Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9aecd8cb-cd93-4c0c-8fc6-73e22882db91.roa
File:                     9aecd8cb-cd93-4c0c-8fc6-73e22882db91.roa (raw, json)
Hash identifier:          DgT/B7WVhZsPf/YtauDJiTSMfnS3YL0GHbrmjJBO8nA=
Subject key identifier:   16:14:B5:30:3A:66:55:59:34:23:29:5C:C3:8F:FD:CD:AA:34:83:00
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       44F9B9D5D734C28D5E6768414F9604DF435C4958
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9aecd8cb-cd93-4c0c-8fc6-73e22882db91.roa
Signing time:             Sun 31 Mar 2024 00:00:00 +0000
ROA not before:           Sun 31 Mar 2024 00:00:00 +0000
ROA not after:            Sun 05 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:f9:b9:d5:d7:34:c2:8d:5e:67:68:41:4f:96:04:df:43:5c:49:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 31 00:00:00 2024 GMT
            Not After : May  5 23:59:59 2024 GMT
        Subject: serialNumber=2ddaa30ddd5e246c511767f2aec01c6db96a042ff76e6437bb47ce6c5fd48b89, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e8:9b:49:2f:3b:4c:61:2e:4a:99:ed:f6:0b:
                    67:32:92:b2:67:ff:77:41:83:41:c8:97:92:fe:07:
                    ba:39:6c:ce:49:b2:59:86:aa:ed:6e:23:47:c5:b6:
                    fa:7b:de:1c:ec:16:37:ae:37:6a:81:d1:f7:9c:f0:
                    ec:ea:72:15:db:4d:3e:a7:56:b5:7b:49:f7:91:5f:
                    72:54:2e:d3:6e:aa:6c:50:37:af:3c:0f:d7:03:2f:
                    99:17:51:55:dc:7b:af:a7:01:3b:d6:1b:6d:94:79:
                    42:6e:e8:82:b4:e8:93:9b:99:9d:59:2c:35:8a:95:
                    47:93:b1:0d:10:cc:58:eb:77:14:94:56:be:48:bb:
                    00:7d:3c:32:bb:83:a1:65:f2:e7:3c:99:6d:a8:15:
                    04:df:ca:08:81:37:e6:5f:78:b7:dc:2b:61:f5:86:
                    6f:4d:86:61:30:6f:dd:ba:bb:e9:e4:f9:d3:0e:c9:
                    5e:c7:a5:70:88:0f:e4:eb:15:d5:de:db:f5:d2:ad:
                    3e:85:c8:6e:40:54:25:be:e6:0d:6e:f2:ff:2d:f8:
                    43:37:f1:19:01:02:e4:d7:e1:0d:0b:d9:96:dc:8f:
                    c7:7d:af:fa:92:0d:a6:52:8e:a3:e8:80:c8:75:ea:
                    f8:31:47:df:2c:97:48:6f:b7:34:8c:0b:72:82:e1:
                    a9:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:14:B5:30:3A:66:55:59:34:23:29:5C:C3:8F:FD:CD:AA:34:83:00
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9aecd8cb-cd93-4c0c-8fc6-73e22882db91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:af:39:03:2d:c1:a4:10:a3:b8:cc:3b:ef:c5:ab:dd:65:d4:
         a9:87:32:20:94:aa:b2:bd:e0:53:1d:fc:4f:98:9c:45:82:62:
         09:b9:85:85:57:93:82:e1:fc:2d:14:19:39:46:43:63:fe:18:
         07:56:8b:70:17:ea:ae:b6:c6:b1:53:6b:b5:75:67:79:e9:1e:
         38:37:f9:80:c8:7b:e0:ea:10:3d:59:aa:b7:fb:ae:eb:13:42:
         d5:59:56:f7:29:da:7c:fc:ac:f2:10:85:54:53:dc:50:b7:fc:
         78:c3:9f:2a:90:de:58:a3:78:40:58:85:6d:d7:44:98:6f:0a:
         f4:9e:42:05:cf:ae:e1:89:c8:cb:ea:fc:97:00:19:04:ea:df:
         db:50:54:09:a9:49:c5:c5:f9:77:8e:bd:e4:0e:28:ba:10:e9:
         b4:08:80:a6:c3:57:29:2c:c8:5a:a7:77:61:75:02:92:83:4d:
         f7:db:34:03:b8:71:99:06:18:37:0d:62:26:50:6b:4e:ca:b2:
         90:05:9b:67:1c:ce:2d:cd:45:d8:1c:a7:19:c0:36:2d:26:a4:
         6e:ee:e9:06:94:95:e0:1e:dd:d8:e0:15:dc:67:16:f6:78:14:
         5f:54:c2:c9:2b:7e:47:d7:8b:33:0b:fd:07:29:16:7a:28:e7:
         ae:d9:a7:c8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURPm51dc0wo1eZ2hBT5YE30NcSVgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzMxMDAwMDAwWhcNMjQwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZGRhYTMwZGRkNWUyNDZjNTExNzY3ZjJhZWMwMWM2ZGI5
NmEwNDJmZjc2ZTY0MzdiYjQ3Y2U2YzVmZDQ4Yjg5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC56JtJLztMYS5Kme32C2cykrJn/3dBg0HIl5L+B7o5bM5J
slmGqu1uI0fFtvp73hzsFjeuN2qB0fec8OzqchXbTT6nVrV7SfeRX3JULtNuqmxQ
N688D9cDL5kXUVXce6+nATvWG22UeUJu6IK06JObmZ1ZLDWKlUeTsQ0QzFjrdxSU
Vr5IuwB9PDK7g6Fl8uc8mW2oFQTfygiBN+ZfeLfcK2H1hm9NhmEwb926u+nk+dMO
yV7HpXCID+TrFdXe2/XSrT6FyG5AVCW+5g1u8v8t+EM38RkBAuTX4Q0L2Zbcj8d9
r/qSDaZSjqPogMh16vgxR98sl0hvtzSMC3KC4amjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFhS1MDpmVVk0Iylcw4/9zao0gwAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlhZWNkOGNiLWNkOTMtNGMwYy04ZmM2LTczZTIyODgyZGI5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ2vOQMtwaQQo7jMO+/Fq91l1KmH
MiCUqrK94FMd/E+YnEWCYgm5hYVXk4Lh/C0UGTlGQ2P+GAdWi3AX6q62xrFTa7V1
Z3npHjg3+YDIe+DqED1Zqrf7rusTQtVZVvcp2nz8rPIQhVRT3FC3/HjDnyqQ3lij
eEBYhW3XRJhvCvSeQgXPruGJyMvq/JcAGQTq39tQVAmpScXF+XeOveQOKLoQ6bQI
gKbDVyksyFqnd2F1ApKDTffbNAO4cZkGGDcNYiZQa07KspAFm2cczi3NRdgcpxnA
Ni0mpG7u6QaUleAe3djgFdxnFvZ4FF9UwskrfkfXizML/QcpFnoo567Zp8g=
-----END CERTIFICATE-----