Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b9cf3959-c0bc-4886-b521-8683bb3d8653.roa
File:                     b9cf3959-c0bc-4886-b521-8683bb3d8653.roa (raw, json)
Hash identifier:          W3HB3a9KZurEPGwPFirYcRQWl3+Sgb2A9QaGsCWCT2s=
Subject key identifier:   6C:B9:EF:62:B1:47:18:06:C3:E7:BE:51:36:FA:CA:73:56:FC:50:E5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       581579C35877A5CD0A72F4A684EE38B159F6A8E4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b9cf3959-c0bc-4886-b521-8683bb3d8653.roa
Signing time:             Sun 24 Mar 2024 00:00:00 +0000
ROA not before:           Sun 24 Mar 2024 00:00:00 +0000
ROA not after:            Sun 28 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:15:79:c3:58:77:a5:cd:0a:72:f4:a6:84:ee:38:b1:59:f6:a8:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 24 00:00:00 2024 GMT
            Not After : Apr 28 23:59:59 2024 GMT
        Subject: serialNumber=c27692e24104254b9507260a59f4c526c525a92602fe8802dc0a20cadef231a6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cf:2f:bb:e2:db:27:f4:0a:b6:5d:6d:8f:ac:
                    0e:15:e0:6c:08:30:dc:0e:c6:d8:14:e2:8d:71:02:
                    d1:2a:2e:95:43:08:d4:36:3f:4b:dc:61:9e:5b:0b:
                    8a:7a:32:df:71:e2:be:ab:42:43:ae:a3:18:22:64:
                    72:00:57:00:d2:7f:4e:b9:15:d7:a2:63:c4:39:3e:
                    0d:b9:dc:de:c0:38:9d:91:ec:6e:7a:08:6e:d8:03:
                    23:0a:e3:6f:fc:34:e1:4f:15:f2:20:37:f2:f3:81:
                    eb:a9:3d:c7:a5:ad:47:e8:3b:98:fc:8d:e5:e5:bf:
                    8e:ac:f5:fa:56:89:f3:9a:44:09:58:86:79:9e:88:
                    9d:ab:d4:a4:92:65:90:fc:d1:56:68:ed:ea:e5:73:
                    a1:a8:6f:5c:ea:e9:75:ec:06:17:59:29:ee:d7:df:
                    76:c0:46:1a:78:b8:1b:56:6d:75:04:04:4b:6b:4d:
                    ce:87:77:e4:ee:5f:af:8f:62:c0:d5:50:22:12:d5:
                    29:6d:fe:aa:2a:45:ca:99:66:7c:ad:98:ff:7c:1e:
                    9e:1b:43:17:c1:b7:d9:17:f4:1e:d8:43:90:b9:7e:
                    83:61:9a:5f:30:27:a0:74:a9:b2:ab:96:8d:2b:f8:
                    91:f8:3d:5c:c7:cb:85:44:a2:f4:58:89:a5:40:37:
                    a8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:B9:EF:62:B1:47:18:06:C3:E7:BE:51:36:FA:CA:73:56:FC:50:E5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b9cf3959-c0bc-4886-b521-8683bb3d8653.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:4c:ad:e1:2a:44:88:a8:4f:c8:b9:39:f9:d7:c2:b5:38:42:
         81:9a:6e:29:cb:71:a0:e6:45:49:a0:90:b7:21:52:14:da:14:
         dd:8b:d2:a6:9a:ef:53:e9:24:ef:ca:7e:68:cf:76:31:8d:85:
         a0:07:37:6b:cf:24:2d:48:49:d6:9b:3f:2a:aa:03:a2:74:ea:
         51:0d:24:0a:39:58:4e:2e:60:7d:e7:bf:14:39:b3:03:12:79:
         81:7c:3d:82:6b:cf:40:ca:e6:b3:b9:4b:4d:dc:b5:b9:5c:16:
         9d:a7:50:4d:b1:c7:b0:50:c4:75:9e:74:62:24:ad:a2:7d:bb:
         c0:bd:b3:f5:c3:3b:23:50:fc:0e:2b:db:7a:04:82:ff:66:9b:
         e6:ca:0e:a3:7f:39:38:64:37:6e:47:98:d8:97:cb:73:db:9c:
         bb:77:53:a8:3d:e8:e2:d3:56:ac:66:87:9a:a6:87:61:c6:9b:
         97:f2:87:06:87:83:24:81:c8:78:88:ec:4a:eb:31:2b:3a:f5:
         53:4a:07:bc:9b:de:d9:9d:4d:f2:5c:39:5e:a1:33:5f:2e:58:
         7e:f8:be:d5:35:ab:f0:5c:e4:1f:33:e5:04:a2:43:99:74:2a:
         38:7e:17:94:ad:d4:a3:c3:af:f9:ba:f9:7e:fd:f2:34:3e:e6:
         79:99:d1:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWBV5w1h3pc0KcvSmhO44sVn2qOQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzI0MDAwMDAwWhcNMjQwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMjc2OTJlMjQxMDQyNTRiOTUwNzI2MGE1OWY0YzUyNmM1
MjVhOTI2MDJmZTg4MDJkYzBhMjBjYWRlZjIzMWE2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwzy+74tsn9Aq2XW2PrA4V4GwIMNwOxtgU4o1xAtEqLpVD
CNQ2P0vcYZ5bC4p6Mt9x4r6rQkOuoxgiZHIAVwDSf065FdeiY8Q5Pg253N7AOJ2R
7G56CG7YAyMK42/8NOFPFfIgN/LzgeupPcelrUfoO5j8jeXlv46s9fpWifOaRAlY
hnmeiJ2r1KSSZZD80VZo7erlc6Gob1zq6XXsBhdZKe7X33bARhp4uBtWbXUEBEtr
Tc6Hd+TuX6+PYsDVUCIS1Slt/qoqRcqZZnytmP98Hp4bQxfBt9kX9B7YQ5C5foNh
ml8wJ6B0qbKrlo0r+JH4PVzHy4VEovRYiaVAN6gDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbLnvYrFHGAbD575RNvrKc1b8UOUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I5Y2YzOTU5LWMwYmMtNDg4Ni1iNTIxLTg2ODNiYjNkODY1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKZMreEqRIioT8i5OfnXwrU4QoGa
binLcaDmRUmgkLchUhTaFN2L0qaa71PpJO/KfmjPdjGNhaAHN2vPJC1ISdabPyqq
A6J06lENJAo5WE4uYH3nvxQ5swMSeYF8PYJrz0DK5rO5S03ctblcFp2nUE2xx7BQ
xHWedGIkraJ9u8C9s/XDOyNQ/A4r23oEgv9mm+bKDqN/OThkN25HmNiXy3PbnLt3
U6g96OLTVqxmh5qmh2HGm5fyhwaHgySByHiI7ErrMSs69VNKB7yb3tmdTfJcOV6h
M18uWH74vtU1q/Bc5B8z5QSiQ5l0Kjh+F5St1KPDr/m6+X798jQ+5nmZ0Sc=
-----END CERTIFICATE-----