Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ae53ece8-9b21-4503-99b8-babfa21bae80.roa
File:                     ae53ece8-9b21-4503-99b8-babfa21bae80.roa (raw, json)
Hash identifier:          nMRbThg0mJz1qUVFPoo8hLJd1JLoTH3R6/Qp4fRp2eA=
Subject key identifier:   78:98:74:9B:7C:9E:DD:6F:4D:E9:CE:A0:CA:89:93:11:2F:24:67:58
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7777D493D07F38AC641CFE0CDCDF37C56B8A4B1B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ae53ece8-9b21-4503-99b8-babfa21bae80.roa
Signing time:             Thu 29 Jun 2023 00:00:00 +0000
ROA not before:           Thu 29 Jun 2023 00:00:00 +0000
ROA not after:            Thu 03 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:77:d4:93:d0:7f:38:ac:64:1c:fe:0c:dc:df:37:c5:6b:8a:4b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 29 00:00:00 2023 GMT
            Not After : Aug  3 23:59:59 2023 GMT
        Subject: serialNumber=1c3c8efaa83ca2c728af062b4a406dae87f2ddf162c8f46fe6407080465063bd, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:66:d9:a0:f5:bb:2f:4f:53:06:e3:34:6f:13:
                    35:2a:ab:26:ba:e6:e2:ff:46:92:c5:fd:cc:76:70:
                    62:ce:d3:d8:14:79:36:6d:b4:ae:2e:86:cf:6f:dc:
                    63:50:63:17:bd:0d:9d:2a:51:56:f3:2f:19:ac:2b:
                    2a:4f:21:8e:9b:7c:48:e0:17:db:31:e6:e3:9e:38:
                    fa:81:ee:74:91:a8:64:34:eb:45:c9:7a:1d:53:8c:
                    a4:d6:a1:be:3d:d0:9d:f8:0b:ad:2d:c4:44:90:6e:
                    3d:17:48:f5:45:af:92:94:5a:60:0b:ef:f3:0a:bd:
                    b6:53:35:83:ef:d2:93:11:82:46:9c:65:2f:16:45:
                    17:60:0d:54:35:ff:89:52:95:db:c2:54:ac:b0:21:
                    75:6b:31:9d:71:14:34:3b:6a:26:d7:79:a7:13:78:
                    eb:2c:35:6c:75:74:68:d1:f0:54:50:26:c4:b6:d5:
                    5c:5b:9a:d0:ce:89:db:1a:1d:76:6b:d1:0b:7f:7e:
                    d4:f9:3c:40:5d:bb:11:91:35:e3:9b:55:9b:5c:ab:
                    20:16:32:71:04:d0:a7:61:7c:e5:3d:fb:c3:e5:90:
                    00:64:6d:11:da:bf:38:f6:4a:7c:43:14:48:a6:53:
                    dd:d1:b0:ec:9e:b0:f9:3f:3f:ac:3d:c1:c4:c3:6c:
                    d9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:98:74:9B:7C:9E:DD:6F:4D:E9:CE:A0:CA:89:93:11:2F:24:67:58
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ae53ece8-9b21-4503-99b8-babfa21bae80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:7e:7f:05:a6:f2:13:d6:c5:ff:17:41:23:5d:53:98:ec:04:
         bb:4c:cf:ba:8c:1a:e0:bd:25:cf:2f:f1:35:b1:28:d3:bd:a6:
         7a:75:f7:d0:73:1d:a3:86:22:16:d5:d0:ac:19:51:86:5e:5f:
         a2:9b:2a:26:48:d8:20:2a:01:f7:43:53:ce:79:af:a0:a2:00:
         12:96:01:f7:c9:fd:93:3b:cc:5c:5d:e6:f3:fd:aa:af:93:20:
         40:13:e9:12:ab:0d:fd:ab:8b:03:bd:48:c5:58:b8:0f:ac:8a:
         83:5c:9e:7d:19:77:81:f6:2b:72:2b:51:36:00:a6:67:cd:e2:
         bc:8c:a2:ac:44:33:8e:79:62:41:43:68:40:b6:f1:cf:20:54:
         a9:c6:9f:d3:b5:26:21:7b:89:0d:1b:bf:8a:62:d2:67:e2:a1:
         05:2e:8b:4d:52:06:27:a9:60:8f:c8:7f:52:9f:25:72:94:56:
         8b:fa:e2:06:9b:e8:44:7c:bb:d0:c4:df:3c:93:7e:54:fa:e8:
         4f:ad:41:11:40:5b:c3:7e:90:6a:c1:e6:14:95:3d:19:d2:f8:
         af:0b:13:6e:98:47:f4:e8:6e:a1:57:2d:f9:9f:11:51:d0:07:
         19:46:9d:9a:d3:ac:ca:39:5a:e8:fb:07:3f:3f:ee:d8:d0:31:
         0d:e3:f2:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd3fUk9B/OKxkHP4M3N83xWuKSxswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI5MDAwMDAwWhcNMjMwODAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYzNjOGVmYWE4M2NhMmM3MjhhZjA2MmI0YTQwNmRhZTg3
ZjJkZGYxNjJjOGY0NmZlNjQwNzA4MDQ2NTA2M2JkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGZtmg9bsvT1MG4zRvEzUqqya65uL/RpLF/cx2cGLO09gU
eTZttK4uhs9v3GNQYxe9DZ0qUVbzLxmsKypPIY6bfEjgF9sx5uOeOPqB7nSRqGQ0
60XJeh1TjKTWob490J34C60txESQbj0XSPVFr5KUWmAL7/MKvbZTNYPv0pMRgkac
ZS8WRRdgDVQ1/4lSldvCVKywIXVrMZ1xFDQ7aibXeacTeOssNWx1dGjR8FRQJsS2
1VxbmtDOidsaHXZr0Qt/ftT5PEBduxGRNeObVZtcqyAWMnEE0KdhfOU9+8PlkABk
bRHavzj2SnxDFEimU93RsOyesPk/P6w9wcTDbNmhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeJh0m3ye3W9N6c6gyomTES8kZ1gwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FlNTNlY2U4LTliMjEtNDUwMy05OWI4LWJhYmZhMjFiYWU4MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFJ+fwWm8hPWxf8XQSNdU5jsBLtM
z7qMGuC9Jc8v8TWxKNO9pnp199BzHaOGIhbV0KwZUYZeX6KbKiZI2CAqAfdDU855
r6CiABKWAffJ/ZM7zFxd5vP9qq+TIEAT6RKrDf2riwO9SMVYuA+sioNcnn0Zd4H2
K3IrUTYApmfN4ryMoqxEM455YkFDaEC28c8gVKnGn9O1JiF7iQ0bv4pi0mfioQUu
i01SBiepYI/If1KfJXKUVov64gab6ER8u9DE3zyTflT66E+tQRFAW8N+kGrB5hSV
PRnS+K8LE26YR/TobqFXLfmfEVHQBxlGnZrTrMo5Wuj7Bz8/7tjQMQ3j8mo=
-----END CERTIFICATE-----