Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d643302-e7a5-4f23-b389-27814a1a2ea2.roa
File:                     9d643302-e7a5-4f23-b389-27814a1a2ea2.roa (raw, json)
Hash identifier:          2pJAzElYgGXeNPcsfKSSfa2Fs2Mq5NDvEPCCrhzXSg0=
Subject key identifier:   C9:BF:9A:7D:ED:38:D7:7E:83:18:91:E0:51:B8:D8:44:63:2D:EB:6D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       25391F7F4964C1717D7C4711441058FABA831C84
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d643302-e7a5-4f23-b389-27814a1a2ea2.roa
Signing time:             Mon 11 Mar 2024 00:00:00 +0000
ROA not before:           Mon 11 Mar 2024 00:00:00 +0000
ROA not after:            Mon 15 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:39:1f:7f:49:64:c1:71:7d:7c:47:11:44:10:58:fa:ba:83:1c:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 11 00:00:00 2024 GMT
            Not After : Apr 15 23:59:59 2024 GMT
        Subject: serialNumber=4f3e09e547a7b77e15fe03790a775f968e2f2474834bf029f13634482bd98958, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:9c:3e:97:73:b7:c7:09:cb:96:c3:51:9a:4c:
                    40:3f:65:11:50:3e:48:e8:5f:d9:b8:f9:38:80:26:
                    e5:0a:51:3a:2d:31:fb:56:dc:73:52:26:75:ab:e1:
                    2c:3f:84:1c:ca:53:57:3e:cb:2e:7f:7c:cb:b8:76:
                    12:94:6f:00:60:c1:2a:4a:9b:8e:2f:66:c5:7e:7a:
                    68:8f:c3:c3:ea:fd:6e:1c:49:a0:2c:82:4a:f6:8d:
                    8e:6d:ca:02:58:bb:1e:d2:21:69:55:c7:ab:70:62:
                    92:c6:cf:29:f4:4f:a4:d7:75:43:ce:09:cf:92:9d:
                    b9:e1:6c:9b:92:0a:d0:41:d3:35:79:75:fc:86:a4:
                    85:1f:d3:d2:2e:34:06:42:cc:63:ec:e3:c6:a3:f2:
                    ce:2e:bc:d3:c2:9e:b7:b8:51:45:20:5d:91:85:a8:
                    26:14:c8:94:45:da:54:f4:37:a2:4f:9e:f0:e3:bf:
                    ac:5e:79:ae:c4:3d:45:5c:87:60:f2:6e:05:3f:ab:
                    ce:ec:aa:fb:2e:be:84:72:e0:b8:5b:5f:f8:21:0d:
                    c4:db:31:50:ef:e4:fb:c5:de:ff:df:9c:9d:58:04:
                    f9:78:db:d9:c9:b7:e2:62:5e:fc:73:a1:b6:07:cb:
                    0d:23:c9:a4:e5:33:d2:8e:f6:bb:8b:68:ab:bd:03:
                    43:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:BF:9A:7D:ED:38:D7:7E:83:18:91:E0:51:B8:D8:44:63:2D:EB:6D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d643302-e7a5-4f23-b389-27814a1a2ea2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:c1:5e:d2:38:dc:94:1c:63:8e:fa:6a:7f:a7:ad:9a:09:0d:
         a2:b7:6a:f0:a0:a1:62:13:ef:cd:20:f9:a8:6e:46:b5:7b:49:
         c8:91:6b:4d:6f:1d:cc:fe:1e:1d:a4:b0:8a:64:82:3d:fc:af:
         71:27:26:27:e1:5b:b5:21:e1:1a:e5:32:c3:c1:19:a3:a5:6b:
         2c:bb:3f:93:ea:6b:a3:11:87:a1:db:af:86:5c:fd:8c:29:d3:
         dc:79:b1:38:b2:c7:6a:08:c2:4b:de:bb:da:22:4b:ea:8b:b8:
         d1:ef:e8:dd:35:11:a8:04:fd:e3:33:58:d5:f4:3d:47:42:e7:
         b8:20:ef:1e:87:f2:3b:6e:80:ee:40:b2:28:9d:cf:9a:a6:09:
         c7:05:b3:04:97:66:3e:5d:2b:48:37:8f:6e:ab:71:00:d6:01:
         cb:7e:03:b2:4c:e7:63:ce:c0:2f:15:d2:ca:db:dc:fa:58:62:
         ad:80:9d:c5:25:c0:89:5e:e3:1e:c8:fe:28:de:4b:cd:4c:a9:
         86:6a:27:51:c8:b1:c3:76:6b:9a:36:15:70:f0:02:8d:ae:d4:
         88:87:09:f5:66:bb:18:77:a4:0a:ed:86:52:41:ed:fd:53:c9:
         7d:fc:c9:96:43:c4:fe:9a:1b:2c:83:c9:dd:b0:36:8d:84:22:
         ee:4b:80:62
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJTkff0lkwXF9fEcRRBBY+rqDHIQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzExMDAwMDAwWhcNMjQwNDE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZjNlMDllNTQ3YTdiNzdlMTVmZTAzNzkwYTc3NWY5Njhl
MmYyNDc0ODM0YmYwMjlmMTM2MzQ0ODJiZDk4OTU4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDenD6Xc7fHCcuWw1GaTEA/ZRFQPkjoX9m4+TiAJuUKUTot
MftW3HNSJnWr4Sw/hBzKU1c+yy5/fMu4dhKUbwBgwSpKm44vZsV+emiPw8Pq/W4c
SaAsgkr2jY5tygJYux7SIWlVx6twYpLGzyn0T6TXdUPOCc+SnbnhbJuSCtBB0zV5
dfyGpIUf09IuNAZCzGPs48aj8s4uvNPCnre4UUUgXZGFqCYUyJRF2lT0N6JPnvDj
v6xeea7EPUVch2DybgU/q87sqvsuvoRy4LhbX/ghDcTbMVDv5PvF3v/fnJ1YBPl4
29nJt+JiXvxzobYHyw0jyaTlM9KO9ruLaKu9A0OtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyb+afe04136DGJHgUbjYRGMt620wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlkNjQzMzAyLWU3YTUtNGYyMy1iMzg5LTI3ODE0YTFhMmVhMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABrBXtI43JQcY476an+nrZoJDaK3
avCgoWIT780g+ahuRrV7SciRa01vHcz+Hh2ksIpkgj38r3EnJifhW7Uh4RrlMsPB
GaOlayy7P5Pqa6MRh6Hbr4Zc/Ywp09x5sTiyx2oIwkveu9oiS+qLuNHv6N01EagE
/eMzWNX0PUdC57gg7x6H8jtugO5Asiidz5qmCccFswSXZj5dK0g3j26rcQDWAct+
A7JM52POwC8V0srb3PpYYq2AncUlwIle4x7I/ijeS81MqYZqJ1HIscN2a5o2FXDw
Ao2u1IiHCfVmuxh3pArthlJB7f1TyX38yZZDxP6aGyyDyd2wNo2EIu5LgGI=
-----END CERTIFICATE-----