Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8270bc02-ddd8-49f0-8347-1b348218629e.roa
File:                     8270bc02-ddd8-49f0-8347-1b348218629e.roa (raw, json)
Hash identifier:          3q2bMS2p7OJdiJWFtpczg8vRFsVjsOhHKnlkjLTOaB8=
Subject key identifier:   5E:00:00:FA:F7:FF:F1:DB:C1:22:BF:93:43:59:26:70:26:50:03:93
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       72863AA2A30228F09C32BCA7DA916A1D288CE1D2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8270bc02-ddd8-49f0-8347-1b348218629e.roa
Signing time:             Wed 01 May 2024 00:00:00 +0000
ROA not before:           Wed 01 May 2024 00:00:00 +0000
ROA not after:            Wed 05 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:86:3a:a2:a3:02:28:f0:9c:32:bc:a7:da:91:6a:1d:28:8c:e1:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May  1 00:00:00 2024 GMT
            Not After : Jun  5 23:59:59 2024 GMT
        Subject: serialNumber=23562dc9bb9005b4dedef21da0221113b646548e028955aaa65d80a17e684a30, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:25:a4:21:5a:44:90:77:c7:a2:f9:5e:55:ef:
                    ba:97:7c:6a:64:f0:43:b2:f7:ad:95:99:06:77:86:
                    39:9e:f0:f4:c9:fc:9a:17:f3:69:bc:2f:18:eb:1b:
                    2c:a9:e5:9f:74:37:ee:7d:ed:00:f7:a5:f6:36:f9:
                    2a:99:8f:85:c3:43:3d:3e:ea:e6:db:25:66:ba:87:
                    2c:9a:4a:94:58:c8:bd:c4:f3:e3:54:44:97:5e:d4:
                    d5:86:56:5f:d2:d1:1a:3a:5f:ba:87:42:c8:75:b4:
                    cd:8d:9c:04:e1:6a:9e:cd:50:28:fc:01:14:66:f8:
                    71:9a:d8:ca:ce:b8:ba:4e:10:bc:5a:5a:58:13:66:
                    61:f3:af:95:d1:6c:8a:55:1c:f6:4d:db:d9:1c:b5:
                    39:88:db:00:69:dd:61:37:ca:01:97:73:b3:15:f6:
                    90:bb:a3:57:e0:62:f2:9f:c6:cb:95:3f:40:d0:0e:
                    4a:e9:c8:df:c3:8f:76:2c:93:5a:99:34:f9:7b:72:
                    c2:b2:1c:dc:ed:bc:c6:98:ff:53:99:ba:11:bf:3c:
                    a6:89:86:7f:37:f2:a5:87:a3:cf:c1:19:f1:24:2d:
                    10:5f:7b:26:a3:d0:8c:6f:07:92:05:da:fc:aa:9c:
                    09:ef:8b:b0:c1:ad:7b:72:e0:f7:39:1d:61:6a:68:
                    b1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:00:00:FA:F7:FF:F1:DB:C1:22:BF:93:43:59:26:70:26:50:03:93
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8270bc02-ddd8-49f0-8347-1b348218629e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:31:c5:4f:f9:e9:e3:99:87:fe:46:47:9d:1c:61:e8:53:0c:
         28:5d:15:ae:00:09:2b:51:6f:39:a6:37:94:5b:55:47:72:03:
         0d:52:a5:5f:5a:9d:51:d1:79:77:23:3d:2a:d3:c5:cd:2b:e5:
         ff:44:3e:9c:f1:68:97:6b:5e:4d:03:cf:59:12:42:56:42:6e:
         62:9e:35:1e:09:ee:37:0d:0d:b8:0e:5e:6f:29:0f:3d:7b:6b:
         9a:47:74:77:45:76:d4:f3:39:0e:75:c7:00:f1:f7:d0:eb:ac:
         57:8e:f2:9d:7d:00:5b:65:48:fc:1b:d6:4d:06:8a:aa:51:5b:
         08:3d:d7:b1:b5:6d:ac:76:31:4b:6c:9e:93:8a:53:b1:99:e4:
         b9:5a:4b:e6:10:50:f2:c9:e9:8e:1a:04:d3:fd:87:1a:82:88:
         f3:ba:22:c9:24:80:ef:82:75:04:4c:4a:97:11:1c:cc:b2:a5:
         9d:05:f7:68:dd:75:d0:e3:7d:f1:a0:a9:9d:59:0c:22:c4:6c:
         f9:cb:eb:4f:7e:eb:e8:ae:fa:76:6f:7a:de:c3:36:5c:89:d5:
         76:40:c8:93:61:b4:71:3c:ba:6a:35:75:06:d3:6a:37:4d:4a:
         64:5a:ab:94:f6:57:0d:e4:d1:56:52:a1:f2:05:ec:eb:a1:be:
         87:ab:b7:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcoY6oqMCKPCcMryn2pFqHSiM4dIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTAxMDAwMDAwWhcNMjQwNjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMzU2MmRjOWJiOTAwNWI0ZGVkZWYyMWRhMDIyMTExM2I2
NDY1NDhlMDI4OTU1YWFhNjVkODBhMTdlNjg0YTMwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqJaQhWkSQd8ei+V5V77qXfGpk8EOy962VmQZ3hjme8PTJ
/JoX82m8LxjrGyyp5Z90N+597QD3pfY2+SqZj4XDQz0+6ubbJWa6hyyaSpRYyL3E
8+NURJde1NWGVl/S0Ro6X7qHQsh1tM2NnAThap7NUCj8ARRm+HGa2MrOuLpOELxa
WlgTZmHzr5XRbIpVHPZN29kctTmI2wBp3WE3ygGXc7MV9pC7o1fgYvKfxsuVP0DQ
DkrpyN/Dj3Ysk1qZNPl7csKyHNztvMaY/1OZuhG/PKaJhn838qWHo8/BGfEkLRBf
eyaj0IxvB5IF2vyqnAnvi7DBrXty4Pc5HWFqaLHvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXgAA+vf/8dvBIr+TQ1kmcCZQA5MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyNzBiYzAyLWRkZDgtNDlmMC04MzQ3LTFiMzQ4MjE4NjI5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH8xxU/56eOZh/5GR50cYehTDChd
Fa4ACStRbzmmN5RbVUdyAw1SpV9anVHReXcjPSrTxc0r5f9EPpzxaJdrXk0Dz1kS
QlZCbmKeNR4J7jcNDbgOXm8pDz17a5pHdHdFdtTzOQ51xwDx99DrrFeO8p19AFtl
SPwb1k0GiqpRWwg917G1bax2MUtsnpOKU7GZ5LlaS+YQUPLJ6Y4aBNP9hxqCiPO6
IskkgO+CdQRMSpcRHMyypZ0F92jdddDjffGgqZ1ZDCLEbPnL609+6+iu+nZvet7D
NlyJ1XZAyJNhtHE8umo1dQbTajdNSmRaq5T2Vw3k0VZSofIF7OuhvoertyY=
-----END CERTIFICATE-----