Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a3bc21c9-1f84-4e22-bc18-2d34c04ee75c.roa
File:                     a3bc21c9-1f84-4e22-bc18-2d34c04ee75c.roa (raw, json)
Hash identifier:          AxalpjJFprLnz8aBdE2oeu3z6H7UNAy+QI4S3bBcx4M=
Subject key identifier:   73:BC:59:73:D5:B8:B6:F7:5B:70:32:88:14:90:59:D5:BC:F8:E5:42
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       750215739A64E599B000C7774C4EAC894742DC31
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a3bc21c9-1f84-4e22-bc18-2d34c04ee75c.roa
Signing time:             Sun 25 Feb 2024 00:00:00 +0000
ROA not before:           Sun 25 Feb 2024 00:00:00 +0000
ROA not after:            Sun 31 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:02:15:73:9a:64:e5:99:b0:00:c7:77:4c:4e:ac:89:47:42:dc:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 25 00:00:00 2024 GMT
            Not After : Mar 31 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:6b:43:b0:11:c5:bf:ed:33:31:09:a7:54:3d:
                    f4:e6:d1:9d:a6:cd:7c:96:3f:7a:51:33:cf:68:29:
                    78:c4:43:55:09:af:80:28:36:24:11:8b:a4:65:11:
                    cb:cf:7e:7e:32:13:40:0a:d2:05:28:5c:39:77:d6:
                    8e:9a:ad:f8:de:44:6f:f0:5b:70:25:6f:05:12:ec:
                    34:a4:45:36:b1:ae:63:eb:ee:d5:4f:d4:55:15:6b:
                    0c:08:26:98:4f:b0:18:c8:a6:62:a8:15:ad:ab:a8:
                    6d:e8:d3:9b:7d:d3:ff:a5:b4:63:a8:12:c0:d6:7d:
                    2f:33:3f:ef:a0:d7:6c:65:d9:38:34:b3:4c:ca:27:
                    f7:2f:89:05:0c:f8:c8:83:4e:8f:79:f7:20:01:d8:
                    49:24:c6:4b:06:d6:fc:61:73:8a:4c:d5:e7:5a:25:
                    33:db:0a:2f:25:d7:0b:bc:f6:4e:35:7b:e1:34:54:
                    5a:f3:3c:3e:45:0c:b7:c8:dd:0c:76:da:d9:87:32:
                    a9:6d:ec:cb:b0:d5:36:03:e9:a9:a8:58:1d:7c:cc:
                    34:52:aa:5e:42:1c:b3:65:a8:2c:7d:db:89:fc:a3:
                    16:df:fd:81:ab:69:fc:e3:de:3b:d8:b9:56:06:40:
                    15:6a:26:bc:3f:35:6a:72:5e:74:45:f9:d6:02:8f:
                    24:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:BC:59:73:D5:B8:B6:F7:5B:70:32:88:14:90:59:D5:BC:F8:E5:42
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a3bc21c9-1f84-4e22-bc18-2d34c04ee75c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:32:89:ae:65:17:d1:b7:26:35:73:cc:a6:7d:28:7e:0f:3f:
         91:f0:24:2b:2f:8f:0b:54:dd:8e:79:6a:70:38:ba:52:64:77:
         96:cb:c1:a9:f3:3d:de:7b:61:6c:69:31:c5:96:92:ec:13:05:
         cf:87:10:63:bb:a0:e8:d1:88:01:49:88:1a:6d:a4:09:8c:dc:
         23:b0:3a:c1:38:ac:37:f3:2a:b3:c8:11:6d:43:e1:8c:5a:43:
         81:2a:1e:5b:33:0d:d9:c5:13:b9:6b:75:86:59:cb:ed:8f:c5:
         8c:8f:2d:2a:12:71:1c:f4:27:61:24:28:fb:7f:50:65:a3:67:
         98:76:74:3a:e7:3a:b4:30:b5:94:8a:6b:46:e8:57:8f:a3:77:
         79:fd:30:99:da:7e:b8:0b:b4:e7:ce:42:b3:53:7a:f1:58:e0:
         f0:93:f8:f2:9f:9b:b4:f0:63:f5:79:87:90:39:45:2e:c2:3c:
         b9:40:04:ba:1e:a8:15:ba:e6:4b:37:34:8c:4e:c7:53:4b:c8:
         46:fd:d3:c6:61:05:48:14:e6:c3:56:1b:a5:22:d6:ab:66:d7:
         34:ee:39:2f:0b:78:83:a8:e2:c2:a9:3d:55:ef:2d:c7:9f:c8:
         53:90:e2:b9:cd:71:a0:9a:12:7c:46:86:32:67:e5:a8:73:76:
         fa:fc:d4:c5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdQIVc5pk5ZmwAMd3TE6siUdC3DEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjI1MDAwMDAwWhcNMjQwMzMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjhhMTY2NTY1ZDRkYzk1ZTc4OTNjZTcxNzQ1Mzk3MjBk
MWFjMjZmMGJiMDVlZjYwNmRmNmIwN2U3MjQzMjVlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKa0OwEcW/7TMxCadUPfTm0Z2mzXyWP3pRM89oKXjEQ1UJ
r4AoNiQRi6RlEcvPfn4yE0AK0gUoXDl31o6arfjeRG/wW3AlbwUS7DSkRTaxrmPr
7tVP1FUVawwIJphPsBjIpmKoFa2rqG3o05t90/+ltGOoEsDWfS8zP++g12xl2Tg0
s0zKJ/cviQUM+MiDTo959yAB2EkkxksG1vxhc4pM1edaJTPbCi8l1wu89k41e+E0
VFrzPD5FDLfI3Qx22tmHMqlt7Muw1TYD6amoWB18zDRSql5CHLNlqCx924n8oxbf
/YGrafzj3jvYuVYGQBVqJrw/NWpyXnRF+dYCjySzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUc7xZc9W4tvdbcDKIFJBZ1bz45UIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2EzYmMyMWM5LTFmODQtNGUyMi1iYzE4LTJkMzRjMDRlZTc1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF4yia5lF9G3JjVzzKZ9KH4PP5Hw
JCsvjwtU3Y55anA4ulJkd5bLwanzPd57YWxpMcWWkuwTBc+HEGO7oOjRiAFJiBpt
pAmM3COwOsE4rDfzKrPIEW1D4YxaQ4EqHlszDdnFE7lrdYZZy+2PxYyPLSoScRz0
J2EkKPt/UGWjZ5h2dDrnOrQwtZSKa0boV4+jd3n9MJnafrgLtOfOQrNTevFY4PCT
+PKfm7TwY/V5h5A5RS7CPLlABLoeqBW65ks3NIxOx1NLyEb908ZhBUgU5sNWG6Ui
1qtm1zTuOS8LeIOo4sKpPVXvLcefyFOQ4rnNcaCaEnxGhjJn5ahzdvr81MU=
-----END CERTIFICATE-----