Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7e63b422-b431-41b8-b596-2382d84fefcd.roa
File:                     7e63b422-b431-41b8-b596-2382d84fefcd.roa (raw, json)
Hash identifier:          AW2pFISvHMMRnZ1KwajxC8hQ2zieV4hSwSyd16eN2UM=
Subject key identifier:   16:7F:FC:74:4A:D3:D8:96:9D:1B:2C:90:8A:25:C3:2E:DA:49:98:CC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       112DF7EDEE827C4565F9EC9A0BF17461C1A3F9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7e63b422-b431-41b8-b596-2382d84fefcd.roa
Signing time:             Thu 07 Mar 2024 00:00:00 +0000
ROA not before:           Thu 07 Mar 2024 00:00:00 +0000
ROA not after:            Thu 11 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:2d:f7:ed:ee:82:7c:45:65:f9:ec:9a:0b:f1:74:61:c1:a3:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  7 00:00:00 2024 GMT
            Not After : Apr 11 23:59:59 2024 GMT
        Subject: serialNumber=e9d39c62f64217a97c19662e3cd5c13c4e09bb3a01995c5988cab4a810cd8ed3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c5:d0:6d:78:b3:12:92:f5:7a:17:9c:fa:f9:
                    a7:c3:c0:37:4d:c5:1d:d9:61:5c:aa:30:5e:02:59:
                    be:f9:94:2b:fa:d5:65:63:fa:f1:5c:de:3d:b5:45:
                    f8:c0:67:55:61:24:31:38:85:07:7e:a5:0a:03:f4:
                    e6:26:e1:7f:dc:c2:1e:09:ee:4e:e3:d3:db:4a:d0:
                    94:ac:3c:20:20:66:9f:20:90:98:34:2f:60:92:13:
                    35:f8:74:89:1d:b2:31:f8:f0:e5:c7:93:87:44:e3:
                    15:cb:e1:ee:7b:1c:b1:e1:7e:7f:e6:b7:0b:d2:2f:
                    84:01:ad:de:86:07:7f:fb:33:c5:6e:06:50:16:b7:
                    6b:8f:a1:aa:92:a9:8c:30:53:24:67:5e:23:1a:2f:
                    94:70:1d:44:1c:1b:a2:21:bf:72:c2:d6:3f:32:cf:
                    5a:7c:47:13:46:1a:0e:4b:45:68:34:a9:94:7a:19:
                    2b:bc:77:66:21:9c:0a:a2:31:a9:42:88:ce:17:d8:
                    0e:ee:4e:f5:c9:fb:ef:d1:f7:51:d8:8b:85:8c:aa:
                    6e:72:eb:26:e7:7b:aa:8e:b5:49:ac:e9:03:e0:f9:
                    bb:fa:ea:eb:65:80:c8:db:6a:97:81:5b:55:07:33:
                    a5:d8:b3:17:aa:aa:c1:df:53:f6:d3:98:18:df:02:
                    b8:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:7F:FC:74:4A:D3:D8:96:9D:1B:2C:90:8A:25:C3:2E:DA:49:98:CC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7e63b422-b431-41b8-b596-2382d84fefcd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:00:f5:ad:3f:bb:a0:04:f3:b1:4e:17:b8:84:26:2a:c1:7f:
         19:10:72:ce:fc:15:70:91:e7:e8:e8:4f:ac:db:ae:ec:07:ef:
         34:ab:b9:8a:02:15:39:9a:22:c3:e9:0a:f0:8c:39:de:6d:77:
         90:f5:d6:67:39:a3:1d:88:2b:5b:33:88:f7:d3:f6:2d:5e:9d:
         99:2a:ef:7f:52:aa:10:4f:eb:45:ab:1d:fd:c8:96:8a:d6:f7:
         ec:6b:77:6c:7c:ab:39:44:13:eb:fb:f5:a5:90:46:59:52:fb:
         2f:51:53:50:df:24:1f:45:9a:ea:0e:e3:96:e8:0b:45:ee:f8:
         eb:f3:20:b3:08:ff:ed:8f:65:ba:18:4c:f9:5f:59:9f:19:96:
         d6:da:8c:14:4d:c0:8a:d0:25:e5:da:fe:b0:f1:84:5b:3a:f7:
         a5:e8:58:f9:51:74:68:10:a1:ae:94:ac:53:4a:5b:1d:c5:58:
         91:46:05:f2:6a:a5:f4:7e:19:70:b0:cd:fb:bb:6c:2f:33:c8:
         71:cd:b3:db:f1:00:14:c2:fb:e4:61:66:b1:72:04:6e:f5:2a:
         56:d4:9e:7c:02:27:8f:a2:fe:ee:86:50:b7:35:a9:ca:d6:50:
         8e:33:ff:f4:e5:da:39:0a:49:ba:98:61:f0:eb:26:a8:30:eb:
         99:e2:3f:82
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITES337e6CfEVl+eyaC/F0YcGj+TANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzIyNzhhYWI4NzhmMjY2MmNlMTRlOTA1ZTE4ZWJjYjc1MjJm
OTJiMzY4NGJjNDg2NWI0ZDAeFw0yNDAzMDcwMDAwMDBaFw0yNDA0MTEyMzU5NTla
MHoxSTBHBgNVBAUTQGU5ZDM5YzYyZjY0MjE3YTk3YzE5NjYyZTNjZDVjMTNjNGUw
OWJiM2EwMTk5NWM1OTg4Y2FiNGE4MTBjZDhlZDMxLTArBgNVBAMTJGMwY2UyM2Vh
LTQzZmMtNGJlNC1iZWVlLWMwMTQ3ODEyMmEwZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALbF0G14sxKS9XoXnPr5p8PAN03FHdlhXKowXgJZvvmUK/rV
ZWP68VzePbVF+MBnVWEkMTiFB36lCgP05ibhf9zCHgnuTuPT20rQlKw8ICBmnyCQ
mDQvYJITNfh0iR2yMfjw5ceTh0TjFcvh7nscseF+f+a3C9IvhAGt3oYHf/szxW4G
UBa3a4+hqpKpjDBTJGdeIxovlHAdRBwboiG/csLWPzLPWnxHE0YaDktFaDSplHoZ
K7x3ZiGcCqIxqUKIzhfYDu5O9cn779H3UdiLhYyqbnLrJud7qo61SazpA+D5u/rq
62WAyNtql4FbVQczpdizF6qqwd9T9tOYGN8CuBcCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBQWf/x0StPYlp0bLJCKJcMu2kmYzDAfBgNVHSMEGDAWgBRVqN1F2UQT+dGS
9Sxjzoz7xhSWuDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzE0MzNlYmZmLWRm
ZDYtNGM1Yy1iN2ZmLTk5Yzg1MTM5ZDRhOC8yNzhhYWI4NzhmMjY2MmNlMTRlOTA1
ZTE4ZWJjYjc1MjJmOTJiMzY4NGJjNDg2NWI0ZC5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8xNmYxZmZlZS03NDYxLTQ2NzQtYmIwNS1mZGRl
ZmE5YTAyYzYvN2U2M2I0MjItYjQzMS00MWI4LWI1OTYtMjM4MmQ4NGZlZmNkLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUt
ZmRkZWZhOWEwMmM2L0ptTE9GT2tGNFk2OHQxSXZrck5vUzhTR1cwMC5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMckeDANBgkqhkiG9w0BAQsFAAOCAQEAIQD1rT+7oATzsU4XuIQmKsF/GRBy
zvwVcJHn6OhPrNuu7AfvNKu5igIVOZoiw+kK8Iw53m13kPXWZzmjHYgrWzOI99P2
LV6dmSrvf1KqEE/rRasd/ciWitb37Gt3bHyrOUQT6/v1pZBGWVL7L1FTUN8kH0Wa
6g7jlugLRe746/Mgswj/7Y9luhhM+V9ZnxmW1tqMFE3AitAl5dr+sPGEWzr3pehY
+VF0aBChrpSsU0pbHcVYkUYF8mql9H4ZcLDN+7tsLzPIcc2z2/EAFML75GFmsXIE
bvUqVtSefAInj6L+7oZQtzWpytZQjjP/9OXaOQpJuphh8OsmqDDrmeI/gg==
-----END CERTIFICATE-----