Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/530cb61a-aa38-4816-8e34-5d1369d384cb.roa
File:                     530cb61a-aa38-4816-8e34-5d1369d384cb.roa (raw, json)
Hash identifier:          af2bqvdup16DK83AYG3Pr8o0W//rKZcxwNt0f2j2TGA=
Subject key identifier:   8D:69:85:53:C2:D2:0C:3F:A2:59:FA:1D:C5:D0:09:0B:2B:2D:C6:99
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       10A205A828FE1354B6C508E7336DBEC0ED6A8028
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/530cb61a-aa38-4816-8e34-5d1369d384cb.roa
Signing time:             Mon 03 Jul 2023 00:00:00 +0000
ROA not before:           Mon 03 Jul 2023 00:00:00 +0000
ROA not after:            Mon 07 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:a2:05:a8:28:fe:13:54:b6:c5:08:e7:33:6d:be:c0:ed:6a:80:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  3 00:00:00 2023 GMT
            Not After : Aug  7 23:59:59 2023 GMT
        Subject: serialNumber=a9223716ae4b9c5b460db35573b034bff70024275ae272c259e5088604c674b3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4d:e7:0d:59:7f:1a:8c:e4:c5:04:dd:85:6a:
                    67:f8:f5:e5:93:2f:9f:ce:31:51:92:b0:f6:99:c7:
                    6d:fe:f3:3f:b6:a1:e5:bb:0d:d4:85:0b:0c:d0:01:
                    4f:dc:35:af:e5:be:32:04:a5:09:32:ac:87:4e:02:
                    3c:67:15:36:3e:f8:f5:b3:ed:09:3a:b0:f1:e4:a8:
                    ea:53:84:17:94:eb:de:60:4b:29:b1:a6:85:94:53:
                    05:0b:b8:67:ba:2f:9a:46:b0:63:68:50:ce:a1:f6:
                    c9:9c:b8:12:e3:f0:bf:dc:b5:7d:29:98:d8:c6:b9:
                    86:a9:57:78:0f:d1:c1:ce:cd:96:8b:58:7c:79:5f:
                    b4:91:e2:cb:32:85:d6:03:fb:ce:57:73:cb:bb:1b:
                    f5:2a:50:c6:82:69:01:cc:ea:1b:4d:30:b5:8c:6a:
                    ca:83:ed:3e:34:79:22:28:55:fc:86:12:d4:58:2b:
                    da:d1:b3:b7:e3:20:b0:8d:c1:94:12:4a:79:d3:fd:
                    b2:4b:f2:01:51:06:ab:34:f4:da:26:b7:f1:dd:96:
                    00:be:b8:84:d2:b9:fc:20:cb:ef:94:cf:ab:7c:f5:
                    f4:f7:47:1f:ed:e6:e7:22:58:1a:66:be:19:74:da:
                    d7:9d:f0:00:e5:c0:e2:10:8b:64:a0:ce:76:87:4b:
                    97:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:69:85:53:C2:D2:0C:3F:A2:59:FA:1D:C5:D0:09:0B:2B:2D:C6:99
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/530cb61a-aa38-4816-8e34-5d1369d384cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:4a:39:b8:b8:dc:ed:7a:c1:51:e9:25:d8:bd:73:ec:af:31:
         b1:00:53:28:bf:68:7a:b2:aa:17:3a:64:28:18:1c:1e:0e:7b:
         19:7a:a2:32:1d:57:46:38:dc:8f:b7:2c:5c:74:9b:23:c0:7b:
         df:27:9d:ee:03:70:ea:09:2c:19:8f:9b:98:88:fd:59:aa:73:
         eb:78:0d:4f:5f:14:68:df:d0:e1:8c:66:fb:a8:8f:7e:c1:c5:
         7e:6a:79:48:90:66:07:5e:7f:79:35:2e:69:27:1e:16:1a:1d:
         27:78:48:28:39:7f:d0:dc:9c:e1:c8:c5:2b:41:04:9d:ce:ff:
         f4:7b:80:c0:7e:b8:30:03:c2:ae:10:80:b5:45:06:92:59:27:
         5f:64:19:d7:27:82:e1:55:68:72:75:23:fc:23:be:51:22:34:
         a5:c6:ea:f7:4a:14:1a:65:2b:8d:ec:e7:28:6c:80:c5:02:2b:
         2d:fa:47:32:cc:1c:f4:56:9d:65:e3:34:9c:55:5e:ec:6e:cc:
         26:b6:ba:f0:e9:7b:30:2f:7e:0d:3c:19:c0:f3:13:52:e0:17:
         19:74:8f:2a:56:31:04:af:7b:86:8d:f2:1e:5c:99:64:25:4e:
         a2:6c:13:55:1d:21:63:80:ed:1f:1a:2f:6b:c6:77:36:78:fd:
         10:36:8f:0d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEKIFqCj+E1S2xQjnM22+wO1qgCgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzAzMDAwMDAwWhcNMjMwODA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTIyMzcxNmFlNGI5YzViNDYwZGIzNTU3M2IwMzRiZmY3
MDAyNDI3NWFlMjcyYzI1OWU1MDg4NjA0YzY3NGIzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1TecNWX8ajOTFBN2Famf49eWTL5/OMVGSsPaZx23+8z+2
oeW7DdSFCwzQAU/cNa/lvjIEpQkyrIdOAjxnFTY++PWz7Qk6sPHkqOpThBeU695g
SymxpoWUUwULuGe6L5pGsGNoUM6h9smcuBLj8L/ctX0pmNjGuYapV3gP0cHOzZaL
WHx5X7SR4ssyhdYD+85Xc8u7G/UqUMaCaQHM6htNMLWMasqD7T40eSIoVfyGEtRY
K9rRs7fjILCNwZQSSnnT/bJL8gFRBqs09Nomt/HdlgC+uITSufwgy++Uz6t89fT3
Rx/t5uciWBpmvhl02ted8ADlwOIQi2SgznaHS5edAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjWmFU8LSDD+iWfodxdAJCystxpkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUzMGNiNjFhLWFhMzgtNDgxNi04ZTM0LTVkMTM2OWQzODRjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK1KObi43O16wVHpJdi9c+yvMbEA
Uyi/aHqyqhc6ZCgYHB4Oexl6ojIdV0Y43I+3LFx0myPAe98nne4DcOoJLBmPm5iI
/Vmqc+t4DU9fFGjf0OGMZvuoj37BxX5qeUiQZgdef3k1LmknHhYaHSd4SCg5f9Dc
nOHIxStBBJ3O//R7gMB+uDADwq4QgLVFBpJZJ19kGdcnguFVaHJ1I/wjvlEiNKXG
6vdKFBplK43s5yhsgMUCKy36RzLMHPRWnWXjNJxVXuxuzCa2uvDpezAvfg08GcDz
E1LgFxl0jypWMQSve4aN8h5cmWQlTqJsE1UdIWOA7R8aL2vGdzZ4/RA2jw0=
-----END CERTIFICATE-----