Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5c84eb44-d374-4ad9-ae35-12d81c9877bc.roa
File:                     5c84eb44-d374-4ad9-ae35-12d81c9877bc.roa (raw, json)
Hash identifier:          9f32s4hc/kpRGU7+gA2CQansgKTdGnysfIAwj1SvaVY=
Subject key identifier:   B7:98:E6:97:CD:E4:49:0E:0D:32:99:93:A9:22:1F:FD:43:66:8D:18
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4233A059466C5A2E459840ABB16FB5070B2BC886
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5c84eb44-d374-4ad9-ae35-12d81c9877bc.roa
Signing time:             Wed 16 Aug 2023 00:00:00 +0000
ROA not before:           Wed 16 Aug 2023 00:00:00 +0000
ROA not after:            Wed 20 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:33:a0:59:46:6c:5a:2e:45:98:40:ab:b1:6f:b5:07:0b:2b:c8:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 16 00:00:00 2023 GMT
            Not After : Sep 20 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fe:11:a2:d7:fe:ec:ba:c6:ae:df:9b:d7:28:
                    d2:82:a6:c3:b0:d2:8c:dc:3e:f8:23:fb:b3:ac:67:
                    5f:58:ca:67:44:55:20:bc:72:df:03:e6:a9:e0:51:
                    26:34:dc:c9:b6:a7:df:76:71:0b:11:9c:60:87:64:
                    10:9a:a6:3b:39:9e:9d:92:02:37:73:43:12:43:72:
                    fd:a0:c8:c8:46:6e:8c:49:fb:71:6e:0b:5f:da:69:
                    40:d2:63:67:3f:72:c7:51:ed:eb:bb:71:e8:89:0a:
                    39:88:fc:94:43:6d:e2:a1:f2:18:fc:6b:e2:a4:fa:
                    43:5d:3a:ee:96:95:4d:69:eb:cc:48:a2:a2:58:3f:
                    62:e5:01:96:c9:42:f1:ca:cc:bb:ee:68:b0:72:75:
                    e5:5a:c7:fe:6b:b6:e3:1e:a0:98:d4:2a:8d:c5:1c:
                    cf:b0:d3:f0:59:e0:37:ce:ef:55:73:30:1e:79:ac:
                    21:8b:fb:da:31:9a:70:17:af:db:76:41:c3:43:05:
                    d6:fb:48:98:b7:b6:17:e6:59:2c:cc:2c:1c:89:ad:
                    c7:ae:fa:ed:5b:63:4c:4e:73:dd:fd:1a:ca:52:a8:
                    a9:fc:23:d3:d4:a5:fc:06:67:72:ff:4d:5c:83:4c:
                    15:19:40:42:d4:f3:ac:fd:56:e3:7d:f3:e7:bb:40:
                    53:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:98:E6:97:CD:E4:49:0E:0D:32:99:93:A9:22:1F:FD:43:66:8D:18
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5c84eb44-d374-4ad9-ae35-12d81c9877bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:2b:d9:a0:9f:46:53:cb:e4:4c:fb:ae:5f:e9:5c:40:04:8a:
         30:68:9b:02:1a:31:ee:d4:6a:2c:22:02:b8:ec:7a:36:be:fe:
         7f:38:2f:9f:2d:da:aa:88:1a:20:92:5b:04:eb:6d:60:bc:ec:
         6a:d5:fb:17:72:2a:2b:27:f7:48:d3:46:d2:db:ae:11:8b:99:
         77:d5:89:86:c7:72:3d:5e:2d:88:bc:53:06:9a:06:dd:46:3c:
         87:d4:c5:53:51:31:4a:47:50:22:28:55:bb:b9:0f:25:7d:a0:
         5d:d5:a7:65:94:e5:03:3b:9c:aa:0a:fe:b4:f3:61:bb:f3:d8:
         b2:0c:b0:a6:8e:05:59:ea:8b:2e:7e:79:d9:91:67:f4:f5:bb:
         71:76:c4:9a:0c:91:e3:3d:5a:c5:00:c1:81:0a:6d:21:74:f0:
         e4:94:39:ba:f0:82:61:53:f5:02:af:b6:df:25:2c:df:ff:6b:
         89:51:03:fb:f9:77:96:ee:26:e2:90:62:c5:e0:41:72:a8:f6:
         7e:00:ad:02:8b:2d:b2:ca:1f:10:e3:c8:a4:98:bc:e1:f6:ac:
         b5:83:a5:19:b8:e7:77:a3:f7:d2:33:39:41:a7:d3:5b:07:e0:
         ab:91:32:5a:29:96:0a:a9:15:e7:9e:be:12:c7:1a:50:c1:db:
         f8:fb:c1:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQjOgWUZsWi5FmECrsW+1BwsryIYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE2MDAwMDAwWhcNMjMwOTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MGE0YjM0Yzc1MzQxMGNkYTAyOGY4ZDFlYzllZDI5ZjA3
NWQ1MTY0ZjVkYmQ1ZTNhMTE1NWRhMGZlYTUwMGYyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD/hGi1/7susau35vXKNKCpsOw0ozcPvgj+7OsZ19YymdE
VSC8ct8D5qngUSY03Mm2p992cQsRnGCHZBCapjs5np2SAjdzQxJDcv2gyMhGboxJ
+3FuC1/aaUDSY2c/csdR7eu7ceiJCjmI/JRDbeKh8hj8a+Kk+kNdOu6WlU1p68xI
oqJYP2LlAZbJQvHKzLvuaLBydeVax/5rtuMeoJjUKo3FHM+w0/BZ4DfO71VzMB55
rCGL+9oxmnAXr9t2QcNDBdb7SJi3thfmWSzMLByJrceu+u1bY0xOc939GspSqKn8
I9PUpfwGZ3L/TVyDTBUZQELU86z9VuN98+e7QFPDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUt5jml83kSQ4NMpmTqSIf/UNmjRgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVjODRlYjQ0LWQzNzQtNGFkOS1hZTM1LTEyZDgxYzk4NzdiYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABsr2aCfRlPL5Ez7rl/pXEAEijBo
mwIaMe7UaiwiArjseja+/n84L58t2qqIGiCSWwTrbWC87GrV+xdyKisn90jTRtLb
rhGLmXfViYbHcj1eLYi8UwaaBt1GPIfUxVNRMUpHUCIoVbu5DyV9oF3Vp2WU5QM7
nKoK/rTzYbvz2LIMsKaOBVnqiy5+edmRZ/T1u3F2xJoMkeM9WsUAwYEKbSF08OSU
ObrwgmFT9QKvtt8lLN//a4lRA/v5d5buJuKQYsXgQXKo9n4ArQKLLbLKHxDjyKSY
vOH2rLWDpRm453ej99IzOUGn01sH4KuRMloplgqpFeeevhLHGlDB2/j7wSU=
-----END CERTIFICATE-----