Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1da33460-07f1-48ac-a919-9982cd52386a.roa
File:                     1da33460-07f1-48ac-a919-9982cd52386a.roa (raw, json)
Hash identifier:          xwanXks8OaGB7cbMVmSm1DRABADj48Gz9pctVOAp8lQ=
Subject key identifier:   F9:6D:3A:EC:1D:E7:A0:D9:C1:E6:24:B7:21:54:E3:E3:CA:6C:48:BB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       724ED4D1545B936D61B415FB8B7584E1FC74CFB3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1da33460-07f1-48ac-a919-9982cd52386a.roa
Signing time:             Sat 12 Aug 2023 00:00:00 +0000
ROA not before:           Sat 12 Aug 2023 00:00:00 +0000
ROA not after:            Sat 16 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:4e:d4:d1:54:5b:93:6d:61:b4:15:fb:8b:75:84:e1:fc:74:cf:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 12 00:00:00 2023 GMT
            Not After : Sep 16 23:59:59 2023 GMT
        Subject: serialNumber=c5c5e504e8fea2bdb120ff9d8ab00d55fba7d8f64b5a291d60aa285479ad947c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:21:c4:4f:91:fb:90:91:b2:c3:ca:9e:28:a9:
                    5b:35:f5:ea:7f:5e:54:58:62:d8:c1:1d:b0:a1:e6:
                    a1:a7:0a:f8:eb:da:bc:6c:49:95:a0:45:a8:cb:1b:
                    c1:6f:64:64:4b:cc:9b:de:67:ed:d3:29:3e:dd:87:
                    d1:65:50:ea:c0:06:b1:c9:33:1d:af:1e:32:c3:8e:
                    b9:eb:25:db:a0:1e:2f:c6:06:37:a5:d3:8a:69:6d:
                    5b:20:db:a8:56:7e:c5:90:9b:5d:cd:dc:99:77:54:
                    37:47:93:9c:c1:0e:75:f6:2f:a8:f0:6c:fc:c8:73:
                    70:44:d3:77:00:f2:73:9f:e7:20:fe:3a:d8:52:14:
                    fc:5d:79:f8:b2:ed:90:5b:8a:87:01:36:08:3d:49:
                    87:f7:eb:b2:dd:b9:25:1d:97:e3:28:e3:7e:d5:4a:
                    01:fb:9e:ef:9f:9a:f2:9c:d2:71:c6:47:5e:79:0c:
                    b0:44:7d:15:01:63:d6:bd:f0:e1:5d:67:12:a4:e6:
                    3b:ba:f3:26:3e:05:6c:fc:e6:c4:09:e7:9f:bb:18:
                    8f:7a:3b:7d:7c:63:c1:c3:31:eb:bf:d4:a2:41:6b:
                    ee:e4:e6:8b:fa:c3:db:81:d8:09:c6:0e:56:d1:48:
                    08:84:72:b8:31:77:9f:4d:09:08:7c:8a:c2:59:6d:
                    76:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:6D:3A:EC:1D:E7:A0:D9:C1:E6:24:B7:21:54:E3:E3:CA:6C:48:BB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1da33460-07f1-48ac-a919-9982cd52386a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:28:f8:36:31:3f:de:9a:04:55:b4:61:9c:fb:10:9c:0d:cf:
         08:b2:4f:9d:c5:0a:c6:49:b4:c9:0c:6b:ec:fe:af:95:ac:af:
         2f:ec:83:91:92:7b:53:3a:e6:ec:6e:e9:f9:29:92:e2:7f:da:
         bf:f9:11:1b:20:4c:dc:53:95:38:24:57:1e:38:20:bf:10:fd:
         fa:cd:cc:d8:c4:5d:34:e0:3d:f4:c9:c4:9b:0c:2a:79:8f:56:
         d3:c8:90:c7:55:11:36:d6:81:45:fa:4b:2f:d1:32:85:a3:72:
         42:b4:14:b2:82:ab:9a:fb:b1:64:b6:79:c9:89:46:88:95:2a:
         37:e0:c8:54:eb:50:c8:5d:cc:59:66:fa:23:75:38:1e:ad:2b:
         ec:22:fc:1e:ef:3c:15:90:00:c9:0a:07:5e:af:94:c6:10:aa:
         3d:e1:9b:3d:4e:01:8a:c7:c9:96:ae:bb:0a:d2:90:f1:83:6a:
         55:5f:1a:f0:2e:93:66:f8:66:fe:2c:01:16:8c:c3:0a:e5:51:
         e6:66:b0:bd:e2:c6:41:c9:dd:39:24:27:91:aa:8c:4e:63:df:
         ef:08:61:4f:ad:bf:32:12:02:80:e6:71:9e:71:27:ea:f5:93:
         b9:54:e5:9b:42:73:47:6e:48:08:e3:9a:20:af:6f:aa:51:9b:
         0c:cd:b5:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUck7U0VRbk21htBX7i3WE4fx0z7MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODEyMDAwMDAwWhcNMjMwOTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNWM1ZTUwNGU4ZmVhMmJkYjEyMGZmOWQ4YWIwMGQ1NWZi
YTdkOGY2NGI1YTI5MWQ2MGFhMjg1NDc5YWQ5NDdjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZIcRPkfuQkbLDyp4oqVs19ep/XlRYYtjBHbCh5qGnCvjr
2rxsSZWgRajLG8FvZGRLzJveZ+3TKT7dh9FlUOrABrHJMx2vHjLDjrnrJdugHi/G
Bjel04ppbVsg26hWfsWQm13N3Jl3VDdHk5zBDnX2L6jwbPzIc3BE03cA8nOf5yD+
OthSFPxdefiy7ZBbiocBNgg9SYf367LduSUdl+Mo437VSgH7nu+fmvKc0nHGR155
DLBEfRUBY9a98OFdZxKk5ju68yY+BWz85sQJ55+7GI96O318Y8HDMeu/1KJBa+7k
5ov6w9uB2AnGDlbRSAiEcrgxd59NCQh8isJZbXa/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+W067B3noNnB5iS3IVTj48psSLswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFkYTMzNDYwLTA3ZjEtNDhhYy1hOTE5LTk5ODJjZDUyMzg2YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABAo+DYxP96aBFW0YZz7EJwNzwiy
T53FCsZJtMkMa+z+r5Wsry/sg5GSe1M65uxu6fkpkuJ/2r/5ERsgTNxTlTgkVx44
IL8Q/frNzNjEXTTgPfTJxJsMKnmPVtPIkMdVETbWgUX6Sy/RMoWjckK0FLKCq5r7
sWS2ecmJRoiVKjfgyFTrUMhdzFlm+iN1OB6tK+wi/B7vPBWQAMkKB16vlMYQqj3h
mz1OAYrHyZauuwrSkPGDalVfGvAuk2b4Zv4sARaMwwrlUeZmsL3ixkHJ3TkkJ5Gq
jE5j3+8IYU+tvzISAoDmcZ5xJ+r1k7lU5ZtCc0duSAjjmiCvb6pRmwzNteo=
-----END CERTIFICATE-----