Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/98408006-ebc4-43ad-8237-e9e4393eaf46.roa
File:                     98408006-ebc4-43ad-8237-e9e4393eaf46.roa (raw, json)
Hash identifier:          mYlAyetzF7Y0whBCrwlf5Ffs5WF6FX7IP23mAfR0oCY=
Subject key identifier:   B6:15:EB:26:01:B7:0A:13:E4:8B:16:AF:00:44:54:79:7B:A5:4C:04
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6D08C7A6CAE44E6C842E4AD3CAC1A3962E5B840D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/98408006-ebc4-43ad-8237-e9e4393eaf46.roa
Signing time:             Sun 20 Aug 2023 00:00:00 +0000
ROA not before:           Sun 20 Aug 2023 00:00:00 +0000
ROA not after:            Sun 24 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:08:c7:a6:ca:e4:4e:6c:84:2e:4a:d3:ca:c1:a3:96:2e:5b:84:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 20 00:00:00 2023 GMT
            Not After : Sep 24 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:91:cc:a2:bd:b2:45:30:88:f9:66:58:44:d4:
                    42:bf:82:bf:f8:aa:9f:d6:15:5d:0d:38:b3:fa:bb:
                    81:06:af:20:eb:73:6c:1f:2a:fb:67:2e:53:f0:78:
                    b2:40:41:d9:17:c4:47:70:e5:30:6e:8f:11:10:b5:
                    cf:6e:d1:9d:ab:c6:7e:53:ab:f6:8d:8d:6d:7b:a7:
                    1f:08:cc:e6:37:1f:50:74:8e:d8:43:14:46:81:95:
                    b3:dc:7b:f4:f3:99:bb:23:c7:4f:eb:67:96:e1:c3:
                    e0:bc:5e:e4:1c:62:92:c6:48:a9:b2:02:4c:4c:cb:
                    45:72:d8:26:e6:c5:c7:6a:36:d0:6f:b5:5f:5b:9b:
                    eb:3c:89:0f:86:89:6a:ff:59:e9:c8:6f:32:2e:18:
                    cc:fb:97:c3:d9:f1:fa:3c:67:cc:02:56:bb:4a:5d:
                    ab:90:b8:24:be:12:52:82:35:0e:b8:37:0a:66:97:
                    81:7f:d5:a0:8a:11:28:cc:bd:3f:cd:91:30:6c:e0:
                    cd:1e:8f:6a:12:e0:4c:24:c3:cb:58:d1:a3:d5:dc:
                    0a:e3:68:15:7b:f9:4b:dd:25:11:a8:82:85:1f:73:
                    73:74:ea:a7:17:24:13:f6:a4:7b:b2:11:9b:8c:39:
                    15:7b:3b:e9:7d:72:58:f4:ed:70:46:51:81:a1:be:
                    fb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:15:EB:26:01:B7:0A:13:E4:8B:16:AF:00:44:54:79:7B:A5:4C:04
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/98408006-ebc4-43ad-8237-e9e4393eaf46.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:2e:55:be:94:89:49:31:d0:ff:57:a6:12:c4:c1:9d:e1:f3:
         09:11:a7:35:a1:f8:e8:6e:79:78:e1:90:63:cd:8b:0c:b6:c5:
         94:c9:60:09:97:31:37:7e:a5:87:20:ea:be:75:11:a7:a2:93:
         30:8e:7c:aa:fa:ee:c7:a9:40:f8:df:c6:bf:b8:6a:b9:f6:24:
         dd:eb:ad:8e:8d:00:12:24:17:0f:7b:b2:6b:36:7f:cc:93:c6:
         80:8c:ce:81:0f:a7:20:3d:98:99:4b:ee:4b:75:60:09:d1:33:
         5a:6c:13:ee:3b:c6:8e:f5:8e:ff:8a:ff:e9:eb:5e:27:52:d0:
         0d:0d:9c:1c:9f:67:4a:a9:fa:a8:85:a0:db:b5:a1:33:4f:ab:
         be:58:3f:1c:fd:be:23:b1:3f:54:9b:1e:24:2f:d7:33:82:dd:
         42:29:45:2f:27:88:71:b3:9b:1e:31:bb:e3:3a:77:9b:8e:0e:
         fc:99:db:36:4c:d6:2d:a2:42:b5:41:3b:85:a0:42:41:03:f0:
         34:0e:32:8a:a3:90:1f:72:86:c3:06:21:cb:1d:64:94:4f:ce:
         aa:b2:3a:94:f7:57:0e:45:ea:40:5f:da:57:c2:43:14:18:1e:
         c6:e4:a8:84:a9:de:b2:f8:09:19:c7:a0:6a:5a:70:6e:fc:7a:
         ed:87:ce:ed
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbQjHpsrkTmyELkrTysGjli5bhA0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODIwMDAwMDAwWhcNMjMwOTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTg1NDE4ZTM4YTM2MjZhNDRiZWZmYjRlMDYzZDdhNmFj
M2JlZWUwZDgwOWQ2ZmY1ZDEzZTE1NmZiMDFlMjJhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpkcyivbJFMIj5ZlhE1EK/gr/4qp/WFV0NOLP6u4EGryDr
c2wfKvtnLlPweLJAQdkXxEdw5TBujxEQtc9u0Z2rxn5Tq/aNjW17px8IzOY3H1B0
jthDFEaBlbPce/Tzmbsjx0/rZ5bhw+C8XuQcYpLGSKmyAkxMy0Vy2CbmxcdqNtBv
tV9bm+s8iQ+GiWr/WenIbzIuGMz7l8PZ8fo8Z8wCVrtKXauQuCS+ElKCNQ64Nwpm
l4F/1aCKESjMvT/NkTBs4M0ej2oS4Ewkw8tY0aPV3ArjaBV7+UvdJRGogoUfc3N0
6qcXJBP2pHuyEZuMORV7O+l9clj07XBGUYGhvvsHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUthXrJgG3ChPkixavAERUeXulTAQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk4NDA4MDA2LWViYzQtNDNhZC04MjM3LWU5ZTQzOTNlYWY0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADguVb6UiUkx0P9XphLEwZ3h8wkR
pzWh+OhueXjhkGPNiwy2xZTJYAmXMTd+pYcg6r51EaeikzCOfKr67sepQPjfxr+4
arn2JN3rrY6NABIkFw97sms2f8yTxoCMzoEPpyA9mJlL7kt1YAnRM1psE+47xo71
jv+K/+nrXidS0A0NnByfZ0qp+qiFoNu1oTNPq75YPxz9viOxP1SbHiQv1zOC3UIp
RS8niHGzmx4xu+M6d5uODvyZ2zZM1i2iQrVBO4WgQkED8DQOMoqjkB9yhsMGIcsd
ZJRPzqqyOpT3Vw5F6kBf2lfCQxQYHsbkqISp3rL4CRnHoGpacG78eu2Hzu0=
-----END CERTIFICATE-----