Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a3a93cf5-05f0-40a1-b627-856ac71d06f3.roa
File:                     a3a93cf5-05f0-40a1-b627-856ac71d06f3.roa (raw, json)
Hash identifier:          QgMBXmfphtCuQsAMS+bn5bJyJC2iM9zjge/JZRyjjG8=
Subject key identifier:   05:B8:F0:4D:A7:83:AB:EC:5E:35:6C:F4:44:17:C7:CE:F4:92:8F:91
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5B1BDF4FE76D471F33F799CA85FEE16CA5478454
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a3a93cf5-05f0-40a1-b627-856ac71d06f3.roa
Signing time:             Thu 14 Sep 2023 00:00:00 +0000
ROA not before:           Thu 14 Sep 2023 00:00:00 +0000
ROA not after:            Thu 19 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:1b:df:4f:e7:6d:47:1f:33:f7:99:ca:85:fe:e1:6c:a5:47:84:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 14 00:00:00 2023 GMT
            Not After : Oct 19 23:59:59 2023 GMT
        Subject: serialNumber=f72fbfe35f2def0e2dfdb671de9e226bea900e14bfc0691c0333b08fe711a8ad, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:14:88:ad:f7:5f:a4:55:37:a6:51:9b:fc:25:
                    a4:cb:06:1c:fb:b3:92:6b:2f:93:b6:8d:fe:a7:8b:
                    4f:0d:ba:5a:62:c8:27:05:92:df:b4:7a:92:cf:3c:
                    f4:1b:e7:98:a9:2c:db:e0:ce:35:e6:7e:ef:99:0c:
                    07:fe:67:56:82:bf:30:f7:cb:4f:d0:1b:c7:21:8f:
                    8f:27:61:bf:5f:3f:19:d3:32:7a:29:df:6d:bb:36:
                    b5:19:52:f8:46:c0:99:3e:74:24:49:fd:c6:b7:73:
                    42:3f:0e:c0:1e:22:69:47:54:83:97:64:08:f7:53:
                    25:ce:bc:ee:05:93:ee:df:88:fc:c2:fa:40:ed:28:
                    04:1b:ae:71:3b:61:4d:ad:b7:7c:d2:8e:0b:e2:46:
                    f8:9a:1a:f8:7c:13:3c:14:8a:47:13:40:64:ac:84:
                    69:d1:69:56:f9:65:0b:be:d2:3b:1f:7a:16:14:9a:
                    77:c9:46:38:b0:67:1f:52:98:0e:aa:3e:e8:78:67:
                    9b:03:6c:a7:34:7e:d9:62:d1:2e:f7:4e:db:4e:1d:
                    44:b8:7d:5a:13:db:d6:50:b5:5b:08:8e:5e:72:83:
                    2a:6e:fe:7b:25:26:0e:22:63:f7:f4:6c:c7:0f:41:
                    24:07:2f:dc:a0:a4:fe:8b:11:4b:e2:c9:f9:de:11:
                    45:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:B8:F0:4D:A7:83:AB:EC:5E:35:6C:F4:44:17:C7:CE:F4:92:8F:91
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a3a93cf5-05f0-40a1-b627-856ac71d06f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:d5:de:e2:d3:4e:9d:af:06:fa:bb:f8:38:9a:b0:9c:0f:1b:
         ad:36:26:7e:50:3c:15:77:68:47:c7:f0:b2:a1:66:bb:02:d0:
         fa:2c:87:d2:3e:fe:2d:6e:dc:65:2a:a9:6c:67:73:56:5d:3f:
         59:ed:3a:7f:b4:c3:63:e4:e4:b1:5b:6e:e8:41:56:4d:e7:51:
         f9:97:51:ad:1d:98:ca:74:f9:0f:72:f9:0c:78:a2:14:a6:c8:
         66:80:47:a0:ea:ab:a5:0c:39:99:01:e9:67:39:a2:6a:f4:39:
         ca:e9:7d:5d:8c:09:c8:47:cd:0b:6d:dd:aa:e1:58:f5:ad:87:
         09:d1:95:7c:e1:d1:5f:95:f4:e6:20:18:e6:53:f9:1a:91:71:
         e4:66:d9:c1:b9:4e:0f:6b:be:88:e7:bc:d1:d0:4f:ff:7e:98:
         3a:d9:1c:de:ef:96:39:db:36:84:0e:d9:c5:32:73:b6:12:b6:
         fe:02:bf:54:88:90:15:2f:26:af:95:e9:fd:1c:aa:3e:ba:c5:
         34:c2:f6:27:63:b3:49:26:db:06:23:f2:70:b9:9f:8c:04:37:
         af:35:20:8d:3c:d4:b5:b5:78:dc:93:09:6f:f2:4b:38:1d:d9:
         16:e6:e7:11:63:35:b0:70:af:67:30:6f:d2:dd:ba:3a:5c:b9:
         a5:9d:fc:db
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWxvfT+dtRx8z95nKhf7hbKVHhFQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE0MDAwMDAwWhcNMjMxMDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzJmYmZlMzVmMmRlZjBlMmRmZGI2NzFkZTllMjI2YmVh
OTAwZTE0YmZjMDY5MWMwMzMzYjA4ZmU3MTFhOGFkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzFIit91+kVTemUZv8JaTLBhz7s5JrL5O2jf6ni08Nulpi
yCcFkt+0epLPPPQb55ipLNvgzjXmfu+ZDAf+Z1aCvzD3y0/QG8chj48nYb9fPxnT
Mnop3227NrUZUvhGwJk+dCRJ/ca3c0I/DsAeImlHVIOXZAj3UyXOvO4Fk+7fiPzC
+kDtKAQbrnE7YU2tt3zSjgviRviaGvh8EzwUikcTQGSshGnRaVb5ZQu+0jsfehYU
mnfJRjiwZx9SmA6qPuh4Z5sDbKc0ftli0S73TttOHUS4fVoT29ZQtVsIjl5ygypu
/nslJg4iY/f0bMcPQSQHL9ygpP6LEUviyfneEUW9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBbjwTaeDq+xeNWz0RBfHzvSSj5EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2EzYTkzY2Y1LTA1ZjAtNDBhMS1iNjI3LTg1NmFjNzFkMDZmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB/V3uLTTp2vBvq7+DiasJwPG602
Jn5QPBV3aEfH8LKhZrsC0Posh9I+/i1u3GUqqWxnc1ZdP1ntOn+0w2Pk5LFbbuhB
Vk3nUfmXUa0dmMp0+Q9y+Qx4ohSmyGaAR6Dqq6UMOZkB6Wc5omr0OcrpfV2MCchH
zQtt3arhWPWthwnRlXzh0V+V9OYgGOZT+RqRceRm2cG5Tg9rvojnvNHQT/9+mDrZ
HN7vljnbNoQO2cUyc7YStv4Cv1SIkBUvJq+V6f0cqj66xTTC9idjs0km2wYj8nC5
n4wEN681II081LW1eNyTCW/ySzgd2Rbm5xFjNbBwr2cwb9LdujpcuaWd/Ns=
-----END CERTIFICATE-----