Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/37d6931f-7bf5-4121-ba7e-48fc4777e83b.roa
File:                     37d6931f-7bf5-4121-ba7e-48fc4777e83b.roa (raw, json)
Hash identifier:          LRwZgNlPNqhdDUf/Nel1fEr3+YE2bHAm3hNhiuIPp24=
Subject key identifier:   7C:E9:D0:56:C4:03:A5:2A:DA:87:B6:48:6E:9D:DC:91:09:15:ED:9D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5BA2DB8C47874FDD9036F77E119DE85DB04D3487
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/37d6931f-7bf5-4121-ba7e-48fc4777e83b.roa
Signing time:             Mon 25 Mar 2024 00:00:00 +0000
ROA not before:           Mon 25 Mar 2024 00:00:00 +0000
ROA not after:            Mon 29 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:a2:db:8c:47:87:4f:dd:90:36:f7:7e:11:9d:e8:5d:b0:4d:34:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 25 00:00:00 2024 GMT
            Not After : Apr 29 23:59:59 2024 GMT
        Subject: serialNumber=0bc4989550e8c2a5e58d668f2ffc9f853a029856130b4395959d8f34c288ea58, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:13:27:d9:a7:8f:4c:bd:5e:3b:64:0b:dc:b2:
                    49:b5:74:10:a4:8a:89:9f:42:67:11:04:c1:6a:48:
                    e2:94:68:06:f2:07:90:29:54:50:d5:7f:f9:c2:db:
                    86:32:54:51:25:53:3a:ea:f5:54:78:e0:db:ae:40:
                    42:81:70:5f:90:8e:e0:b9:50:89:7f:d1:6e:7f:26:
                    8e:4f:28:45:f9:5f:c0:70:d7:c7:38:23:ab:a7:7b:
                    65:bc:45:17:c9:8d:62:a6:f0:28:16:ed:c9:92:bc:
                    86:ba:ab:bc:fd:5f:16:6b:97:0b:6e:db:e1:30:ad:
                    b1:81:f3:e5:d8:c3:37:42:5d:4f:f3:6c:5a:cd:e2:
                    12:64:53:d4:fd:b3:58:34:e0:0f:e6:c6:07:1f:86:
                    53:a2:09:f2:ad:37:7a:7e:da:83:13:96:a7:24:47:
                    6a:69:7f:c8:49:d0:b8:91:19:e0:e3:ce:91:fd:aa:
                    c2:18:11:98:ce:be:70:c4:74:81:cf:37:98:77:15:
                    02:b0:3d:88:c7:88:f1:d4:df:e5:dc:59:22:50:76:
                    3e:55:74:c5:42:6e:bc:30:7e:a4:01:6a:39:51:62:
                    2b:85:b5:85:bc:96:35:9a:d8:b3:18:b6:2f:d6:51:
                    3b:32:df:80:50:7b:a4:a0:9e:79:cb:7a:3c:5b:1b:
                    41:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:E9:D0:56:C4:03:A5:2A:DA:87:B6:48:6E:9D:DC:91:09:15:ED:9D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/37d6931f-7bf5-4121-ba7e-48fc4777e83b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:cf:20:11:d6:64:c6:f8:90:94:b7:27:33:75:49:7d:1c:76:
         16:4a:fd:67:32:9a:e1:f3:fa:45:68:15:8d:8c:50:d2:bf:d1:
         cf:3b:e6:fc:2e:73:47:95:25:a1:7e:40:d5:6c:af:d1:9b:6e:
         f1:29:a7:aa:60:7f:f5:97:87:00:ff:08:00:f6:2d:4c:02:f6:
         89:66:10:2c:48:b9:aa:f5:c1:38:84:c8:82:ab:72:ac:33:2d:
         92:95:e2:ff:ba:71:fb:30:ea:76:8a:cf:60:62:c4:0c:3d:5c:
         6e:91:07:76:58:84:83:16:ab:2a:81:bc:b0:21:55:38:bf:b8:
         05:d9:ea:62:a0:5c:66:e7:82:fd:7d:2f:3e:c8:6e:9e:02:2c:
         30:72:12:7b:10:b7:ed:79:98:fc:06:1f:0b:68:5d:82:62:d7:
         fb:04:4d:f5:a7:4f:e5:53:1d:20:99:d8:41:96:eb:68:31:7a:
         c7:e1:83:f4:70:5d:cb:e7:ea:ee:82:d5:25:92:5f:b3:16:0d:
         a8:96:6a:53:4d:cb:a8:49:dd:d6:11:02:38:ed:87:6c:93:79:
         f7:83:99:44:8d:2e:70:c2:c0:7a:78:8a:bb:2a:01:a4:de:51:
         b9:31:54:73:5a:39:30:0c:fd:ee:a5:c0:a7:c6:e2:8e:34:48:
         0a:bd:55:70
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW6LbjEeHT92QNvd+EZ3oXbBNNIcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzI1MDAwMDAwWhcNMjQwNDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYmM0OTg5NTUwZThjMmE1ZTU4ZDY2OGYyZmZjOWY4NTNh
MDI5ODU2MTMwYjQzOTU5NTlkOGYzNGMyODhlYTU4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDiEyfZp49MvV47ZAvcskm1dBCkiomfQmcRBMFqSOKUaAby
B5ApVFDVf/nC24YyVFElUzrq9VR44NuuQEKBcF+QjuC5UIl/0W5/Jo5PKEX5X8Bw
18c4I6une2W8RRfJjWKm8CgW7cmSvIa6q7z9XxZrlwtu2+EwrbGB8+XYwzdCXU/z
bFrN4hJkU9T9s1g04A/mxgcfhlOiCfKtN3p+2oMTlqckR2ppf8hJ0LiRGeDjzpH9
qsIYEZjOvnDEdIHPN5h3FQKwPYjHiPHU3+XcWSJQdj5VdMVCbrwwfqQBajlRYiuF
tYW8ljWa2LMYti/WUTsy34BQe6SgnnnLejxbG0GTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfOnQVsQDpSrah7ZIbp3ckQkV7Z0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM3ZDY5MzFmLTdiZjUtNDEyMS1iYTdlLTQ4ZmM0Nzc3ZTgzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAzPIBHWZMb4kJS3JzN1SX0cdhZK
/WcymuHz+kVoFY2MUNK/0c875vwuc0eVJaF+QNVsr9GbbvEpp6pgf/WXhwD/CAD2
LUwC9olmECxIuar1wTiEyIKrcqwzLZKV4v+6cfsw6naKz2BixAw9XG6RB3ZYhIMW
qyqBvLAhVTi/uAXZ6mKgXGbngv19Lz7Ibp4CLDByEnsQt+15mPwGHwtoXYJi1/sE
TfWnT+VTHSCZ2EGW62gxesfhg/RwXcvn6u6C1SWSX7MWDaiWalNNy6hJ3dYRAjjt
h2yTefeDmUSNLnDCwHp4irsqAaTeUbkxVHNaOTAM/e6lwKfG4o40SAq9VXA=
-----END CERTIFICATE-----