Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d85e883-8410-477e-b452-7dc1cd161ca2.roa
File:                     9d85e883-8410-477e-b452-7dc1cd161ca2.roa (raw, json)
Hash identifier:          WISXTSX1Ho56eSbnGlYT0ZbOKYwkOPAX8a9GuaEgd7k=
Subject key identifier:   E3:3E:25:32:94:A1:82:1F:A3:66:7A:FD:91:33:43:3F:CC:91:70:38
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       18D6EDCDA59D4C6B94AD1D8D2AEFE9A291F424BF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d85e883-8410-477e-b452-7dc1cd161ca2.roa
Signing time:             Sun 18 Feb 2024 00:00:00 +0000
ROA not before:           Sun 18 Feb 2024 00:00:00 +0000
ROA not after:            Sun 24 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:d6:ed:cd:a5:9d:4c:6b:94:ad:1d:8d:2a:ef:e9:a2:91:f4:24:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 18 00:00:00 2024 GMT
            Not After : Mar 24 23:59:59 2024 GMT
        Subject: serialNumber=9f9f463304591016a46bfdde210c56ac69306ba1c766bb0d4cca857c513ca683, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a4:59:96:8e:11:1c:6c:ff:89:1f:0b:a2:10:
                    99:c1:89:72:3a:93:16:46:95:52:90:5d:45:dc:4a:
                    01:47:49:c2:f9:7b:1c:b0:73:0b:93:94:7c:60:bd:
                    95:13:36:a9:99:fb:9e:0e:a8:f1:7c:1b:d0:a5:4e:
                    13:4e:b3:9c:0d:23:8c:2c:90:47:56:c6:82:60:06:
                    97:7e:7c:7f:ed:3a:1e:59:73:65:ad:44:df:4c:3c:
                    12:c5:c8:6a:e0:f3:de:a4:4d:39:a4:56:ad:e8:ea:
                    37:a7:2f:b1:13:6c:76:73:7b:4d:e5:49:95:ff:17:
                    87:35:02:61:86:05:99:6b:a6:f4:b2:54:86:fd:47:
                    eb:c1:b0:ca:40:c3:02:93:7c:10:f4:53:1a:3e:f6:
                    c4:90:bb:7e:c2:f7:0a:6c:56:de:8a:08:e5:87:9d:
                    75:41:78:9e:10:fa:75:bc:83:38:62:82:f4:49:5f:
                    61:82:32:ab:ab:b4:6e:c9:95:47:be:96:76:75:b3:
                    e7:71:e4:0d:65:ed:c3:0b:ee:63:60:df:25:d4:e0:
                    d3:4f:a0:0d:7f:34:74:28:d4:3b:d9:b4:c0:95:5e:
                    bd:dc:71:a1:bb:d0:ea:33:33:4a:22:eb:b1:ba:a1:
                    f9:bb:c0:44:e9:08:c3:29:cd:c5:ba:06:23:e1:c8:
                    b2:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:3E:25:32:94:A1:82:1F:A3:66:7A:FD:91:33:43:3F:CC:91:70:38
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d85e883-8410-477e-b452-7dc1cd161ca2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:72:98:78:fc:8d:e8:d8:fe:e6:b2:5d:4d:48:72:88:24:ec:
         1f:d0:b6:9c:7e:d4:c0:42:8f:50:59:50:38:a7:9f:d5:e2:f5:
         78:47:59:f1:56:a2:ce:d9:6d:3f:99:68:cc:3a:20:46:2b:9f:
         79:25:31:2e:4a:59:db:d5:09:f8:e1:4b:2e:81:0c:67:34:cf:
         0f:1f:94:c1:ee:c6:68:86:54:d7:d4:df:6d:54:01:00:f0:9f:
         74:43:28:c4:13:08:5e:47:b3:71:49:4a:75:e5:49:e6:4c:10:
         04:0e:22:eb:f6:21:fb:94:eb:a5:71:48:be:e4:6e:3b:fe:b4:
         a7:84:2f:ab:25:11:1f:6c:0e:78:d2:fc:24:7f:09:d1:59:e6:
         02:bf:70:80:91:af:17:05:a8:48:51:2b:cb:dd:4b:85:b7:f0:
         a9:d6:9d:98:5a:eb:41:fa:9c:96:9e:d1:e4:29:f7:f1:54:47:
         82:2f:b4:e1:0b:c7:6e:ae:fd:e9:07:52:21:b2:62:c4:54:11:
         a3:e9:d8:91:e1:59:f3:7c:fc:4c:20:b7:65:c9:20:01:fe:37:
         3f:d7:fb:b6:12:9b:38:d9:fc:0b:f4:a1:f9:af:81:b8:f6:47:
         95:15:2e:a7:db:d8:c9:81:48:fd:a8:ba:91:23:87:1f:dc:c1:
         34:e8:be:d0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGNbtzaWdTGuUrR2NKu/popH0JL8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjE4MDAwMDAwWhcNMjQwMzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjlmNDYzMzA0NTkxMDE2YTQ2YmZkZGUyMTBjNTZhYzY5
MzA2YmExYzc2NmJiMGQ0Y2NhODU3YzUxM2NhNjgzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkpFmWjhEcbP+JHwuiEJnBiXI6kxZGlVKQXUXcSgFHScL5
exywcwuTlHxgvZUTNqmZ+54OqPF8G9ClThNOs5wNI4wskEdWxoJgBpd+fH/tOh5Z
c2WtRN9MPBLFyGrg896kTTmkVq3o6jenL7ETbHZze03lSZX/F4c1AmGGBZlrpvSy
VIb9R+vBsMpAwwKTfBD0Uxo+9sSQu37C9wpsVt6KCOWHnXVBeJ4Q+nW8gzhigvRJ
X2GCMqurtG7JlUe+lnZ1s+dx5A1l7cML7mNg3yXU4NNPoA1/NHQo1DvZtMCVXr3c
caG70OozM0oi67G6ofm7wETpCMMpzcW6BiPhyLL7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4z4lMpShgh+jZnr9kTNDP8yRcDgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlkODVlODgzLTg0MTAtNDc3ZS1iNDUyLTdkYzFjZDE2MWNhMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHZymHj8jejY/uayXU1Icogk7B/Q
tpx+1MBCj1BZUDinn9Xi9XhHWfFWos7ZbT+ZaMw6IEYrn3klMS5KWdvVCfjhSy6B
DGc0zw8flMHuxmiGVNfU321UAQDwn3RDKMQTCF5Hs3FJSnXlSeZMEAQOIuv2IfuU
66VxSL7kbjv+tKeEL6slER9sDnjS/CR/CdFZ5gK/cICRrxcFqEhRK8vdS4W38KnW
nZha60H6nJae0eQp9/FUR4IvtOELx26u/ekHUiGyYsRUEaPp2JHhWfN8/Ewgt2XJ
IAH+Nz/X+7YSmzjZ/Av0ofmvgbj2R5UVLqfb2MmBSP2oupEjhx/cwTTovtA=
-----END CERTIFICATE-----