Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a8a4716e-e35c-43e8-b418-76aea1445957.roa
File:                     a8a4716e-e35c-43e8-b418-76aea1445957.roa (raw, json)
Hash identifier:          QvoAj2tJWg0HT/ILRPqyuxX2U+DuvpxhaQ7LfhTkwBM=
Subject key identifier:   0A:F9:E2:03:22:AA:AE:1D:0F:6D:FC:E3:B7:15:3E:12:A4:25:B8:A9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       564F96520CC99A03E2F53780DDC1576F4709A2B7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a8a4716e-e35c-43e8-b418-76aea1445957.roa
Signing time:             Sun 17 Mar 2024 00:00:00 +0000
ROA not before:           Sun 17 Mar 2024 00:00:00 +0000
ROA not after:            Sun 21 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:4f:96:52:0c:c9:9a:03:e2:f5:37:80:dd:c1:57:6f:47:09:a2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 17 00:00:00 2024 GMT
            Not After : Apr 21 23:59:59 2024 GMT
        Subject: serialNumber=21823268e5278e9ad13c442e79fe6e8e68b5755dac36fd2103bf1ed6a230974c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:27:a6:52:28:56:de:6b:3c:89:87:db:d5:5e:
                    2b:25:9c:85:28:85:08:61:f0:23:35:d9:f4:8c:42:
                    d3:48:78:56:f5:5e:18:83:09:03:bd:7a:b7:64:23:
                    b1:77:14:61:c6:51:99:14:30:2a:9b:b8:ff:07:d0:
                    3e:36:e7:95:70:2f:eb:c6:18:22:31:16:f4:3f:be:
                    d1:12:f7:25:68:21:08:9a:8a:60:3f:c6:32:0d:01:
                    69:94:df:d6:02:71:e0:ce:fb:ea:5f:48:04:45:42:
                    ad:4c:4f:c1:f9:64:94:5a:4c:42:b4:b1:b4:07:2a:
                    a3:07:f7:29:76:bf:18:e2:6f:bf:21:2b:ab:38:b7:
                    41:ab:6b:16:c8:27:34:98:db:10:c8:b2:5a:c1:87:
                    fa:b7:02:69:24:f7:87:6d:c0:7f:ad:44:87:2c:7f:
                    ea:40:87:8f:83:47:19:0d:d3:36:2c:44:6b:98:c7:
                    4a:ec:66:6c:e0:92:08:d2:13:10:02:87:fb:c2:66:
                    40:14:01:b3:6a:1d:2d:42:c0:20:72:be:03:ad:c0:
                    9e:20:2b:32:ad:1c:c9:01:5b:b2:2f:1c:3f:47:4e:
                    0f:98:5f:4e:6f:27:26:d4:1f:8c:07:aa:ab:fe:15:
                    de:c3:00:00:a8:ac:2c:68:5e:7f:a0:84:2e:28:b8:
                    59:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:F9:E2:03:22:AA:AE:1D:0F:6D:FC:E3:B7:15:3E:12:A4:25:B8:A9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a8a4716e-e35c-43e8-b418-76aea1445957.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:1b:4f:24:36:a8:ab:ee:be:29:4c:16:89:a3:63:e9:64:2b:
         a7:4a:98:7b:cf:39:7a:7b:ce:8b:01:7e:72:b8:52:94:e9:92:
         7d:22:77:ac:e4:88:d6:ea:d1:10:5c:24:db:fb:08:58:a1:be:
         e4:a0:28:bd:2a:e3:a3:4e:83:be:5f:8a:40:da:c3:4c:d7:47:
         0e:fe:d0:9a:2a:57:03:ac:bd:3c:a6:e6:6e:61:a5:ba:87:fc:
         5f:f0:66:f2:1d:8e:1c:47:43:c3:80:6a:e0:43:f1:b2:ab:cb:
         db:f4:a9:c4:b6:ba:69:c8:a5:9b:cb:28:94:00:0f:eb:3c:49:
         fb:9e:10:db:72:d4:1e:60:38:c2:96:ee:5d:3f:5a:ac:12:c8:
         23:31:53:81:21:05:92:78:79:9c:04:27:5d:5a:e5:8f:44:4b:
         5e:2f:3e:2a:f0:04:1e:f7:6f:f4:20:50:1f:98:b4:8f:39:91:
         8d:85:4a:e1:9f:ac:12:8f:97:c7:fe:54:e4:c7:44:00:87:12:
         7e:ea:e7:57:c1:03:92:2f:42:f5:bc:6a:83:c2:46:a1:65:89:
         6c:88:8a:f2:8a:2f:65:b6:cc:87:a7:b5:d1:2c:ad:e9:b7:8c:
         00:ec:22:5d:a7:d8:3f:a5:9a:fd:22:24:a9:4a:66:ca:16:8e:
         3c:87:4e:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVk+WUgzJmgPi9TeA3cFXb0cJorcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzE3MDAwMDAwWhcNMjQwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTgyMzI2OGU1Mjc4ZTlhZDEzYzQ0MmU3OWZlNmU4ZTY4
YjU3NTVkYWMzNmZkMjEwM2JmMWVkNmEyMzA5NzRjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVJ6ZSKFbeazyJh9vVXislnIUohQhh8CM12fSMQtNIeFb1
XhiDCQO9erdkI7F3FGHGUZkUMCqbuP8H0D4255VwL+vGGCIxFvQ/vtES9yVoIQia
imA/xjINAWmU39YCceDO++pfSARFQq1MT8H5ZJRaTEK0sbQHKqMH9yl2vxjib78h
K6s4t0GraxbIJzSY2xDIslrBh/q3Amkk94dtwH+tRIcsf+pAh4+DRxkN0zYsRGuY
x0rsZmzgkgjSExACh/vCZkAUAbNqHS1CwCByvgOtwJ4gKzKtHMkBW7IvHD9HTg+Y
X05vJybUH4wHqqv+Fd7DAACorCxoXn+ghC4ouFlNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCvniAyKqrh0PbfzjtxU+EqQluKkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E4YTQ3MTZlLWUzNWMtNDNlOC1iNDE4LTc2YWVhMTQ0NTk1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALIbTyQ2qKvuvilMFomjY+lkK6dK
mHvPOXp7zosBfnK4UpTpkn0id6zkiNbq0RBcJNv7CFihvuSgKL0q46NOg75fikDa
w0zXRw7+0JoqVwOsvTym5m5hpbqH/F/wZvIdjhxHQ8OAauBD8bKry9v0qcS2umnI
pZvLKJQAD+s8SfueENty1B5gOMKW7l0/WqwSyCMxU4EhBZJ4eZwEJ11a5Y9ES14v
PirwBB73b/QgUB+YtI85kY2FSuGfrBKPl8f+VOTHRACHEn7q51fBA5IvQvW8aoPC
RqFliWyIivKKL2W2zIentdEsrem3jADsIl2n2D+lmv0iJKlKZsoWjjyHTvs=
-----END CERTIFICATE-----