Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/791db3e1-d4f2-426d-b06a-1482482b8fac.roa
File:                     791db3e1-d4f2-426d-b06a-1482482b8fac.roa (raw, json)
Hash identifier:          dIyVRkYat8kD9kmq3KjW4zmO12l3wQTMu+M3Sj3m3tI=
Subject key identifier:   27:46:3A:E4:91:15:9C:5C:7C:B2:AE:EB:0D:D7:46:F7:3A:A5:8B:BC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5D8E859914C8642943C0B57BC0657C0131179169
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/791db3e1-d4f2-426d-b06a-1482482b8fac.roa
Signing time:             Wed 20 Mar 2024 00:00:00 +0000
ROA not before:           Wed 20 Mar 2024 00:00:00 +0000
ROA not after:            Wed 24 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:8e:85:99:14:c8:64:29:43:c0:b5:7b:c0:65:7c:01:31:17:91:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 20 00:00:00 2024 GMT
            Not After : Apr 24 23:59:59 2024 GMT
        Subject: serialNumber=d1b28049101e7fee33a948d0b382a5860aaae92d46f52d07dd55b6953343d26c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ae:69:24:ab:d4:17:bb:da:81:a5:7e:f0:7b:
                    3e:22:2c:19:3b:a2:c5:33:82:74:9b:b5:65:95:1f:
                    5c:8b:be:a8:0c:f8:ff:96:2e:e8:52:64:64:8a:82:
                    68:0e:05:25:ed:fd:fa:79:67:3e:36:5b:c5:fe:4c:
                    88:aa:45:01:62:ea:9d:48:dc:f1:aa:0c:cb:0b:77:
                    71:60:0b:4c:bf:75:08:26:b4:c4:18:39:54:30:35:
                    ba:6e:c2:05:a7:f0:05:36:31:e4:d9:a3:aa:d1:56:
                    5c:fe:9d:7d:d2:a4:73:fa:f2:cb:88:1c:eb:1e:82:
                    4e:9e:ae:95:35:09:cc:66:88:6b:b1:51:d7:30:dc:
                    73:41:83:7f:86:39:f1:b1:31:83:af:c4:f4:49:c3:
                    44:c5:f0:b2:65:96:c8:0d:40:15:7f:53:f5:fd:bb:
                    f0:88:f4:a8:2b:72:cd:af:aa:2c:ea:5c:f2:70:a5:
                    e1:a2:0d:62:9a:49:36:1f:c5:a2:05:80:a5:0b:3e:
                    14:c0:67:ca:5e:6a:4e:81:4a:14:93:b7:05:79:d3:
                    a0:8b:ac:96:bd:d2:89:75:51:e9:73:51:41:7e:00:
                    05:47:b2:59:1e:e3:a2:19:6b:b2:d9:3e:8f:90:23:
                    54:fe:70:4f:d0:6f:14:a2:2f:da:c0:85:27:f2:4e:
                    4f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:46:3A:E4:91:15:9C:5C:7C:B2:AE:EB:0D:D7:46:F7:3A:A5:8B:BC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/791db3e1-d4f2-426d-b06a-1482482b8fac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:b3:54:4f:be:22:74:76:ea:93:40:29:b1:af:f9:6f:1b:8d:
         d2:66:08:52:13:37:52:11:39:7e:6f:ae:44:71:34:5f:6a:41:
         d8:05:29:84:8a:45:c7:95:e3:94:95:b3:af:36:86:ad:4b:16:
         82:36:e6:47:8f:69:86:e1:11:7d:37:b1:a8:06:de:44:46:07:
         1b:42:8c:67:a8:f0:c5:66:62:4e:b3:27:78:53:6d:90:80:b4:
         0f:15:cb:2d:24:17:d8:c9:01:b9:c1:72:2f:a5:e9:dd:5c:75:
         b5:65:7d:4f:e0:80:56:32:4c:06:36:bb:a1:82:90:ac:96:93:
         6a:e8:24:bc:bf:ec:22:79:b3:4a:db:f2:4d:48:24:a6:5e:a6:
         6e:d6:50:5a:73:66:32:cf:ec:ce:6c:05:ca:3c:77:4f:79:ec:
         44:60:4f:28:cc:c3:cd:c3:1f:30:d6:aa:7b:f5:75:47:02:55:
         fb:18:9c:91:35:14:a6:1b:2a:48:1f:75:01:ba:cf:f7:a3:77:
         26:17:79:be:13:9a:94:b2:a3:e7:8d:ba:24:63:7c:16:52:79:
         65:a5:d7:ec:19:2c:9e:7d:04:6c:5c:27:06:25:43:f9:62:23:
         4f:66:97:2f:17:8c:b1:b5:2f:c5:c4:c7:1a:0a:5d:f3:17:d6:
         07:14:fa:4a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXY6FmRTIZClDwLV7wGV8ATEXkWkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzIwMDAwMDAwWhcNMjQwNDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMWIyODA0OTEwMWU3ZmVlMzNhOTQ4ZDBiMzgyYTU4NjBh
YWFlOTJkNDZmNTJkMDdkZDU1YjY5NTMzNDNkMjZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvrmkkq9QXu9qBpX7wez4iLBk7osUzgnSbtWWVH1yLvqgM
+P+WLuhSZGSKgmgOBSXt/fp5Zz42W8X+TIiqRQFi6p1I3PGqDMsLd3FgC0y/dQgm
tMQYOVQwNbpuwgWn8AU2MeTZo6rRVlz+nX3SpHP68suIHOsegk6erpU1CcxmiGux
Udcw3HNBg3+GOfGxMYOvxPRJw0TF8LJllsgNQBV/U/X9u/CI9Kgrcs2vqizqXPJw
peGiDWKaSTYfxaIFgKULPhTAZ8peak6BShSTtwV506CLrJa90ol1UelzUUF+AAVH
slke46IZa7LZPo+QI1T+cE/QbxSiL9rAhSfyTk95AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJ0Y65JEVnFx8sq7rDddG9zqli7wwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc5MWRiM2UxLWQ0ZjItNDI2ZC1iMDZhLTE0ODI0ODJiOGZhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACmzVE++InR26pNAKbGv+W8bjdJm
CFITN1IROX5vrkRxNF9qQdgFKYSKRceV45SVs682hq1LFoI25kePaYbhEX03sagG
3kRGBxtCjGeo8MVmYk6zJ3hTbZCAtA8Vyy0kF9jJAbnBci+l6d1cdbVlfU/ggFYy
TAY2u6GCkKyWk2roJLy/7CJ5s0rb8k1IJKZepm7WUFpzZjLP7M5sBco8d0957ERg
TyjMw83DHzDWqnv1dUcCVfsYnJE1FKYbKkgfdQG6z/ejdyYXeb4TmpSyo+eNuiRj
fBZSeWWl1+wZLJ59BGxcJwYlQ/liI09mly8XjLG1L8XExxoKXfMX1gcU+ko=
-----END CERTIFICATE-----