Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b88663b6-f3dd-43dc-8076-8fdd1280af50.roa
File:                     b88663b6-f3dd-43dc-8076-8fdd1280af50.roa (raw, json)
Hash identifier:          0JTRLIPvy+asWrhvjHa7BfVDt7mZ6tCbfa/EOGqx+Jk=
Subject key identifier:   57:28:4D:A9:58:70:BF:3C:E4:B9:A1:D5:C9:19:47:E9:5A:25:D0:B0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5848053FBF30C9A560E4356672EB90ECE14408FC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b88663b6-f3dd-43dc-8076-8fdd1280af50.roa
Signing time:             Thu 07 Sep 2023 00:00:00 +0000
ROA not before:           Thu 07 Sep 2023 00:00:00 +0000
ROA not after:            Thu 12 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:48:05:3f:bf:30:c9:a5:60:e4:35:66:72:eb:90:ec:e1:44:08:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  7 00:00:00 2023 GMT
            Not After : Oct 12 23:59:59 2023 GMT
        Subject: serialNumber=11ab221b4136ffc853a3811b602edddd3bbe7d63f471a48f34ba1a41fb6a9cbf, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4d:e4:bf:6d:f5:ed:9f:27:5f:14:0f:8d:28:
                    15:0a:10:1c:b1:0c:90:70:c7:d0:b6:1e:ae:93:57:
                    10:61:fb:ea:cb:58:f4:80:f2:6e:96:4d:cb:f9:10:
                    c6:ab:ff:fe:63:a4:a9:7b:98:d5:7f:7f:8a:9f:be:
                    25:9f:6b:4f:05:b2:c2:39:e9:f8:a0:00:38:06:e2:
                    3f:a6:3e:91:49:a2:36:3b:42:78:2c:f7:f0:85:1a:
                    d3:fc:b2:59:3f:3b:e7:f4:5c:75:40:f8:dd:23:b4:
                    90:c5:9b:58:9f:46:23:60:7e:c1:86:4d:c8:0e:ff:
                    a9:94:30:27:b2:fa:16:71:6b:4c:0f:c1:37:00:83:
                    ca:af:26:79:7e:95:02:4b:26:b1:a2:3a:98:fc:3a:
                    cb:39:9b:6b:88:09:04:35:1b:44:50:3f:47:ce:7c:
                    98:e9:ed:6f:4b:bb:87:f4:14:2e:90:41:e0:aa:bf:
                    60:d5:5d:63:ac:de:d2:27:81:4f:2e:76:14:34:fd:
                    05:cf:2f:56:ca:fe:bf:9f:d2:ec:8a:c2:75:6d:96:
                    7a:b6:98:ba:81:a1:93:f4:37:c0:fc:a5:f0:02:5c:
                    3e:e6:97:a6:d2:89:d2:a8:f0:c7:41:d9:40:0e:a0:
                    ff:12:48:33:a6:a5:9f:c6:1c:b0:57:77:f6:90:ae:
                    b1:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:28:4D:A9:58:70:BF:3C:E4:B9:A1:D5:C9:19:47:E9:5A:25:D0:B0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b88663b6-f3dd-43dc-8076-8fdd1280af50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:64:df:51:a4:76:a1:da:dc:58:52:db:fa:3a:e0:bc:1c:32:
         ab:15:1f:76:9e:0b:a4:2e:76:c8:71:d0:94:fa:f1:a6:9e:5e:
         ee:a8:25:c6:38:ba:f7:36:bd:31:82:c9:81:7c:54:7b:12:38:
         be:01:1e:23:40:08:65:d6:b9:1b:f8:3b:43:50:91:de:32:58:
         b8:5e:99:2e:d2:1f:c5:21:4a:a4:45:21:4e:03:05:44:93:27:
         20:6d:04:46:33:d3:bb:4a:e9:d9:01:c9:e0:c0:f5:99:86:12:
         65:c4:32:f2:86:a5:51:e3:6a:11:10:b8:41:fd:62:9c:e2:c7:
         f9:b8:7b:a5:b2:37:0f:f0:03:17:1e:ed:6b:50:a2:a2:db:07:
         7e:b7:f3:fd:80:19:b5:58:e4:88:a1:a3:ad:b0:22:b1:59:67:
         38:a7:34:c4:28:74:25:56:09:f6:e0:32:e2:35:81:48:b7:8c:
         15:7f:85:94:10:33:9f:3d:6d:51:a7:78:df:2e:26:00:5a:e4:
         f5:dd:42:e1:8b:f9:9d:77:cf:0f:98:53:38:85:47:9d:07:e4:
         5d:37:f3:c7:99:ac:d0:ca:36:b2:65:05:8b:10:51:c4:a3:72:
         0e:50:3b:39:45:19:c5:5d:f1:2d:65:67:3d:f5:8c:4b:b6:33:
         9f:d2:a6:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWEgFP78wyaVg5DVmcuuQ7OFECPwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA3MDAwMDAwWhcNMjMxMDEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMWFiMjIxYjQxMzZmZmM4NTNhMzgxMWI2MDJlZGRkZDNi
YmU3ZDYzZjQ3MWE0OGYzNGJhMWE0MWZiNmE5Y2JmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHTeS/bfXtnydfFA+NKBUKEByxDJBwx9C2Hq6TVxBh++rL
WPSA8m6WTcv5EMar//5jpKl7mNV/f4qfviWfa08FssI56figADgG4j+mPpFJojY7
Qngs9/CFGtP8slk/O+f0XHVA+N0jtJDFm1ifRiNgfsGGTcgO/6mUMCey+hZxa0wP
wTcAg8qvJnl+lQJLJrGiOpj8Oss5m2uICQQ1G0RQP0fOfJjp7W9Lu4f0FC6QQeCq
v2DVXWOs3tIngU8udhQ0/QXPL1bK/r+f0uyKwnVtlnq2mLqBoZP0N8D8pfACXD7m
l6bSidKo8MdB2UAOoP8SSDOmpZ/GHLBXd/aQrrEHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVyhNqVhwvzzkuaHVyRlH6Vol0LAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I4ODY2M2I2LWYzZGQtNDNkYy04MDc2LThmZGQxMjgwYWY1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABFk31GkdqHa3FhS2/o64LwcMqsV
H3aeC6Qudshx0JT68aaeXu6oJcY4uvc2vTGCyYF8VHsSOL4BHiNACGXWuRv4O0NQ
kd4yWLhemS7SH8UhSqRFIU4DBUSTJyBtBEYz07tK6dkByeDA9ZmGEmXEMvKGpVHj
ahEQuEH9Ypzix/m4e6WyNw/wAxce7WtQoqLbB3638/2AGbVY5Iiho62wIrFZZzin
NMQodCVWCfbgMuI1gUi3jBV/hZQQM589bVGneN8uJgBa5PXdQuGL+Z13zw+YUziF
R50H5F0388eZrNDKNrJlBYsQUcSjcg5QOzlFGcVd8S1lZz31jEu2M5/Spq8=
-----END CERTIFICATE-----