Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e2ce86a2-21af-4845-9feb-c374ac4b5007.roa
File:                     e2ce86a2-21af-4845-9feb-c374ac4b5007.roa (raw, json)
Hash identifier:          yl7dfuQ28ZG36s+ZxR+BbF0nkfEsH/WfEqQNuWaisys=
Subject key identifier:   7C:BC:86:25:DB:17:26:59:B3:99:DB:58:28:1D:E9:8B:19:2C:59:A2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7CF33C8BD085C05EBD77CDE03550BC9F9CC77864
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e2ce86a2-21af-4845-9feb-c374ac4b5007.roa
Signing time:             Sun 21 Apr 2024 00:00:00 +0000
ROA not before:           Sun 21 Apr 2024 00:00:00 +0000
ROA not after:            Sun 26 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:f3:3c:8b:d0:85:c0:5e:bd:77:cd:e0:35:50:bc:9f:9c:c7:78:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 21 00:00:00 2024 GMT
            Not After : May 26 23:59:59 2024 GMT
        Subject: serialNumber=64fe47b833fdac72d6dc8e225a5865ead14e77e422917751f2e450832a859dd3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:81:3a:74:76:75:52:d6:77:78:5e:db:32:09:
                    1b:73:e0:4e:0b:b2:98:1c:2b:c7:19:ae:53:34:a8:
                    4d:f3:be:83:39:75:28:29:96:28:dc:6e:0f:ba:bd:
                    db:fa:83:8e:31:fc:af:a6:80:d6:dc:6c:37:67:98:
                    7c:a7:8c:3b:c1:90:25:50:7e:fc:4c:bf:85:0b:e2:
                    bb:bb:8d:4c:ec:6c:1c:b0:cb:ac:f3:d9:b5:8d:35:
                    62:94:2f:3e:a7:52:02:19:16:d7:49:61:05:3b:07:
                    af:09:81:f6:4f:e9:c0:80:79:50:62:d9:6e:da:44:
                    33:9c:42:8c:0f:c9:95:a4:71:b6:06:b0:95:e7:75:
                    88:ca:d1:55:08:50:c9:7e:ae:9d:dd:58:8e:c4:2a:
                    19:5b:3f:eb:5c:3f:f3:7a:56:77:86:5f:2f:5a:33:
                    bf:88:34:f6:c4:72:80:70:d3:6a:d2:44:04:26:50:
                    82:52:02:ab:b3:8d:56:d2:4e:26:c3:d3:8e:13:cf:
                    f9:cc:b4:28:be:da:2a:19:93:00:3b:88:bb:55:88:
                    63:9b:a7:43:76:81:09:2b:a1:50:d4:c0:08:40:77:
                    bd:5a:b4:d1:65:a6:ae:75:47:6e:ca:c3:f0:00:4a:
                    69:c1:b9:32:42:f5:9a:ba:29:c5:93:75:59:ab:65:
                    c8:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:BC:86:25:DB:17:26:59:B3:99:DB:58:28:1D:E9:8B:19:2C:59:A2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e2ce86a2-21af-4845-9feb-c374ac4b5007.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:f0:37:50:20:50:5d:63:da:19:05:6f:9b:23:42:23:d6:ba:
         9e:10:87:cb:e6:7f:7d:ba:70:6e:c2:6f:d8:0a:1b:2a:0a:5e:
         f4:03:98:3a:05:a5:22:d0:09:7c:e6:30:0a:3a:70:3d:92:94:
         5d:6f:75:dc:e1:ea:83:23:d7:b7:88:1d:58:53:37:5c:17:79:
         8c:d9:e2:fa:ad:b7:bd:2e:56:e8:cb:78:6d:2e:21:77:4e:26:
         e1:33:e8:79:6e:cd:81:d7:96:af:8c:cc:89:26:ec:fe:fd:f5:
         87:f2:96:39:6c:4e:11:2d:03:5a:91:41:81:54:df:1d:f0:07:
         c0:70:71:d1:b4:04:ca:fb:7d:d1:a7:ae:9a:be:9c:30:71:92:
         10:39:a2:a7:fa:89:cf:6d:36:67:56:1d:92:aa:23:4d:6d:22:
         46:7f:a8:d3:8d:b3:06:1b:2c:ef:6a:35:8b:48:fc:d4:fa:97:
         b0:f0:47:af:35:a0:3d:b3:d3:2f:c1:b2:91:88:e8:d6:f7:47:
         1d:68:e2:c1:94:55:48:99:1c:81:dc:be:80:02:5e:9a:14:10:
         2b:76:cb:5b:ed:fe:68:84:59:18:a5:af:1c:e1:f4:08:41:fb:
         ad:67:94:39:7a:fd:db:bd:84:4f:63:ce:de:47:b4:ff:88:0f:
         ae:4f:41:e1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfPM8i9CFwF69d83gNVC8n5zHeGQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDIxMDAwMDAwWhcNMjQwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NGZlNDdiODMzZmRhYzcyZDZkYzhlMjI1YTU4NjVlYWQx
NGU3N2U0MjI5MTc3NTFmMmU0NTA4MzJhODU5ZGQzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqgTp0dnVS1nd4XtsyCRtz4E4LspgcK8cZrlM0qE3zvoM5
dSgplijcbg+6vdv6g44x/K+mgNbcbDdnmHynjDvBkCVQfvxMv4UL4ru7jUzsbByw
y6zz2bWNNWKULz6nUgIZFtdJYQU7B68JgfZP6cCAeVBi2W7aRDOcQowPyZWkcbYG
sJXndYjK0VUIUMl+rp3dWI7EKhlbP+tcP/N6VneGXy9aM7+INPbEcoBw02rSRAQm
UIJSAquzjVbSTibD044Tz/nMtCi+2ioZkwA7iLtViGObp0N2gQkroVDUwAhAd71a
tNFlpq51R27Kw/AASmnBuTJC9Zq6KcWTdVmrZcg7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfLyGJdsXJlmzmdtYKB3pixksWaIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2UyY2U4NmEyLTIxYWYtNDg0NS05ZmViLWMzNzRhYzRiNTAwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADnwN1AgUF1j2hkFb5sjQiPWup4Q
h8vmf326cG7Cb9gKGyoKXvQDmDoFpSLQCXzmMAo6cD2SlF1vddzh6oMj17eIHVhT
N1wXeYzZ4vqtt70uVujLeG0uIXdOJuEz6HluzYHXlq+MzIkm7P799YfyljlsThEt
A1qRQYFU3x3wB8BwcdG0BMr7fdGnrpq+nDBxkhA5oqf6ic9tNmdWHZKqI01tIkZ/
qNONswYbLO9qNYtI/NT6l7DwR681oD2z0y/BspGI6Nb3Rx1o4sGUVUiZHIHcvoAC
XpoUECt2y1vt/miEWRilrxzh9AhB+61nlDl6/du9hE9jzt5HtP+ID65PQeE=
-----END CERTIFICATE-----