Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/802c0bec-69dc-4f5f-8530-b1e5dc3242c3.roa
File:                     802c0bec-69dc-4f5f-8530-b1e5dc3242c3.roa (raw, json)
Hash identifier:          N+yB3OiWqgCvQGHp9v+9hT0wCEQNsh/2/UqZwGC3Uak=
Subject key identifier:   D9:EC:DF:D2:FE:7C:67:30:46:3D:72:BE:79:91:C0:A8:DB:DE:10:0E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       417D20E8FC3E5C4FE0D7661D2483220600EB7167
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/802c0bec-69dc-4f5f-8530-b1e5dc3242c3.roa
Signing time:             Sat 21 Oct 2023 00:00:00 +0000
ROA not before:           Sat 21 Oct 2023 00:00:00 +0000
ROA not after:            Sat 25 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:7d:20:e8:fc:3e:5c:4f:e0:d7:66:1d:24:83:22:06:00:eb:71:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 21 00:00:00 2023 GMT
            Not After : Nov 25 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:7e:dc:94:58:11:2b:79:e7:4a:31:29:be:1f:
                    bf:8f:d3:d7:66:4c:93:1b:28:72:c6:0c:d0:cf:ff:
                    d8:40:8f:ed:69:6b:26:b1:65:06:7a:1a:ea:01:ab:
                    ce:32:18:5d:03:75:8b:96:1f:9c:18:67:fc:cf:bb:
                    2c:dd:db:8a:8a:ba:86:5a:b0:52:af:c2:89:b1:4b:
                    27:3e:c7:bd:b6:78:03:08:34:3a:77:22:a2:b8:89:
                    5d:8d:3e:96:07:78:4e:5c:39:c2:15:09:12:a0:6a:
                    a2:cf:49:46:ac:7e:5b:9e:ca:98:55:8b:6d:a9:95:
                    79:67:fe:7d:9f:bd:c1:d0:68:0d:10:e4:2b:96:d4:
                    8c:6e:35:75:16:e1:f6:62:96:a7:cf:4b:16:6d:f9:
                    94:89:d3:95:d5:95:5f:b1:b0:25:38:c8:f5:a0:6a:
                    ad:35:18:97:f1:19:f8:47:d4:da:97:23:31:3c:76:
                    e5:59:8f:82:d6:7f:b0:82:52:c7:2a:a7:d1:33:b0:
                    51:89:51:ec:ce:2f:ad:13:d7:a2:42:b1:8d:dd:72:
                    a0:6f:bf:21:0e:50:91:0d:19:b0:97:cb:08:9d:af:
                    71:c4:21:1e:37:0b:58:58:a6:47:62:93:d7:3f:52:
                    28:63:9a:bb:17:31:ef:7d:d7:f2:da:3d:31:aa:d3:
                    60:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:EC:DF:D2:FE:7C:67:30:46:3D:72:BE:79:91:C0:A8:DB:DE:10:0E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/802c0bec-69dc-4f5f-8530-b1e5dc3242c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:20:64:9a:15:2f:fd:8b:77:3e:50:c5:d5:87:9c:cc:5c:b9:
         13:50:4c:5f:6d:e6:cd:2f:20:65:32:36:bc:73:3a:7f:e8:16:
         d3:01:74:95:f5:21:d0:44:7e:d1:c5:76:4b:ef:13:78:57:83:
         b1:c3:c3:10:d0:c2:37:2e:6a:ae:ef:68:7d:d3:d3:0c:f0:f8:
         bc:20:56:bb:de:c1:5b:0f:ba:1f:2e:f0:89:21:6e:2d:23:ab:
         bb:4b:c5:d8:11:aa:43:28:d6:29:ea:8e:df:fd:35:80:c3:54:
         64:2e:13:b4:3a:8c:4d:3c:b1:85:ba:c5:20:7b:5b:32:79:83:
         95:e1:92:7f:2c:06:df:12:5e:bd:1e:5d:96:77:69:a0:13:c8:
         d0:bd:b5:63:56:92:00:9e:01:01:1c:76:57:69:bd:1d:a8:1d:
         3f:22:31:e9:da:16:45:8b:ba:03:1b:91:a4:ff:31:b6:06:a2:
         71:9c:3c:5b:9c:8c:83:6b:3b:5c:93:30:33:fc:b4:5e:b3:2e:
         9d:a8:ab:ad:79:de:ee:22:fa:5d:f1:c3:1e:aa:01:42:cb:4c:
         61:97:8e:7a:d2:c4:58:85:e9:2c:48:b9:72:b1:b9:91:7c:60:
         84:25:43:10:e4:94:e1:5f:fa:44:25:d7:db:77:a6:8b:16:aa:
         79:f0:2a:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQX0g6Pw+XE/g12YdJIMiBgDrcWcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDIxMDAwMDAwWhcNMjMxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiODZlZGI4ZjJlZDM1YTJkNTIzMGM0MzJjNTI3MzdiYzM1
YzMzMTQyZmE1MDU5NjgxYTBiYmIzNDU3ZWFjMjdkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCIftyUWBEreedKMSm+H7+P09dmTJMbKHLGDNDP/9hAj+1p
ayaxZQZ6GuoBq84yGF0DdYuWH5wYZ/zPuyzd24qKuoZasFKvwomxSyc+x722eAMI
NDp3IqK4iV2NPpYHeE5cOcIVCRKgaqLPSUasflueyphVi22plXln/n2fvcHQaA0Q
5CuW1IxuNXUW4fZilqfPSxZt+ZSJ05XVlV+xsCU4yPWgaq01GJfxGfhH1NqXIzE8
duVZj4LWf7CCUscqp9EzsFGJUezOL60T16JCsY3dcqBvvyEOUJENGbCXywidr3HE
IR43C1hYpkdik9c/UihjmrsXMe991/LaPTGq02DHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2ezf0v58ZzBGPXK+eZHAqNveEA4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgwMmMwYmVjLTY5ZGMtNGY1Zi04NTMwLWIxZTVkYzMyNDJjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHogZJoVL/2Ldz5QxdWHnMxcuRNQ
TF9t5s0vIGUyNrxzOn/oFtMBdJX1IdBEftHFdkvvE3hXg7HDwxDQwjcuaq7vaH3T
0wzw+LwgVrvewVsPuh8u8Ikhbi0jq7tLxdgRqkMo1inqjt/9NYDDVGQuE7Q6jE08
sYW6xSB7WzJ5g5Xhkn8sBt8SXr0eXZZ3aaATyNC9tWNWkgCeAQEcdldpvR2oHT8i
MenaFkWLugMbkaT/MbYGonGcPFucjINrO1yTMDP8tF6zLp2oq6153u4i+l3xwx6q
AULLTGGXjnrSxFiF6SxIuXKxuZF8YIQlQxDklOFf+kQl19t3posWqnnwKkg=
-----END CERTIFICATE-----