Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9e8ec9a7-34ff-41a1-b490-41ec3e978948.roa
File:                     9e8ec9a7-34ff-41a1-b490-41ec3e978948.roa (raw, json)
Hash identifier:          mzd0JF/A7a+/mmDO1LLQONHhLrA+86Wo84Cn4y3G+VQ=
Subject key identifier:   A4:29:BF:4F:00:1A:72:DE:26:02:A7:E8:63:4E:82:A9:DE:F3:C7:B4
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       33B7A149C2F2C060BF7B6DF7A9AEEFD1BE44B8A1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9e8ec9a7-34ff-41a1-b490-41ec3e978948.roa
Signing time:             Mon 30 Oct 2023 00:00:00 +0000
ROA not before:           Mon 30 Oct 2023 00:00:00 +0000
ROA not after:            Mon 04 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:b7:a1:49:c2:f2:c0:60:bf:7b:6d:f7:a9:ae:ef:d1:be:44:b8:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 30 00:00:00 2023 GMT
            Not After : Dec  4 23:59:59 2023 GMT
        Subject: serialNumber=37b8b037235ef672c2b559821ae68c1ba804e6bf3a08aa61621f097456a23231, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:cf:5e:c0:53:b2:69:c8:f2:47:8b:e4:22:fc:
                    73:28:e7:3f:5f:33:46:b7:f5:91:26:08:60:53:c4:
                    4c:d9:30:26:dd:bd:02:3a:71:c0:05:49:49:65:c1:
                    c0:d1:98:97:67:e5:91:c7:32:ea:7c:f2:a8:42:42:
                    70:9a:10:99:ee:44:e2:7a:f4:17:f6:a6:21:ef:aa:
                    f2:44:7c:7a:a7:ac:fd:1e:cd:5d:ab:90:f2:47:55:
                    97:56:f1:09:73:d7:93:e3:76:d3:5b:4a:da:78:e8:
                    51:07:12:2e:eb:68:17:e9:d6:cc:a4:19:89:5b:ea:
                    d2:6a:44:6a:81:5e:10:41:40:0d:78:2b:db:b8:82:
                    c0:4a:61:35:8c:9f:1a:0d:cc:07:8d:28:c9:90:f3:
                    f6:c2:37:4d:ca:61:64:7e:ef:4c:12:a3:c9:8f:26:
                    3e:a2:29:4f:c4:df:fc:5d:88:b7:50:52:d4:fa:b0:
                    61:0f:d9:36:58:6f:10:30:c1:f2:57:b7:4a:9b:07:
                    3b:18:10:d9:b7:4b:8d:10:09:ca:7c:2b:91:1d:c6:
                    d9:10:7b:1c:74:12:71:a5:f4:de:f1:42:ef:ac:6f:
                    49:19:0a:9b:32:d9:0c:61:84:f4:2b:c1:8f:1a:3e:
                    d4:1a:34:06:60:ae:49:bf:1a:bd:1e:94:fa:0c:a2:
                    73:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:29:BF:4F:00:1A:72:DE:26:02:A7:E8:63:4E:82:A9:DE:F3:C7:B4
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9e8ec9a7-34ff-41a1-b490-41ec3e978948.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:ab:e7:a2:d4:93:87:cd:8c:51:41:e6:e7:48:e5:07:59:5f:
         a5:73:5e:5b:43:91:bf:dc:aa:5a:b8:df:ca:0d:06:ae:5f:31:
         9e:f0:87:b7:ff:14:19:34:38:13:c2:d9:69:4f:df:f4:98:0e:
         0f:f3:92:8e:43:ff:f0:69:21:66:b7:2c:92:0d:d3:ca:62:47:
         61:cd:8f:31:b8:8f:1f:47:8e:5c:18:91:60:14:d9:57:2a:a9:
         ea:f7:be:81:66:ce:7b:5a:2a:af:77:7f:db:9b:38:f4:4c:18:
         3c:db:ee:e1:ee:50:70:75:3d:d3:14:7d:cf:7c:79:08:fd:e8:
         2b:f5:76:14:96:69:84:c4:66:4c:1b:a1:62:f2:71:53:bb:1a:
         e5:ff:c3:82:75:74:37:50:7a:8f:d3:9d:1e:f9:01:02:b2:0f:
         3c:27:4a:f4:b0:35:3b:ed:1a:da:10:fd:2f:ff:3b:0b:3d:df:
         88:3e:77:2b:bd:56:75:e7:97:25:cd:66:dc:42:ac:0a:74:d6:
         17:39:6d:36:b8:85:b0:39:84:9c:26:ac:a3:da:75:1e:45:a1:
         e4:0a:0f:69:b1:e6:80:ae:ad:1f:4e:09:51:90:7c:0c:3b:f8:
         38:8a:f5:42:e8:54:c1:e7:f6:df:86:7e:2a:6c:b2:b7:ca:08:
         69:5f:f0:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM7ehScLywGC/e233qa7v0b5EuKEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDMwMDAwMDAwWhcNMjMxMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2I4YjAzNzIzNWVmNjcyYzJiNTU5ODIxYWU2OGMxYmE4
MDRlNmJmM2EwOGFhNjE2MjFmMDk3NDU2YTIzMjMxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7z17AU7JpyPJHi+Qi/HMo5z9fM0a39ZEmCGBTxEzZMCbd
vQI6ccAFSUllwcDRmJdn5ZHHMup88qhCQnCaEJnuROJ69Bf2piHvqvJEfHqnrP0e
zV2rkPJHVZdW8Qlz15PjdtNbStp46FEHEi7raBfp1sykGYlb6tJqRGqBXhBBQA14
K9u4gsBKYTWMnxoNzAeNKMmQ8/bCN03KYWR+70wSo8mPJj6iKU/E3/xdiLdQUtT6
sGEP2TZYbxAwwfJXt0qbBzsYENm3S40QCcp8K5EdxtkQexx0EnGl9N7xQu+sb0kZ
Cpsy2QxhhPQrwY8aPtQaNAZgrkm/Gr0elPoMonNbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpCm/TwAact4mAqfoY06Cqd7zx7QwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzllOGVjOWE3LTM0ZmYtNDFhMS1iNDkwLTQxZWMzZTk3ODk0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJur56LUk4fNjFFB5udI5QdZX6Vz
XltDkb/cqlq438oNBq5fMZ7wh7f/FBk0OBPC2WlP3/SYDg/zko5D//BpIWa3LJIN
08piR2HNjzG4jx9HjlwYkWAU2Vcqqer3voFmzntaKq93f9ubOPRMGDzb7uHuUHB1
PdMUfc98eQj96Cv1dhSWaYTEZkwboWLycVO7GuX/w4J1dDdQeo/TnR75AQKyDzwn
SvSwNTvtGtoQ/S//Ows934g+dyu9VnXnlyXNZtxCrAp01hc5bTa4hbA5hJwmrKPa
dR5FoeQKD2mx5oCurR9OCVGQfAw7+DiK9ULoVMHn9t+GfipssrfKCGlf8D0=
-----END CERTIFICATE-----