Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e95182be-3862-4c59-b9c8-b746e81040e8.roa
File:                     e95182be-3862-4c59-b9c8-b746e81040e8.roa (raw, json)
Hash identifier:          Y0JPrUNOVPJ1o0lyq02F2PVo8CkOI/l4q4fVLWp7i7g=
Subject key identifier:   DA:12:69:AC:32:CD:C8:C1:86:7B:AE:DE:65:8F:0B:FC:A6:99:23:33
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3E750E2CD3B41EAA46AC8EC750EC292CA03064C4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e95182be-3862-4c59-b9c8-b746e81040e8.roa
Signing time:             Thu 11 Jan 2024 00:00:00 +0000
ROA not before:           Thu 11 Jan 2024 00:00:00 +0000
ROA not after:            Thu 15 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:75:0e:2c:d3:b4:1e:aa:46:ac:8e:c7:50:ec:29:2c:a0:30:64:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 11 00:00:00 2024 GMT
            Not After : Feb 15 23:59:59 2024 GMT
        Subject: serialNumber=8639ec72324f3a4ae4167b225f65abc639d5dc69353f271cfc41f20562868bdf, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fc:a9:f3:1c:5d:50:10:06:8a:b5:d3:53:3a:
                    40:85:78:7e:ae:06:13:e6:da:12:6a:d9:2d:3c:02:
                    d9:92:1e:1b:bf:b0:0c:87:62:9b:6f:b1:b3:d3:e1:
                    da:bc:a5:5a:45:66:6c:0e:56:e6:1c:1f:1c:6b:4b:
                    36:c6:24:6b:39:ef:e4:64:c2:8c:da:b1:81:6e:c4:
                    ff:51:2c:f4:2d:a7:df:32:fb:25:5f:7a:98:26:1c:
                    b2:78:43:e6:73:cd:4e:93:a7:f7:b9:42:e4:54:cf:
                    49:57:c4:e4:19:ef:58:3d:7f:ac:8c:0b:5f:9a:03:
                    59:4a:de:f0:6c:b1:8b:93:b6:d9:35:c1:2f:18:11:
                    28:6c:7f:28:72:c3:a5:14:43:bb:04:53:d2:f4:92:
                    b9:4c:36:15:b9:fe:1b:3e:ac:de:29:a1:f3:e4:7d:
                    b2:9b:5d:5a:4f:2b:db:14:eb:2a:91:8c:be:4d:4d:
                    bf:eb:0c:87:cb:d1:4d:21:0e:10:28:8a:8c:e7:35:
                    a8:72:2c:97:7a:0f:43:57:f6:95:e3:17:3b:3f:e0:
                    de:27:f1:6c:45:99:e8:df:58:2a:52:9f:11:00:a3:
                    d4:74:2d:aa:40:bf:06:27:2b:82:f1:40:de:ca:38:
                    6a:1e:c9:88:11:11:69:3e:95:ec:f7:ee:64:90:e2:
                    39:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:12:69:AC:32:CD:C8:C1:86:7B:AE:DE:65:8F:0B:FC:A6:99:23:33
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e95182be-3862-4c59-b9c8-b746e81040e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:45:36:1f:0c:40:52:dc:44:bd:c7:9f:91:4e:a5:b3:b9:1c:
         e3:ab:7a:3f:1f:5f:a7:5b:bc:7a:f9:37:3e:f5:b5:cc:e5:29:
         83:c8:e8:14:b1:7d:c2:0a:30:9b:5c:e5:e6:a8:72:a1:d2:c5:
         0a:18:6b:65:ad:2d:46:d4:82:5b:68:9f:23:06:01:0b:82:31:
         61:d3:be:6f:91:f1:15:e4:67:2e:aa:48:96:a4:5f:49:7b:9f:
         e2:b6:ab:1b:e7:1e:3f:7c:1b:51:0a:21:47:f3:ba:f3:ee:18:
         ea:f4:2e:11:57:0d:bb:e0:7c:37:2a:f2:0d:fe:2c:bd:fa:44:
         2e:91:69:1b:08:07:1b:6a:ec:c6:ee:8f:f0:da:69:aa:4c:1c:
         78:14:24:b4:17:34:95:dd:5c:ec:5a:34:33:aa:5c:ee:51:96:
         f1:68:b9:05:ef:05:0b:44:e0:5a:58:ba:2a:e0:99:d2:9a:82:
         10:07:a4:6a:fb:d8:e9:0b:e0:a6:e9:75:7f:7c:61:5d:85:6c:
         ad:f6:82:9d:63:2a:41:c2:13:57:9d:75:0d:4d:cf:b2:b4:4c:
         f2:4c:8e:24:80:9e:80:bb:f6:5b:af:b5:d7:37:8d:09:1b:79:
         d8:7b:7f:7a:0f:bc:83:3d:7d:1d:bf:07:0a:34:ad:e4:82:59:
         0b:1c:b9:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPnUOLNO0HqpGrI7HUOwpLKAwZMQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTExMDAwMDAwWhcNMjQwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjM5ZWM3MjMyNGYzYTRhZTQxNjdiMjI1ZjY1YWJjNjM5
ZDVkYzY5MzUzZjI3MWNmYzQxZjIwNTYyODY4YmRmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2/KnzHF1QEAaKtdNTOkCFeH6uBhPm2hJq2S08AtmSHhu/
sAyHYptvsbPT4dq8pVpFZmwOVuYcHxxrSzbGJGs57+RkwozasYFuxP9RLPQtp98y
+yVfepgmHLJ4Q+ZzzU6Tp/e5QuRUz0lXxOQZ71g9f6yMC1+aA1lK3vBssYuTttk1
wS8YEShsfyhyw6UUQ7sEU9L0krlMNhW5/hs+rN4pofPkfbKbXVpPK9sU6yqRjL5N
Tb/rDIfL0U0hDhAoioznNahyLJd6D0NX9pXjFzs/4N4n8WxFmejfWCpSnxEAo9R0
LapAvwYnK4LxQN7KOGoeyYgREWk+lez37mSQ4jk3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2hJprDLNyMGGe67eZY8L/KaZIzMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U5NTE4MmJlLTM4NjItNGM1OS1iOWM4LWI3NDZlODEwNDBlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGBFNh8MQFLcRL3Hn5FOpbO5HOOr
ej8fX6dbvHr5Nz71tczlKYPI6BSxfcIKMJtc5eaocqHSxQoYa2WtLUbUgltonyMG
AQuCMWHTvm+R8RXkZy6qSJakX0l7n+K2qxvnHj98G1EKIUfzuvPuGOr0LhFXDbvg
fDcq8g3+LL36RC6RaRsIBxtq7Mbuj/DaaapMHHgUJLQXNJXdXOxaNDOqXO5RlvFo
uQXvBQtE4FpYuirgmdKaghAHpGr72OkL4KbpdX98YV2FbK32gp1jKkHCE1eddQ1N
z7K0TPJMjiSAnoC79luvtdc3jQkbedh7f3oPvIM9fR2/Bwo0reSCWQscuVQ=
-----END CERTIFICATE-----