Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a38541f7-68d3-4458-8b02-9cf553de8d87.roa
File:                     a38541f7-68d3-4458-8b02-9cf553de8d87.roa (raw, json)
Hash identifier:          TDc9yVSk/LIgtgL3zk2RMslCZrKws+DbhnIcYrFfTM4=
Subject key identifier:   4F:0C:5B:EF:DC:7A:C3:31:59:F5:A5:8B:75:B3:D6:A1:F0:C7:87:75
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1122A751EA2FBD7A5FB18630A1E110872E361300
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a38541f7-68d3-4458-8b02-9cf553de8d87.roa
Signing time:             Wed 17 Jan 2024 00:00:00 +0000
ROA not before:           Wed 17 Jan 2024 00:00:00 +0000
ROA not after:            Wed 21 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:22:a7:51:ea:2f:bd:7a:5f:b1:86:30:a1:e1:10:87:2e:36:13:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 17 00:00:00 2024 GMT
            Not After : Feb 21 23:59:59 2024 GMT
        Subject: serialNumber=f5780013ceee85ae7d0bab6118cf5a23690fb603d1335669d8759ae327596d29, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:65:35:07:11:ee:56:7d:f3:e3:7b:2b:e3:c4:
                    7f:51:bd:41:d8:2f:52:79:29:a0:7b:a4:55:bf:20:
                    a3:54:86:13:11:b6:36:45:49:77:89:bd:70:27:8f:
                    e6:e3:ff:d9:0a:7e:90:c2:10:cf:8c:05:92:53:e5:
                    01:b6:d8:65:12:e1:8b:77:ae:f4:f0:68:c8:96:a4:
                    39:81:7b:d7:5f:30:d2:be:33:d4:3c:4c:96:6a:97:
                    dc:73:8f:64:53:4b:76:e4:8c:e5:09:3e:1a:12:36:
                    26:e9:1c:02:37:44:0e:d4:f2:cd:84:52:7c:a3:fb:
                    9a:87:d6:5b:36:2d:21:de:4a:f3:42:29:4b:29:3f:
                    f0:fd:f0:5c:64:87:bf:65:49:d9:e7:6f:1f:10:3e:
                    6c:e3:2e:ef:23:70:54:2b:9e:db:2b:30:5d:9d:a0:
                    03:48:a8:d2:81:2a:b9:e8:ae:69:13:f8:9a:f6:c8:
                    02:f3:80:0c:cd:ca:38:26:e8:68:17:7d:1f:cd:89:
                    71:82:77:dd:a9:77:3a:8d:47:5b:0e:97:2d:b4:e8:
                    a7:12:9a:9c:93:85:5b:df:02:c4:2e:2d:6e:c7:cb:
                    76:f2:fa:c3:62:79:a3:3d:b0:56:ac:f4:5b:7c:cf:
                    a1:23:78:3a:83:87:66:04:01:67:5d:61:c8:0a:c8:
                    5a:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:0C:5B:EF:DC:7A:C3:31:59:F5:A5:8B:75:B3:D6:A1:F0:C7:87:75
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a38541f7-68d3-4458-8b02-9cf553de8d87.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:e2:26:aa:b5:1e:28:c9:eb:84:aa:de:7a:ef:cb:ad:9d:5a:
         e4:19:69:bd:67:d2:46:cd:fd:4b:7c:fa:9e:d3:87:61:17:21:
         82:a0:4b:e9:71:e8:88:12:26:3f:b5:b5:28:b2:0c:fe:d6:38:
         dc:da:ed:9a:b2:4b:a6:1c:72:7f:a9:35:76:29:90:94:cc:3d:
         af:4a:6f:15:a9:f6:a0:06:ae:c2:3c:72:61:bf:1b:94:c0:7c:
         6f:ed:57:0c:d2:ba:f0:5a:d3:36:79:47:1e:32:68:a4:f8:7d:
         c4:ff:62:1c:da:7b:1c:d7:a1:e5:b8:d2:7a:b5:e8:23:2d:32:
         0a:51:c8:b9:e7:4f:7f:61:0a:f5:28:f7:69:e8:29:a1:e2:02:
         17:89:0c:ce:6e:f1:62:a1:39:49:36:1f:0c:d9:df:0f:4f:47:
         e1:5f:ba:ad:2f:3f:e1:35:a1:df:0c:e2:f4:86:e9:12:f4:b5:
         5d:a7:17:78:99:73:cd:b1:1c:c3:4b:f5:90:af:be:15:f3:93:
         e5:7f:df:e5:73:6e:c5:8c:dd:3f:69:89:4e:d6:81:94:8a:0e:
         25:33:1a:2d:21:0c:bb:4e:54:71:24:a5:44:27:b7:be:e4:6a:
         e3:c4:64:1f:91:49:d3:d8:89:29:e5:01:82:05:1a:77:5f:67:
         71:19:2b:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUESKnUeovvXpfsYYwoeEQhy42EwAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTE3MDAwMDAwWhcNMjQwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTc4MDAxM2NlZWU4NWFlN2QwYmFiNjExOGNmNWEyMzY5
MGZiNjAzZDEzMzU2NjlkODc1OWFlMzI3NTk2ZDI5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQZTUHEe5WffPjeyvjxH9RvUHYL1J5KaB7pFW/IKNUhhMR
tjZFSXeJvXAnj+bj/9kKfpDCEM+MBZJT5QG22GUS4Yt3rvTwaMiWpDmBe9dfMNK+
M9Q8TJZql9xzj2RTS3bkjOUJPhoSNibpHAI3RA7U8s2EUnyj+5qH1ls2LSHeSvNC
KUspP/D98Fxkh79lSdnnbx8QPmzjLu8jcFQrntsrMF2doANIqNKBKrnormkT+Jr2
yALzgAzNyjgm6GgXfR/NiXGCd92pdzqNR1sOly206KcSmpyThVvfAsQuLW7Hy3by
+sNieaM9sFas9Ft8z6EjeDqDh2YEAWddYcgKyFppAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTwxb79x6wzFZ9aWLdbPWofDHh3UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2EzODU0MWY3LTY4ZDMtNDQ1OC04YjAyLTljZjU1M2RlOGQ4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIfiJqq1HijJ64Sq3nrvy62dWuQZ
ab1n0kbN/Ut8+p7Th2EXIYKgS+lx6IgSJj+1tSiyDP7WONza7ZqyS6Yccn+pNXYp
kJTMPa9KbxWp9qAGrsI8cmG/G5TAfG/tVwzSuvBa0zZ5Rx4yaKT4fcT/YhzaexzX
oeW40nq16CMtMgpRyLnnT39hCvUo92noKaHiAheJDM5u8WKhOUk2HwzZ3w9PR+Ff
uq0vP+E1od8M4vSG6RL0tV2nF3iZc82xHMNL9ZCvvhXzk+V/3+VzbsWM3T9piU7W
gZSKDiUzGi0hDLtOVHEkpUQnt77kauPEZB+RSdPYiSnlAYIFGndfZ3EZK3k=
-----END CERTIFICATE-----