Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/857d00ee-30b2-434a-af40-9eb3861e6701.roa
File:                     857d00ee-30b2-434a-af40-9eb3861e6701.roa (raw, json)
Hash identifier:          PbUqScIG+yffUDdkzL8v9Y7JzTxCovpPWKaREPmM4zI=
Subject key identifier:   54:71:2D:E0:97:05:E1:4A:34:A8:3E:6F:F0:DA:B4:4A:C4:15:0C:D8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       78D01A9003F807FFA1FAFDB8435777403DC837BA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/857d00ee-30b2-434a-af40-9eb3861e6701.roa
Signing time:             Wed 20 Sep 2023 00:00:00 +0000
ROA not before:           Wed 20 Sep 2023 00:00:00 +0000
ROA not after:            Wed 25 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:d0:1a:90:03:f8:07:ff:a1:fa:fd:b8:43:57:77:40:3d:c8:37:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 20 00:00:00 2023 GMT
            Not After : Oct 25 23:59:59 2023 GMT
        Subject: serialNumber=ab25f7061eee564cef3b3927d23b631ca12bfb09a836e7038d658cd5c77b2f6a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:67:a4:b8:5d:6b:17:c2:9f:2f:77:92:f2:87:
                    b6:28:6b:65:53:f4:40:e6:6d:1b:af:c4:59:1d:a1:
                    ce:b4:fd:29:da:88:74:48:b1:4f:47:9c:e2:6f:75:
                    d3:a9:9b:f4:74:df:9e:6b:3c:1c:79:a7:d2:85:9d:
                    05:7c:00:b1:41:38:1d:46:61:4d:d0:56:db:62:c0:
                    02:12:58:54:78:c1:50:0c:0e:82:44:0e:95:2c:fd:
                    0a:3c:eb:70:af:f4:7a:da:84:a0:4a:d5:8c:58:fc:
                    ef:bf:9a:ba:4c:9a:fc:2c:f8:fc:cc:a7:d0:6a:53:
                    9c:85:b9:76:b3:bc:06:76:10:4f:1d:81:0c:a1:09:
                    d3:8c:63:56:7e:45:d8:3c:c8:88:03:2a:dd:1c:83:
                    bd:69:c8:44:01:eb:26:a2:50:e9:0c:1b:61:3b:df:
                    ae:45:ea:24:06:8d:e9:25:b7:7f:63:0b:18:57:ef:
                    0a:0f:0d:4e:09:3d:aa:e9:99:76:b4:a8:fb:a6:4a:
                    b4:38:ac:a2:91:c7:da:d6:2f:7a:75:ab:7f:54:02:
                    a5:7f:32:da:95:71:1e:51:ce:6f:41:c8:df:b7:ac:
                    1c:f0:b6:ed:2f:c6:fb:71:4d:dd:6a:7a:54:d2:17:
                    bd:74:ef:5b:4d:7e:f3:72:01:1d:94:d4:79:36:f4:
                    c0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:71:2D:E0:97:05:E1:4A:34:A8:3E:6F:F0:DA:B4:4A:C4:15:0C:D8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/857d00ee-30b2-434a-af40-9eb3861e6701.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:75:1d:07:41:da:79:90:e6:c7:df:2c:bc:85:71:04:85:0e:
         f0:96:61:5a:0f:8e:83:68:2b:40:68:c1:8c:aa:9d:48:3f:fd:
         98:91:e4:9b:8a:59:49:48:a2:44:ac:be:d8:d6:fa:a1:76:f4:
         98:57:a2:0d:a1:49:a9:46:bb:a7:44:b7:32:56:64:ad:de:97:
         2b:a1:1a:1c:67:c8:26:4c:43:ac:e1:6a:f7:de:81:53:d2:e7:
         aa:b3:60:49:b1:3e:97:24:29:b0:1b:4c:be:0f:22:77:d5:e6:
         b8:dc:ba:4b:9e:38:a9:08:44:55:92:97:2e:c6:0d:e7:a7:13:
         ad:6f:a0:c7:65:f0:f0:6b:d3:dc:75:f8:c4:fc:8c:75:3d:6f:
         4b:c3:16:c5:89:32:c0:c9:23:9b:03:b2:41:bd:e1:e4:f9:62:
         a1:af:ef:b9:ef:10:c7:6f:5e:90:37:1f:fc:ca:41:ab:61:80:
         76:e7:7f:65:d3:40:04:00:21:cd:12:dc:4a:09:9d:85:03:5a:
         a6:5a:56:10:1a:f6:2f:69:9a:18:b5:05:6c:96:41:0d:1c:e6:
         43:d7:38:4e:1c:9b:17:c7:7d:bc:9c:52:54:e2:eb:0c:12:0c:
         f5:75:5b:bd:2c:5b:a8:52:57:9c:95:9b:87:39:7f:0c:14:4c:
         81:21:d0:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeNAakAP4B/+h+v24Q1d3QD3IN7owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTIwMDAwMDAwWhcNMjMxMDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYjI1ZjcwNjFlZWU1NjRjZWYzYjM5MjdkMjNiNjMxY2Ex
MmJmYjA5YTgzNmU3MDM4ZDY1OGNkNWM3N2IyZjZhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUZ6S4XWsXwp8vd5Lyh7Yoa2VT9EDmbRuvxFkdoc60/Sna
iHRIsU9HnOJvddOpm/R0355rPBx5p9KFnQV8ALFBOB1GYU3QVttiwAISWFR4wVAM
DoJEDpUs/Qo863Cv9HrahKBK1YxY/O+/mrpMmvws+PzMp9BqU5yFuXazvAZ2EE8d
gQyhCdOMY1Z+Rdg8yIgDKt0cg71pyEQB6yaiUOkMG2E7365F6iQGjeklt39jCxhX
7woPDU4JParpmXa0qPumSrQ4rKKRx9rWL3p1q39UAqV/MtqVcR5Rzm9ByN+3rBzw
tu0vxvtxTd1qelTSF71071tNfvNyAR2U1Hk29MD/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVHEt4JcF4Uo0qD5v8Nq0SsQVDNgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg1N2QwMGVlLTMwYjItNDM0YS1hZjQwLTllYjM4NjFlNjcwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAId1HQdB2nmQ5sffLLyFcQSFDvCW
YVoPjoNoK0BowYyqnUg//ZiR5JuKWUlIokSsvtjW+qF29JhXog2hSalGu6dEtzJW
ZK3elyuhGhxnyCZMQ6zhavfegVPS56qzYEmxPpckKbAbTL4PInfV5rjcukueOKkI
RFWSly7GDeenE61voMdl8PBr09x1+MT8jHU9b0vDFsWJMsDJI5sDskG94eT5YqGv
77nvEMdvXpA3H/zKQathgHbnf2XTQAQAIc0S3EoJnYUDWqZaVhAa9i9pmhi1BWyW
QQ0c5kPXOE4cmxfHfbycUlTi6wwSDPV1W70sW6hSV5yVm4c5fwwUTIEh0L0=
-----END CERTIFICATE-----