Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb68e596-f067-45c7-ab78-1140074d2130.roa
File:                     fb68e596-f067-45c7-ab78-1140074d2130.roa (raw, json)
Hash identifier:          q1ivCdFrn94pwypbWDjkfspkS8V06rLeYeMNw3shpLE=
Subject key identifier:   07:50:9F:91:CA:69:CE:87:07:CF:A1:3C:4E:C3:C7:DB:44:C6:0B:57
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4430219E43FF5F9B6E164673B602022862A4C0D7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb68e596-f067-45c7-ab78-1140074d2130.roa
Signing time:             Mon 31 Jul 2023 00:00:00 +0000
ROA not before:           Mon 31 Jul 2023 00:00:00 +0000
ROA not after:            Mon 04 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:30:21:9e:43:ff:5f:9b:6e:16:46:73:b6:02:02:28:62:a4:c0:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 31 00:00:00 2023 GMT
            Not After : Sep  4 23:59:59 2023 GMT
        Subject: serialNumber=97888931517a6c23d7c6382599ab0f688fc0982068abfb6cb4b1e3a81c67b27c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0b:25:56:e4:70:f3:75:47:15:df:f2:b5:64:
                    49:e3:17:aa:2a:1b:73:08:59:27:c0:a0:c9:f8:0d:
                    43:53:26:5f:97:df:13:a3:b3:dd:c0:93:eb:9f:7b:
                    12:4f:92:95:49:1e:73:a1:91:c5:89:68:c7:a4:18:
                    f5:76:a6:26:cb:81:68:78:de:2a:82:5b:df:7d:e2:
                    e9:57:4c:de:b9:45:37:63:b5:9b:44:80:2f:6d:f1:
                    d5:50:46:ba:fe:49:b1:e2:02:e0:83:0b:70:d6:1a:
                    69:52:ba:ac:d1:77:df:e3:b8:be:54:2d:06:02:1f:
                    5e:98:cc:02:3e:62:8d:97:d7:3f:56:68:e0:d9:75:
                    5f:29:be:20:6c:be:13:e3:33:97:b4:d4:4b:fd:59:
                    49:ae:b5:9f:65:02:a4:42:25:f0:f9:af:fc:85:29:
                    94:06:50:f0:05:3b:ac:e4:9f:60:21:a1:b6:40:c5:
                    90:ca:bc:37:a3:68:0b:26:dc:f5:e4:8d:ae:15:75:
                    d8:b9:c2:50:47:80:aa:90:92:52:a7:f6:15:fc:24:
                    32:96:7d:b5:85:db:bc:7d:e7:31:07:e1:9e:83:a2:
                    11:9c:3f:cd:2a:67:44:fe:e2:04:42:64:8b:56:7b:
                    ce:43:9a:b9:87:78:33:af:9b:bc:0f:b5:41:39:88:
                    18:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:50:9F:91:CA:69:CE:87:07:CF:A1:3C:4E:C3:C7:DB:44:C6:0B:57
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fb68e596-f067-45c7-ab78-1140074d2130.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:ef:d0:0d:51:1c:f2:4c:e6:67:03:83:d6:b9:a2:9d:23:3c:
         47:e0:98:a7:fb:5b:2d:6a:c2:a5:f2:59:e2:bc:83:f3:bc:a3:
         e5:fa:8c:89:7b:a5:8b:1d:32:62:14:a7:99:fa:85:6d:56:06:
         54:1d:2c:d7:4e:ce:08:6c:ce:a4:e9:51:aa:b6:fb:9b:50:94:
         d2:41:e5:cf:8b:40:14:36:7b:6c:04:5b:88:13:b2:af:9e:33:
         4b:6f:20:f1:cb:30:fc:78:45:e0:aa:1f:60:b8:62:95:39:0b:
         a6:52:f7:9c:4a:bd:37:6f:76:07:0d:29:81:d9:50:db:a0:e7:
         5d:6c:9a:5c:e7:9a:61:98:1f:41:3d:c2:98:1c:3b:94:0a:36:
         78:16:08:1c:20:6d:0e:6b:e7:f8:fe:da:ad:77:35:5a:90:3f:
         5b:8d:63:40:a7:a4:f2:c1:95:ff:b7:c7:5e:0f:e9:d3:aa:f4:
         45:f8:ee:ae:de:f9:a7:61:b7:49:f1:99:bf:cd:51:b8:f4:b3:
         d7:9f:cb:87:7e:b8:46:66:a1:2c:0c:cb:80:56:1f:f7:fd:01:
         a9:cc:60:d7:93:69:f9:04:16:ce:a9:12:c8:a4:93:68:3a:8a:
         fa:31:0d:13:7d:be:3a:c1:e5:15:00:5f:ea:77:8f:33:a7:16:
         6d:8b:42:bf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURDAhnkP/X5tuFkZztgICKGKkwNcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzMxMDAwMDAwWhcNMjMwOTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5Nzg4ODkzMTUxN2E2YzIzZDdjNjM4MjU5OWFiMGY2ODhm
YzA5ODIwNjhhYmZiNmNiNGIxZTNhODFjNjdiMjdjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPCyVW5HDzdUcV3/K1ZEnjF6oqG3MIWSfAoMn4DUNTJl+X
3xOjs93Ak+ufexJPkpVJHnOhkcWJaMekGPV2pibLgWh43iqCW9994ulXTN65RTdj
tZtEgC9t8dVQRrr+SbHiAuCDC3DWGmlSuqzRd9/juL5ULQYCH16YzAI+Yo2X1z9W
aODZdV8pviBsvhPjM5e01Ev9WUmutZ9lAqRCJfD5r/yFKZQGUPAFO6zkn2AhobZA
xZDKvDejaAsm3PXkja4Vddi5wlBHgKqQklKn9hX8JDKWfbWF27x95zEH4Z6DohGc
P80qZ0T+4gRCZItWe85DmrmHeDOvm7wPtUE5iBhFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUB1CfkcppzocHz6E8TsPH20TGC1cwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZiNjhlNTk2LWYwNjctNDVjNy1hYjc4LTExNDAwNzRkMjEzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACnv0A1RHPJM5mcDg9a5op0jPEfg
mKf7Wy1qwqXyWeK8g/O8o+X6jIl7pYsdMmIUp5n6hW1WBlQdLNdOzghszqTpUaq2
+5tQlNJB5c+LQBQ2e2wEW4gTsq+eM0tvIPHLMPx4ReCqH2C4YpU5C6ZS95xKvTdv
dgcNKYHZUNug511smlznmmGYH0E9wpgcO5QKNngWCBwgbQ5r5/j+2q13NVqQP1uN
Y0CnpPLBlf+3x14P6dOq9EX47q7e+adht0nxmb/NUbj0s9efy4d+uEZmoSwMy4BW
H/f9AanMYNeTafkEFs6pEsikk2g6ivoxDRN9vjrB5RUAX+p3jzOnFm2LQr8=
-----END CERTIFICATE-----