Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/891e4c54-7f8c-47a3-97f7-5f03c293dee2.roa
File:                     891e4c54-7f8c-47a3-97f7-5f03c293dee2.roa (raw, json)
Hash identifier:          m1WyKYBPrN/6JG/aV2PG9lJArIOyx/Ojl+hjSkp1ba0=
Subject key identifier:   01:31:1A:9A:73:FA:38:4D:FB:29:A7:72:89:A3:E5:E9:AB:1D:95:4B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2703A0C1A36C512AA3FFCD58B81A30E2567AD825
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/891e4c54-7f8c-47a3-97f7-5f03c293dee2.roa
Signing time:             Sat 30 Mar 2024 00:00:00 +0000
ROA not before:           Sat 30 Mar 2024 00:00:00 +0000
ROA not after:            Sat 04 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:03:a0:c1:a3:6c:51:2a:a3:ff:cd:58:b8:1a:30:e2:56:7a:d8:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 30 00:00:00 2024 GMT
            Not After : May  4 23:59:59 2024 GMT
        Subject: serialNumber=a169315661ba8a001a0b36a5ba6cdf78a99e07baf8bf8500aef8dcce8abb7fc4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:af:24:d8:c6:58:04:fa:2b:dc:78:4a:c1:e2:
                    1e:20:1f:ea:1a:c2:e6:68:4f:29:93:db:5d:6d:34:
                    75:06:4c:7e:90:a8:87:a5:05:b7:18:f7:3f:18:4a:
                    60:50:b1:e5:a9:f6:17:3f:32:6f:e7:c2:ef:d0:46:
                    8c:f2:a2:e9:7f:df:7f:8b:a4:60:c0:64:38:ef:71:
                    fa:5a:cc:23:ba:a8:51:e5:81:53:aa:b8:62:b2:ad:
                    33:f2:65:07:f3:fc:d2:28:55:d5:97:4d:93:4b:c2:
                    2c:d2:25:30:ec:30:81:65:ef:65:53:37:a5:27:1b:
                    ac:1b:44:22:dc:40:bd:eb:e6:23:6a:9f:94:55:bd:
                    ac:aa:7f:dd:25:50:b0:b4:39:79:a0:ef:d2:ab:e6:
                    2d:d7:18:8c:58:31:2b:9b:c5:8b:cb:f8:6d:23:09:
                    cd:fd:61:6e:bc:c8:33:2f:09:aa:8f:34:66:5e:ff:
                    c4:36:f8:a6:a3:6c:76:13:20:6b:9e:29:b5:a1:34:
                    36:36:8d:55:2d:3a:3a:39:49:c2:2b:9a:c0:a8:4f:
                    ef:75:51:e9:d2:51:b3:ad:c4:ae:d6:b6:cd:cb:dc:
                    f4:b3:3e:a0:0f:34:ef:1f:e0:8a:2a:cc:06:ef:5d:
                    f5:39:38:9e:90:f6:88:c4:1e:0e:e3:a2:39:59:f8:
                    be:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:31:1A:9A:73:FA:38:4D:FB:29:A7:72:89:A3:E5:E9:AB:1D:95:4B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/891e4c54-7f8c-47a3-97f7-5f03c293dee2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:92:97:77:5f:3f:cd:05:5a:9f:eb:0f:f7:51:38:ed:6a:60:
         8e:94:c9:04:9a:19:5b:ca:cf:43:b6:42:f1:e8:0d:69:15:66:
         ce:2a:6d:e5:bd:35:d1:f8:20:9c:57:82:6e:ce:b5:f7:18:a8:
         b2:12:d0:f4:5f:3c:3e:a2:0b:f3:ee:fd:a0:fe:a9:f1:6e:03:
         cd:58:2b:ac:f2:62:82:b7:df:43:96:d9:1b:61:98:67:e4:41:
         c6:49:c4:26:5a:b1:ed:d6:45:eb:39:e9:dc:76:77:4d:12:69:
         50:00:c3:0c:c5:ac:d6:ae:50:0d:4f:89:31:88:97:a8:5b:41:
         eb:f1:41:d6:e8:40:fd:2a:91:80:00:98:1f:a8:46:93:b5:ea:
         46:ff:7a:c4:47:99:b0:96:2d:ae:c2:88:bf:a3:af:f6:36:af:
         f9:50:1b:c5:df:5f:17:97:ac:01:91:77:96:6f:c5:4c:1a:5d:
         22:9d:97:70:9f:d7:b4:69:c1:69:cf:ab:77:7d:0f:ae:27:78:
         f4:37:9a:1e:58:b5:62:83:90:6d:2d:6f:3c:00:a2:a6:a4:cc:
         7c:24:40:6e:65:97:06:36:f3:ec:43:e2:a9:e6:19:9b:2b:d8:
         68:c0:6b:04:ad:a7:c1:52:29:d6:a2:27:5b:eb:2d:e5:55:3f:
         f8:c9:45:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJwOgwaNsUSqj/81YuBow4lZ62CUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzMwMDAwMDAwWhcNMjQwNTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTY5MzE1NjYxYmE4YTAwMWEwYjM2YTViYTZjZGY3OGE5
OWUwN2JhZjhiZjg1MDBhZWY4ZGNjZThhYmI3ZmM0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6ryTYxlgE+ivceErB4h4gH+oawuZoTymT211tNHUGTH6Q
qIelBbcY9z8YSmBQseWp9hc/Mm/nwu/QRozyoul/33+LpGDAZDjvcfpazCO6qFHl
gVOquGKyrTPyZQfz/NIoVdWXTZNLwizSJTDsMIFl72VTN6UnG6wbRCLcQL3r5iNq
n5RVvayqf90lULC0OXmg79Kr5i3XGIxYMSubxYvL+G0jCc39YW68yDMvCaqPNGZe
/8Q2+KajbHYTIGueKbWhNDY2jVUtOjo5ScIrmsCoT+91UenSUbOtxK7Wts3L3PSz
PqAPNO8f4IoqzAbvXfU5OJ6Q9ojEHg7jojlZ+L4bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUATEamnP6OE37KadyiaPl6asdlUswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg5MWU0YzU0LTdmOGMtNDdhMy05N2Y3LTVmMDNjMjkzZGVlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGWSl3dfP80FWp/rD/dROO1qYI6U
yQSaGVvKz0O2QvHoDWkVZs4qbeW9NdH4IJxXgm7OtfcYqLIS0PRfPD6iC/Pu/aD+
qfFuA81YK6zyYoK330OW2RthmGfkQcZJxCZase3WRes56dx2d00SaVAAwwzFrNau
UA1PiTGIl6hbQevxQdboQP0qkYAAmB+oRpO16kb/esRHmbCWLa7CiL+jr/Y2r/lQ
G8XfXxeXrAGRd5ZvxUwaXSKdl3Cf17RpwWnPq3d9D64nePQ3mh5YtWKDkG0tbzwA
oqakzHwkQG5llwY28+xD4qnmGZsr2GjAawStp8FSKdaiJ1vrLeVVP/jJRec=
-----END CERTIFICATE-----