:e4:f2:fe:
         52:92:b9:30:00:77:6a:e5:f7:9b:62:1b:32:c0:16:e3:d4:ef:
         35:0a:47:9e:3d:54:5e:2c:ef:36:6a:59:4d:52:0e:d7:55:7d:
         1b:be:3f:5c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULN/O+zEr7S1ed3kFidBOzr/MD60wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjIwMDAwMDAwWhcNMjQwMzI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyM2NmZGEyY2I1Y2NiMTcwMDNhNWQwYmQ5ZjA2ZjJlNGRj
MTI5YmY2NzEwNGMxNmU2ZGQ3ODU4YzhjNmUyY2M3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClJuRf4rcyMcAHdc0kYPwyrVagUdzYMYL2G8dm6d/HNm5I
ARMAWPAVJAnH0+pGWENFJj3cyacXsIQau0isijK9WGXC0NDtLkeizkiSPmcF8Prr
zolYlg6Rt2ea7o30kUptgdA5aKUDyb4DFBDfe1Zu3ZoQauPLKEn165F3bpo2ieca
7w1THXyzF/hkZaNS9UKKQ8EpXr7e1UkASaKzV0SbhUnFtd7qSIW87PsUTERnH9uT
1zqz7ehtZMHqIqx+lOJu3E9/7UAayjS6ht5tQ5H7gEvgHjbY/nHEVDQaW2c4LkyH
oy8f9NxXYereyZkfjsKMWjrHKBEWIZ2pRkz3YIBVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIBDO8gh3SaqZ5ahcXak02WJ5Rx4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzczMzVhMGZiLTYyOWItNDIyYS1iOWRiLWY2MzMwYzc2NDVmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJdb280KsGLhY+1Fz5Lv+ZnJaDSV
OtIkC5SrgIRaMY7zJgjEVZw68uymDkPF+Mnh6EoeYWJLUqMgPB90g5nrIITqCNHP
v+Bxyyq1iacqxViUMYxhhzameP18Gd1cwwmoYw7eMJMFdtjRdLs9ofQTsAlKnw1y
//tAe68otw/U6MAI27LX3+Daj6ZoJ6m3SPntiLbOMXNwNrXKSpIil4QPfkcdIhH/
Gd6sbDEYsnTpxxTePVZm0k0voHLGgv+Vi35fKdJc5fJcrcrBhN6RP0NJD57BwIII
zeTy/lKSuTAAd2rl95tiGzLAFuPU7zUKR549VF4s7zZqWU1SDtdVfRu+P1w=
-----END CERTIFICATE-----