Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82b567c5-fac4-43a6-a736-9d0150c2b298.roa
File:                     82b567c5-fac4-43a6-a736-9d0150c2b298.roa (raw, json)
Hash identifier:          IFz09LCyPHdaLKqVa37D/ypCMuDFHqBd795MZFUgID8=
Subject key identifier:   B3:A3:B3:52:3C:0F:DF:96:3E:D6:B5:39:09:86:FF:16:49:DE:B7:C3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5FB7AF274C538C94A73C93D1C5EE2703EC2824D2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82b567c5-fac4-43a6-a736-9d0150c2b298.roa
Signing time:             Tue 07 Nov 2023 00:00:00 +0000
ROA not before:           Tue 07 Nov 2023 00:00:00 +0000
ROA not after:            Tue 12 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:b7:af:27:4c:53:8c:94:a7:3c:93:d1:c5:ee:27:03:ec:28:24:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  7 00:00:00 2023 GMT
            Not After : Dec 12 23:59:59 2023 GMT
        Subject: serialNumber=94f6b10322177dbaccc8e0a31091e860dc0d4c6663b6c57ede9b2620e6baca4d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:24:31:cd:3b:b0:ea:39:ee:dd:9f:aa:c9:b5:
                    c8:54:3f:fb:0e:0f:e3:44:fd:19:d2:7e:03:97:ee:
                    aa:c9:81:fb:70:24:d5:d4:a2:fb:2f:9c:99:60:e6:
                    a2:41:b1:db:35:ea:d8:17:78:75:ba:14:36:d6:08:
                    be:bf:fe:42:0a:00:b9:eb:57:b9:21:a7:ce:4e:1f:
                    6e:b2:85:24:d0:84:65:3a:0a:2d:37:ff:6e:ee:b8:
                    a8:a8:fd:93:cf:d3:be:b0:39:39:ea:32:af:a6:4c:
                    45:6e:ec:b0:5c:f9:ed:5c:05:c7:97:dc:f6:00:f8:
                    ec:5b:6f:96:95:f0:bb:4a:5a:57:c4:a3:68:0a:8d:
                    16:1c:40:ef:bc:d6:02:88:5f:0a:ca:3c:b3:d4:05:
                    35:f9:dc:5f:c1:94:8c:d8:bb:b7:27:6d:41:a4:e0:
                    7c:33:c9:3b:af:90:ff:b8:5a:f4:d3:a5:be:7b:b9:
                    06:f8:39:c3:94:6b:87:0f:97:fe:2d:32:29:b4:e7:
                    14:ec:1c:77:06:54:74:be:8f:95:11:48:6a:58:13:
                    ea:6d:5c:11:a0:86:7a:4b:ce:38:25:02:bf:bd:34:
                    44:c7:44:7a:e7:e7:b7:e6:15:11:7c:ff:c9:f5:33:
                    f2:55:3f:40:3e:43:de:22:d9:00:6e:e6:4d:06:44:
                    71:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:A3:B3:52:3C:0F:DF:96:3E:D6:B5:39:09:86:FF:16:49:DE:B7:C3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82b567c5-fac4-43a6-a736-9d0150c2b298.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:26:0d:cb:c9:de:59:b0:3f:b1:31:2c:7d:63:7a:c5:ac:77:
         a6:03:b5:c7:ec:cf:f1:e7:06:1c:62:bc:3d:56:dd:e6:c4:f6:
         0f:c9:70:16:c1:f9:c2:ff:aa:fb:08:77:de:d5:8f:ec:42:25:
         4f:e6:04:b1:4c:34:56:f7:b1:ed:71:57:42:5c:00:f3:ae:c2:
         2c:53:76:94:ff:1e:9b:7f:3d:e6:4d:bc:2c:52:0a:dd:99:48:
         63:ea:4e:53:9a:37:9e:f3:c3:57:4e:16:f0:17:24:ad:1d:03:
         16:f1:08:29:d4:72:1a:06:a2:19:00:09:4e:a1:a4:fd:30:7e:
         bb:0a:8f:4b:9e:7e:3d:8b:25:3d:d2:24:4a:85:c5:ba:4f:bd:
         34:49:c2:a1:19:c6:f9:12:11:b9:53:1d:c7:b9:5b:3d:74:42:
         7d:46:a1:d6:1e:3a:7e:ba:2e:b7:4a:ae:b3:5d:fc:a9:2b:6c:
         4f:4c:4a:bd:c0:f9:eb:d5:c3:16:d0:ce:a8:f5:27:73:5d:b0:
         e5:cf:70:13:e1:2a:9d:f4:26:3c:e7:4d:9c:b0:4c:1c:e3:72:
         f0:bd:5b:ed:f2:bf:b2:88:50:92:c2:1e:fb:a8:30:dc:a7:79:
         be:7c:01:97:d6:49:c0:51:4b:1b:65:c3:b4:80:7b:77:de:01:
         87:e6:59:f5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUX7evJ0xTjJSnPJPRxe4nA+woJNIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA3MDAwMDAwWhcNMjMxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NGY2YjEwMzIyMTc3ZGJhY2NjOGUwYTMxMDkxZTg2MGRj
MGQ0YzY2NjNiNmM1N2VkZTliMjYyMGU2YmFjYTRkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPJDHNO7DqOe7dn6rJtchUP/sOD+NE/RnSfgOX7qrJgftw
JNXUovsvnJlg5qJBsds16tgXeHW6FDbWCL6//kIKALnrV7khp85OH26yhSTQhGU6
Ci03/27uuKio/ZPP076wOTnqMq+mTEVu7LBc+e1cBceX3PYA+Oxbb5aV8LtKWlfE
o2gKjRYcQO+81gKIXwrKPLPUBTX53F/BlIzYu7cnbUGk4HwzyTuvkP+4WvTTpb57
uQb4OcOUa4cPl/4tMim05xTsHHcGVHS+j5URSGpYE+ptXBGghnpLzjglAr+9NETH
RHrn57fmFRF8/8n1M/JVP0A+Q94i2QBu5k0GRHF7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUs6OzUjwP35Y+1rU5CYb/Fknet8MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyYjU2N2M1LWZhYzQtNDNhNi1hNzM2LTlkMDE1MGMyYjI5OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALAmDcvJ3lmwP7ExLH1jesWsd6YD
tcfsz/HnBhxivD1W3ebE9g/JcBbB+cL/qvsId97Vj+xCJU/mBLFMNFb3se1xV0Jc
APOuwixTdpT/Hpt/PeZNvCxSCt2ZSGPqTlOaN57zw1dOFvAXJK0dAxbxCCnUchoG
ohkACU6hpP0wfrsKj0uefj2LJT3SJEqFxbpPvTRJwqEZxvkSEblTHce5Wz10Qn1G
odYeOn66LrdKrrNd/KkrbE9MSr3A+evVwxbQzqj1J3NdsOXPcBPhKp30JjznTZyw
TBzjcvC9W+3yv7KIUJLCHvuoMNyneb58AZfWScBRSxtlw7SAe3feAYfmWfU=
-----END CERTIFICATE-----