Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0620a2bd-d90a-4543-9bf0-4b896bc6f655.roa
File:                     0620a2bd-d90a-4543-9bf0-4b896bc6f655.roa (raw, json)
Hash identifier:          zpZpl+eR9P1xLmx+pWs5qeVhyNm7YsVW5tuhAXB1oDM=
Subject key identifier:   9F:4C:FD:D1:E7:41:67:E4:60:B6:AB:F2:E7:CC:AD:63:3C:58:CD:54
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       675B733070F2D34C230D12E473ECB8C6810BED43
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0620a2bd-d90a-4543-9bf0-4b896bc6f655.roa
Signing time:             Sat 19 Aug 2023 00:00:00 +0000
ROA not before:           Sat 19 Aug 2023 00:00:00 +0000
ROA not after:            Sat 23 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:5b:73:30:70:f2:d3:4c:23:0d:12:e4:73:ec:b8:c6:81:0b:ed:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 19 00:00:00 2023 GMT
            Not After : Sep 23 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:56:58:44:c1:7b:5d:e2:b2:c6:db:77:e9:89:
                    59:c9:2f:97:ea:29:86:fd:df:5d:9a:23:70:d2:f9:
                    b1:d3:94:3f:72:1a:01:e5:00:6d:82:37:1a:80:b6:
                    fa:31:e3:8d:46:0e:a5:f5:61:ad:86:d4:a1:71:a7:
                    de:93:55:3c:4c:8f:0f:b3:16:0d:83:08:3e:50:de:
                    e3:39:64:c2:d2:c6:ae:eb:24:a9:45:32:2c:93:77:
                    ab:1f:9a:4c:c5:53:7f:c4:a5:74:9e:06:f3:f8:c1:
                    40:6e:e2:f2:16:22:95:ab:85:a1:7e:98:20:b5:f5:
                    78:bf:6e:60:fc:ed:7d:ea:f1:ae:ff:3b:94:e6:d0:
                    4d:44:43:3f:dd:b3:44:67:67:bb:6e:a3:8c:4d:65:
                    fa:a7:b5:15:52:f4:fc:22:91:d0:4c:93:f8:75:f1:
                    ae:4d:9e:76:3f:c5:d1:f3:d8:7b:77:46:4e:9b:f7:
                    10:8b:2a:9c:4a:0c:e2:5e:5b:1a:5d:5b:56:4c:b6:
                    8e:52:a9:9f:6f:64:10:77:2a:5b:fb:59:68:e5:b6:
                    e1:fb:98:3b:ac:f7:4d:cd:b5:94:a3:63:c5:93:b6:
                    b4:21:a3:60:9c:a2:e9:6c:c0:95:d5:8e:80:9f:3e:
                    e3:95:16:85:88:df:46:5b:26:03:63:d2:8c:be:38:
                    be:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:4C:FD:D1:E7:41:67:E4:60:B6:AB:F2:E7:CC:AD:63:3C:58:CD:54
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0620a2bd-d90a-4543-9bf0-4b896bc6f655.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:05:ad:47:48:1c:22:48:d7:8d:f6:c9:39:c0:60:32:de:1d:
         31:b5:c7:15:88:8e:0a:88:c0:5a:a1:ce:5e:f1:f6:00:1f:53:
         59:aa:08:5d:8f:aa:27:c9:b6:f8:ce:a3:d8:0d:7e:a7:08:50:
         68:ef:0b:4e:f9:06:49:63:56:b8:18:1b:2f:a4:08:ce:5b:06:
         51:98:e0:0a:0d:de:e7:67:54:b4:7e:b7:01:9c:67:bf:65:99:
         4f:e8:8d:e9:07:c9:13:f3:dc:7d:61:8d:55:01:83:9a:12:43:
         3b:83:3b:fa:53:6a:72:0e:1d:66:5d:65:c6:14:c5:ce:da:48:
         36:13:31:8c:9f:46:bd:0f:08:39:7f:81:65:33:ad:72:ee:49:
         cd:04:cf:27:ce:a4:2e:7f:09:13:c6:42:08:c4:b2:a2:6f:e8:
         b5:f2:b6:ca:e2:82:4c:17:83:c9:c7:6c:f7:2f:eb:f1:2c:64:
         93:f8:34:d6:de:52:99:6d:72:82:b3:76:a8:aa:54:81:d1:b9:
         20:19:64:cc:5d:82:db:17:92:ee:47:52:5a:0b:18:ce:cd:6a:
         ff:06:b7:3e:1f:05:d3:60:23:64:c3:66:60:36:a1:eb:3e:fc:
         87:2d:dd:8c:eb:ba:22:17:d0:04:cc:4d:81:cb:2b:51:bf:1d:
         bf:61:78:ab
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ1tzMHDy00wjDRLkc+y4xoEL7UMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE5MDAwMDAwWhcNMjMwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmOGE2YjE0YjcxOGQ1MDA1YTVjOWZjZmIwZWUxMzc2YTVk
MGVlYzU5YTNkZTg1NDJmODQyY2I5ODUzZjhmMTRhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmVlhEwXtd4rLG23fpiVnJL5fqKYb9312aI3DS+bHTlD9y
GgHlAG2CNxqAtvox441GDqX1Ya2G1KFxp96TVTxMjw+zFg2DCD5Q3uM5ZMLSxq7r
JKlFMiyTd6sfmkzFU3/EpXSeBvP4wUBu4vIWIpWrhaF+mCC19Xi/bmD87X3q8a7/
O5Tm0E1EQz/ds0RnZ7tuo4xNZfqntRVS9PwikdBMk/h18a5NnnY/xdHz2Ht3Rk6b
9xCLKpxKDOJeWxpdW1ZMto5SqZ9vZBB3Klv7WWjltuH7mDus903NtZSjY8WTtrQh
o2CcoulswJXVjoCfPuOVFoWI30ZbJgNj0oy+OL4VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUn0z90edBZ+Rgtqvy58ytYzxYzVQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA2MjBhMmJkLWQ5MGEtNDU0My05YmYwLTRiODk2YmM2ZjY1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACoFrUdIHCJI1432yTnAYDLeHTG1
xxWIjgqIwFqhzl7x9gAfU1mqCF2PqifJtvjOo9gNfqcIUGjvC075BkljVrgYGy+k
CM5bBlGY4AoN3udnVLR+twGcZ79lmU/ojekHyRPz3H1hjVUBg5oSQzuDO/pTanIO
HWZdZcYUxc7aSDYTMYyfRr0PCDl/gWUzrXLuSc0EzyfOpC5/CRPGQgjEsqJv6LXy
tsrigkwXg8nHbPcv6/EsZJP4NNbeUpltcoKzdqiqVIHRuSAZZMxdgtsXku5HUloL
GM7Nav8Gtz4fBdNgI2TDZmA2oes+/Ict3YzruiIX0ATMTYHLK1G/Hb9heKs=
-----END CERTIFICATE-----