Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2e709d51-9e26-4d94-ab28-598e3c397a0c.roa
File:                     2e709d51-9e26-4d94-ab28-598e3c397a0c.roa (raw, json)
Hash identifier:          7HBi5WkHx5tIl7h6gFSub6fH5RB8ZCvFxsiafYhCQjg=
Subject key identifier:   70:86:81:42:FB:14:B1:71:78:7C:55:05:1A:9D:E9:A0:E1:9D:02:0E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7CFA4C5F397170C6D3C3831B51F874EAC6A6460C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2e709d51-9e26-4d94-ab28-598e3c397a0c.roa
Signing time:             Wed 01 Nov 2023 00:00:00 +0000
ROA not before:           Wed 01 Nov 2023 00:00:00 +0000
ROA not after:            Wed 06 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:fa:4c:5f:39:71:70:c6:d3:c3:83:1b:51:f8:74:ea:c6:a6:46:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  1 00:00:00 2023 GMT
            Not After : Dec  6 23:59:59 2023 GMT
        Subject: serialNumber=2adf29d84cfd06dc86c55fbd08163417f5eed1924511c757ce3d22612ca38467, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0d:c3:28:2f:f1:df:90:bf:2a:3f:9f:fd:c6:
                    fa:d6:89:d2:01:ae:3e:a3:34:b2:b7:9c:ce:9b:55:
                    0b:11:02:f1:87:f4:28:a2:2c:03:03:c5:0d:a3:04:
                    90:1a:3e:49:ee:59:b3:35:0b:4f:4e:7e:76:be:61:
                    c9:ae:c0:83:64:fd:64:8a:fa:e7:ed:ba:19:8b:f6:
                    f4:ad:28:c1:0f:60:cc:17:94:36:cb:4c:58:7f:20:
                    21:fc:91:d0:35:27:dd:19:28:59:6c:90:d7:97:86:
                    b2:58:4d:1a:54:2e:bb:a7:5e:36:97:f6:eb:0f:52:
                    d9:61:53:bc:72:42:7d:3f:53:08:68:26:87:1a:f3:
                    15:11:1e:d3:1f:3e:9a:ec:9b:39:02:4d:1a:fe:42:
                    c8:82:09:96:00:f0:08:27:85:1f:38:87:95:02:02:
                    bf:ef:d2:2c:82:5d:16:b7:6d:4f:6b:59:bd:48:68:
                    bc:03:7e:46:13:a1:2f:a8:e1:0c:9b:28:ee:82:7f:
                    c4:63:d4:ce:aa:96:08:14:8e:ee:ab:66:b2:50:c4:
                    87:d5:46:02:e0:69:bd:5b:78:88:39:a7:6d:b8:23:
                    c5:a3:35:55:f6:78:00:d9:72:d5:4b:88:bb:37:1b:
                    3e:34:a2:d8:f2:16:8a:a9:bf:43:b5:68:af:1c:2c:
                    c6:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:86:81:42:FB:14:B1:71:78:7C:55:05:1A:9D:E9:A0:E1:9D:02:0E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2e709d51-9e26-4d94-ab28-598e3c397a0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:8b:7b:09:f5:bf:7b:83:04:87:2c:7e:93:69:11:39:6c:db:
         5a:b0:79:75:57:1a:40:01:20:2f:d8:3f:5e:f7:74:e1:f1:4d:
         e1:1d:f9:30:2a:75:ee:51:03:fd:2f:b8:7f:a4:13:ca:9c:77:
         46:c1:40:8a:66:33:52:70:76:7e:e2:00:3b:c7:c4:5d:d1:73:
         10:34:64:bb:f9:0a:0f:a5:64:c3:53:fc:9f:c4:ab:19:19:9d:
         40:40:76:8f:40:6d:5e:0f:6b:6b:f7:35:a8:4e:2b:50:6a:fa:
         a3:c1:39:e0:a3:c4:16:a6:8e:70:a6:15:a1:78:6a:39:9b:c7:
         30:10:4d:32:39:70:6d:b8:51:59:62:36:84:89:10:b3:05:20:
         e6:b5:99:c0:97:3a:e2:c1:3b:b8:a8:56:33:f4:92:63:a2:48:
         bb:b9:32:19:bb:65:b6:9c:72:fa:c7:6b:e7:0c:89:db:6b:0e:
         99:24:e4:47:5a:8c:5f:7b:fe:b9:a6:91:59:7c:68:7b:6a:2e:
         97:5a:7d:c3:7b:52:26:cb:62:08:7e:94:66:1a:77:7f:e3:cc:
         06:42:a1:8c:28:3f:04:9f:fb:ad:47:e7:c9:50:48:ef:5f:38:
         03:aa:66:29:e1:71:a4:dd:48:55:59:41:b1:2b:43:46:db:a5:
         9a:7d:e8:fe
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfPpMXzlxcMbTw4MbUfh06samRgwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTAxMDAwMDAwWhcNMjMxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYWRmMjlkODRjZmQwNmRjODZjNTVmYmQwODE2MzQxN2Y1
ZWVkMTkyNDUxMWM3NTdjZTNkMjI2MTJjYTM4NDY3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMDcMoL/HfkL8qP5/9xvrWidIBrj6jNLK3nM6bVQsRAvGH
9CiiLAMDxQ2jBJAaPknuWbM1C09Ofna+YcmuwINk/WSK+uftuhmL9vStKMEPYMwX
lDbLTFh/ICH8kdA1J90ZKFlskNeXhrJYTRpULrunXjaX9usPUtlhU7xyQn0/Uwho
Joca8xURHtMfPprsmzkCTRr+QsiCCZYA8AgnhR84h5UCAr/v0iyCXRa3bU9rWb1I
aLwDfkYToS+o4QybKO6Cf8Rj1M6qlggUju6rZrJQxIfVRgLgab1beIg5p224I8Wj
NVX2eADZctVLiLs3Gz40otjyFoqpv0O1aK8cLMZ1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcIaBQvsUsXF4fFUFGp3poOGdAg4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJlNzA5ZDUxLTllMjYtNGQ5NC1hYjI4LTU5OGUzYzM5N2EwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFqLewn1v3uDBIcsfpNpETls21qw
eXVXGkABIC/YP173dOHxTeEd+TAqde5RA/0vuH+kE8qcd0bBQIpmM1Jwdn7iADvH
xF3RcxA0ZLv5Cg+lZMNT/J/EqxkZnUBAdo9AbV4Pa2v3NahOK1Bq+qPBOeCjxBam
jnCmFaF4ajmbxzAQTTI5cG24UVliNoSJELMFIOa1mcCXOuLBO7ioVjP0kmOiSLu5
Mhm7ZbaccvrHa+cMidtrDpkk5EdajF97/rmmkVl8aHtqLpdafcN7UibLYgh+lGYa
d3/jzAZCoYwoPwSf+61H58lQSO9fOAOqZinhcaTdSFVZQbErQ0bbpZp96P4=
-----END CERTIFICATE-----