Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aeef7c2b-bc5e-48da-ac56-63d4026b145b.roa
File:                     aeef7c2b-bc5e-48da-ac56-63d4026b145b.roa (raw, json)
Hash identifier:          uAAX0OLngky39BeFW3GZXe0eHH+4fbgrRzsH/UKMSoQ=
Subject key identifier:   D0:C1:CF:85:48:BC:66:13:C0:E6:10:98:5E:B4:38:DA:A2:A1:44:21
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7CCA393938A667F86486CF6E4501771EADAAB739
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aeef7c2b-bc5e-48da-ac56-63d4026b145b.roa
Signing time:             Sat 23 Mar 2024 00:00:00 +0000
ROA not before:           Sat 23 Mar 2024 00:00:00 +0000
ROA not after:            Sat 27 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:ca:39:39:38:a6:67:f8:64:86:cf:6e:45:01:77:1e:ad:aa:b7:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 23 00:00:00 2024 GMT
            Not After : Apr 27 23:59:59 2024 GMT
        Subject: serialNumber=9fb006a757b5e22ae9e81c200a9a67c880e4e223e7110ca7d6f2a6a7d059453a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:78:5b:e8:f0:f9:6f:92:82:8b:43:45:ce:69:
                    a6:c3:eb:aa:26:ab:ea:b6:51:f4:16:ae:d2:1a:e7:
                    8b:51:dd:f8:b9:aa:c2:5a:7f:aa:ad:ed:2f:d6:70:
                    fe:b6:02:5b:e3:d9:86:3b:45:74:c7:9c:15:6f:12:
                    ac:95:76:85:2f:e7:2e:89:30:d4:e5:ec:34:8b:2e:
                    87:66:d3:17:06:10:61:40:e2:af:3d:4e:d2:e1:cc:
                    16:72:04:64:32:ab:25:8a:68:d7:bd:27:31:59:61:
                    26:ae:c5:8d:30:ed:ce:9d:36:32:9e:99:a7:b5:66:
                    35:e7:f8:9f:1e:0e:06:00:ee:9b:58:17:cc:de:63:
                    75:1d:65:11:85:40:ef:5b:19:88:5e:47:59:8a:b2:
                    18:47:3d:c2:3e:f3:f9:8e:5b:91:ad:54:f8:9b:eb:
                    cf:e5:a4:c0:4b:ae:66:5c:94:65:3d:0e:d9:67:e6:
                    1a:13:22:5c:cc:b7:6d:0c:09:80:ee:50:49:10:ef:
                    4c:a0:72:df:e9:df:9e:8a:64:2e:22:1c:70:bd:cc:
                    9a:14:48:9b:90:68:cc:78:4c:d8:4c:8f:83:13:d3:
                    52:d4:d0:06:53:82:25:5c:23:6a:13:6d:40:2a:af:
                    e9:ad:94:77:66:60:24:3e:ba:35:d6:c0:64:d1:4d:
                    9b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:C1:CF:85:48:BC:66:13:C0:E6:10:98:5E:B4:38:DA:A2:A1:44:21
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aeef7c2b-bc5e-48da-ac56-63d4026b145b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:16:c2:a0:21:9f:36:ab:54:69:41:d6:9d:fa:d7:03:7c:ba:
         8d:19:26:5b:18:db:d2:98:5e:5e:9e:2f:35:9e:e0:cf:27:32:
         91:49:90:32:f6:b1:e5:48:32:ad:31:e9:df:8d:14:bd:00:5c:
         59:bb:7b:46:77:56:3c:0f:96:d5:88:fe:4e:d8:6f:2c:cb:07:
         a3:29:31:57:98:18:89:25:c5:0d:b7:6c:3e:b7:d7:39:67:2e:
         c2:4e:cf:28:83:b5:ca:1a:79:22:7c:e4:c1:9c:b5:a5:ca:71:
         63:c9:5b:ce:6c:9f:d2:85:e4:f9:96:87:57:7c:79:f1:70:04:
         5a:79:87:98:5d:b9:99:a1:42:9b:be:5c:63:05:27:87:67:44:
         10:c5:28:f1:a8:f3:25:26:36:5a:69:13:b5:5c:48:4c:e3:a8:
         4b:12:84:9f:7e:bb:cf:ff:75:27:47:1a:ea:90:c4:30:3a:dc:
         b1:da:cd:f6:cc:d9:a4:98:d4:2a:b6:f5:99:e9:49:09:73:af:
         2a:7e:79:9c:eb:ee:f2:39:84:02:27:16:33:a8:41:75:1c:1e:
         68:9b:8d:f6:de:48:85:d0:7f:03:b9:25:f6:28:12:a9:cd:d1:
         ef:2e:2e:fc:a3:15:d1:80:7d:b6:30:4a:3b:d6:2c:16:1d:52:
         46:63:f0:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfMo5OTimZ/hkhs9uRQF3Hq2qtzkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzIzMDAwMDAwWhcNMjQwNDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZmIwMDZhNzU3YjVlMjJhZTllODFjMjAwYTlhNjdjODgw
ZTRlMjIzZTcxMTBjYTdkNmYyYTZhN2QwNTk0NTNhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDreFvo8PlvkoKLQ0XOaabD66omq+q2UfQWrtIa54tR3fi5
qsJaf6qt7S/WcP62Alvj2YY7RXTHnBVvEqyVdoUv5y6JMNTl7DSLLodm0xcGEGFA
4q89TtLhzBZyBGQyqyWKaNe9JzFZYSauxY0w7c6dNjKemae1ZjXn+J8eDgYA7ptY
F8zeY3UdZRGFQO9bGYheR1mKshhHPcI+8/mOW5GtVPib68/lpMBLrmZclGU9Dtln
5hoTIlzMt20MCYDuUEkQ70ygct/p356KZC4iHHC9zJoUSJuQaMx4TNhMj4MT01LU
0AZTgiVcI2oTbUAqr+mtlHdmYCQ+ujXWwGTRTZvtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0MHPhUi8ZhPA5hCYXrQ42qKhRCEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FlZWY3YzJiLWJjNWUtNDhkYS1hYzU2LTYzZDQwMjZiMTQ1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC4WwqAhnzarVGlB1p361wN8uo0Z
JlsY29KYXl6eLzWe4M8nMpFJkDL2seVIMq0x6d+NFL0AXFm7e0Z3VjwPltWI/k7Y
byzLB6MpMVeYGIklxQ23bD631zlnLsJOzyiDtcoaeSJ85MGctaXKcWPJW85sn9KF
5PmWh1d8efFwBFp5h5hduZmhQpu+XGMFJ4dnRBDFKPGo8yUmNlppE7VcSEzjqEsS
hJ9+u8//dSdHGuqQxDA63LHazfbM2aSY1Cq29ZnpSQlzryp+eZzr7vI5hAInFjOo
QXUcHmibjfbeSIXQfwO5JfYoEqnN0e8uLvyjFdGAfbYwSjvWLBYdUkZj8Js=
-----END CERTIFICATE-----