Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f8931c3-2413-4625-9182-27ba072944a6.roa
File:                     5f8931c3-2413-4625-9182-27ba072944a6.roa (raw, json)
Hash identifier:          cRLIooiVz526gdDWD3JiVYLo6gmBE8d/Ugi4p5dmIG0=
Subject key identifier:   E4:71:3D:65:DF:1E:89:9A:48:44:BA:21:48:53:DF:69:67:D9:19:93
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1E0C6535BFB63E21A27A98BB92B77BD76FF240
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f8931c3-2413-4625-9182-27ba072944a6.roa
Signing time:             Sun 16 Jul 2023 00:00:00 +0000
ROA not before:           Sun 16 Jul 2023 00:00:00 +0000
ROA not after:            Sun 20 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:0c:65:35:bf:b6:3e:21:a2:7a:98:bb:92:b7:7b:d7:6f:f2:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 16 00:00:00 2023 GMT
            Not After : Aug 20 23:59:59 2023 GMT
        Subject: serialNumber=35f4edbdd154b7b8862e7f92eef678547461253de51207b872fa420475c88581, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e2:f3:be:3e:ec:9a:43:40:d2:1a:cd:35:4d:
                    bc:c0:19:51:23:46:0d:ee:f8:d0:9b:e0:0d:a5:1a:
                    e4:ab:29:58:e5:fa:33:99:94:61:d7:96:58:ce:34:
                    49:0d:41:cd:d8:dc:bc:3b:85:6a:7f:00:b5:a6:7e:
                    ce:7a:10:d7:c4:04:5e:d9:f5:05:d3:b9:ec:be:3c:
                    f1:2e:e3:69:d0:28:2b:74:b7:4a:33:94:59:60:e2:
                    74:9f:85:32:6e:81:98:eb:9b:bc:0f:a9:99:73:b9:
                    b8:5b:32:ff:8b:73:64:e6:6a:2f:04:06:66:0f:ae:
                    6a:ed:4c:b4:bd:c6:11:ea:d5:ee:df:e5:f9:e7:3f:
                    99:5d:78:f3:1e:65:2a:d6:c7:c0:9a:4e:fe:cf:30:
                    3a:b7:a7:2e:49:b8:1a:ac:37:e4:2f:0b:4d:5d:f6:
                    71:95:2f:55:04:35:22:df:c6:04:23:46:c0:2c:09:
                    39:37:eb:06:88:a2:11:80:a1:f8:f7:aa:0f:ed:ec:
                    a1:32:f3:69:e8:d2:32:06:6d:1d:31:94:45:b0:3f:
                    c6:fa:23:bf:d8:a1:ec:df:57:bc:61:5a:56:b6:96:
                    c6:05:34:37:36:21:81:49:43:4e:39:53:41:51:10:
                    61:26:b3:ce:70:66:09:8a:f7:95:2f:a0:a2:21:a6:
                    08:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:71:3D:65:DF:1E:89:9A:48:44:BA:21:48:53:DF:69:67:D9:19:93
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f8931c3-2413-4625-9182-27ba072944a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:4d:63:08:5f:ad:05:48:81:77:65:a2:dc:4c:5f:fb:cc:2b:
         2f:a3:68:d2:e2:ff:90:d0:eb:9a:00:00:d1:2c:ca:77:50:e9:
         44:7c:0d:c0:04:23:6e:b5:0a:3c:03:0a:82:36:e0:69:74:81:
         3e:a8:89:26:7d:be:03:bf:3a:14:3a:76:ec:a6:79:dc:8c:18:
         5a:f0:7f:5c:c2:c6:4f:7e:bc:43:66:5d:a7:7f:a8:d3:f5:d4:
         5a:a6:cf:08:f1:a7:2f:a9:6a:9d:0b:dd:57:e7:68:09:9e:4b:
         ec:2e:eb:5e:47:a6:c8:1e:ae:e7:67:74:4e:15:89:23:c6:0b:
         a2:5e:3b:97:30:12:cd:78:c7:15:d0:72:e5:95:d3:2b:89:fc:
         99:75:04:c6:08:a5:39:8a:eb:14:92:8e:b2:a6:1f:32:be:57:
         0e:5e:ac:a0:3d:1b:df:ed:f9:9b:8b:6f:40:53:3c:ce:c1:87:
         be:0d:ec:5a:03:eb:2b:a0:44:3c:9c:d0:32:f7:17:d2:72:ca:
         db:64:08:9c:8b:3a:ec:3c:e9:f5:7a:50:8d:5f:bd:3f:a7:e9:
         ca:a9:f3:bb:0d:de:ea:7c:70:f1:e4:ef:23:ee:bf:aa:86:f9:
         19:10:9f:38:86:b2:89:b6:3d:21:89:11:ba:a4:9c:9f:81:93:
         02:65:b6:3a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITHgxlNb+2PiGiepi7krd712/yQDANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzIyNzhhYWI4NzhmMjY2MmNlMTRlOTA1ZTE4ZWJjYjc1MjJm
OTJiMzY4NGJjNDg2NWI0ZDAeFw0yMzA3MTYwMDAwMDBaFw0yMzA4MjAyMzU5NTla
MHoxSTBHBgNVBAUTQDM1ZjRlZGJkZDE1NGI3Yjg4NjJlN2Y5MmVlZjY3ODU0NzQ2
MTI1M2RlNTEyMDdiODcyZmE0MjA0NzVjODg1ODExLTArBgNVBAMTJGMwY2UyM2Vh
LTQzZmMtNGJlNC1iZWVlLWMwMTQ3ODEyMmEwZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK7i874+7JpDQNIazTVNvMAZUSNGDe740JvgDaUa5KspWOX6
M5mUYdeWWM40SQ1BzdjcvDuFan8AtaZ+znoQ18QEXtn1BdO57L488S7jadAoK3S3
SjOUWWDidJ+FMm6BmOubvA+pmXO5uFsy/4tzZOZqLwQGZg+uau1MtL3GEerV7t/l
+ec/mV148x5lKtbHwJpO/s8wOrenLkm4Gqw35C8LTV32cZUvVQQ1It/GBCNGwCwJ
OTfrBoiiEYCh+PeqD+3soTLzaejSMgZtHTGURbA/xvojv9ih7N9XvGFaVraWxgU0
NzYhgUlDTjlTQVEQYSazznBmCYr3lS+goiGmCFMCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBTkcT1l3x6JmkhEuiFIU99pZ9kZkzAfBgNVHSMEGDAWgBRVqN1F2UQT+dGS
9Sxjzoz7xhSWuDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzE0MzNlYmZmLWRm
ZDYtNGM1Yy1iN2ZmLTk5Yzg1MTM5ZDRhOC8yNzhhYWI4NzhmMjY2MmNlMTRlOTA1
ZTE4ZWJjYjc1MjJmOTJiMzY4NGJjNDg2NWI0ZC5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8xNmYxZmZlZS03NDYxLTQ2NzQtYmIwNS1mZGRl
ZmE5YTAyYzYvNWY4OTMxYzMtMjQxMy00NjI1LTkxODItMjdiYTA3Mjk0NGE2LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUt
ZmRkZWZhOWEwMmM2L0ptTE9GT2tGNFk2OHQxSXZrck5vUzhTR1cwMC5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMckeDANBgkqhkiG9w0BAQsFAAOCAQEAKU1jCF+tBUiBd2Wi3Exf+8wrL6No
0uL/kNDrmgAA0SzKd1DpRHwNwAQjbrUKPAMKgjbgaXSBPqiJJn2+A786FDp27KZ5
3IwYWvB/XMLGT368Q2Zdp3+o0/XUWqbPCPGnL6lqnQvdV+doCZ5L7C7rXkemyB6u
52d0ThWJI8YLol47lzASzXjHFdBy5ZXTK4n8mXUExgilOYrrFJKOsqYfMr5XDl6s
oD0b3+35m4tvQFM8zsGHvg3sWgPrK6BEPJzQMvcX0nLK22QInIs67Dzp9XpQjV+9
P6fpyqnzuw3e6nxw8eTvI+6/qob5GRCfOIayibY9IYkRuqScn4GTAmW2Og==
-----END CERTIFICATE-----