Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/096cbad2-75ca-4814-96af-e03f6a15ba54.roa
File:                     096cbad2-75ca-4814-96af-e03f6a15ba54.roa (raw, json)
Hash identifier:          yXHYPGx4x/ulua9Py9FqCvv+VDJGsaOQAWVPCRKTJ44=
Subject key identifier:   35:53:8D:5B:ED:14:38:E6:43:E4:6E:96:60:48:C0:39:68:55:EF:82
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       70B343869A32C6997286477EFAF52F1A291338A8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/096cbad2-75ca-4814-96af-e03f6a15ba54.roa
Signing time:             Tue 10 Oct 2023 00:00:00 +0000
ROA not before:           Tue 10 Oct 2023 00:00:00 +0000
ROA not after:            Tue 14 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:b3:43:86:9a:32:c6:99:72:86:47:7e:fa:f5:2f:1a:29:13:38:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 10 00:00:00 2023 GMT
            Not After : Nov 14 23:59:59 2023 GMT
        Subject: serialNumber=8884e9ad4289f730d9f8548ed445c9ef22cf982734a312201770d75a38ca6f2c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:17:50:fb:a3:b4:e7:23:94:49:0a:a8:18:86:
                    74:19:81:d8:8c:03:91:24:94:c7:24:18:4c:b8:4c:
                    81:11:4d:c8:01:16:4d:fc:e4:70:2a:8b:e8:99:f6:
                    1c:7d:ce:7f:66:c5:1b:d4:e5:cf:a3:01:a9:3c:10:
                    4a:c5:fd:ce:8d:b8:d6:c9:74:54:d7:50:a6:2e:ca:
                    35:5b:cf:b9:be:a5:50:17:bc:e1:6b:8a:8a:16:ec:
                    c4:e4:51:c2:d1:46:57:f0:29:a6:e1:20:1b:cb:e6:
                    f7:9a:ba:53:b5:87:de:a1:1e:f5:0e:08:5b:9f:5e:
                    c5:58:c1:7f:4b:20:44:ac:7c:22:29:7d:7a:11:79:
                    df:18:de:cf:07:d8:33:df:8d:0b:a1:4f:99:d5:30:
                    e0:86:de:4e:04:39:ec:eb:da:6e:0c:69:2a:f3:f2:
                    10:ed:e7:d2:3c:e0:a6:f4:fa:ce:23:7b:60:31:50:
                    67:9b:85:e5:ab:26:0d:34:b9:56:a7:5d:de:8b:ee:
                    b3:90:cc:5f:0c:9b:d4:1c:ca:3e:2c:57:4b:63:12:
                    60:e2:98:6b:c3:73:4b:e1:4e:aa:aa:bf:37:f3:6f:
                    50:1f:47:36:65:f4:31:a7:3a:71:18:b5:60:65:10:
                    20:55:83:f1:9f:28:6b:32:69:25:aa:13:b8:ed:0d:
                    6e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:53:8D:5B:ED:14:38:E6:43:E4:6E:96:60:48:C0:39:68:55:EF:82
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/096cbad2-75ca-4814-96af-e03f6a15ba54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:19:84:cb:05:f4:27:ec:52:ed:7c:ed:8e:fc:0d:7c:40:4d:
         c2:4c:99:99:3f:34:33:9a:df:13:ef:d5:7d:33:47:c1:98:4a:
         d1:c2:48:ca:f9:d7:cb:50:ed:6a:01:5a:d3:32:f3:43:23:77:
         f4:cb:a0:fe:5d:e7:27:01:0e:8b:ef:e9:30:59:51:05:77:30:
         58:2b:fb:77:e1:69:c3:b7:7b:59:03:d7:8d:f9:dc:d9:c4:57:
         08:a3:7c:01:ec:6d:7b:10:39:55:c3:13:02:85:5d:d5:cd:89:
         f5:3b:65:01:4b:97:ea:50:2a:34:f7:80:c5:2a:4f:a0:67:ee:
         ea:16:42:2f:85:e7:23:e5:a9:ac:03:b5:fe:53:5b:98:5d:01:
         5c:49:d2:60:a7:61:20:a5:4a:a4:bf:59:52:e2:73:7e:b1:0d:
         fd:eb:5d:dd:64:e7:d3:89:47:30:5b:0c:a2:0c:dd:a3:4d:7b:
         aa:0a:4b:6a:be:73:de:98:3b:a9:45:4f:c8:0f:69:bf:a9:eb:
         36:3c:28:65:4a:27:ef:ed:49:95:6f:26:d6:52:1f:20:9a:4d:
         c9:d8:36:be:db:65:d6:9b:f1:ab:de:f8:0b:aa:c5:17:d7:bd:
         10:24:60:31:ab:ab:38:fd:57:f4:9c:ef:20:00:26:08:44:bc:
         b4:96:a2:8a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcLNDhpoyxplyhkd++vUvGikTOKgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDEwMDAwMDAwWhcNMjMxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ODg0ZTlhZDQyODlmNzMwZDlmODU0OGVkNDQ1YzllZjIy
Y2Y5ODI3MzRhMzEyMjAxNzcwZDc1YTM4Y2E2ZjJjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDrF1D7o7TnI5RJCqgYhnQZgdiMA5EklMckGEy4TIERTcgB
Fk385HAqi+iZ9hx9zn9mxRvU5c+jAak8EErF/c6NuNbJdFTXUKYuyjVbz7m+pVAX
vOFriooW7MTkUcLRRlfwKabhIBvL5veaulO1h96hHvUOCFufXsVYwX9LIESsfCIp
fXoRed8Y3s8H2DPfjQuhT5nVMOCG3k4EOezr2m4MaSrz8hDt59I84Kb0+s4je2Ax
UGebheWrJg00uVanXd6L7rOQzF8Mm9Qcyj4sV0tjEmDimGvDc0vhTqqqvzfzb1Af
RzZl9DGnOnEYtWBlECBVg/GfKGsyaSWqE7jtDW6RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNVONW+0UOOZD5G6WYEjAOWhV74IwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA5NmNiYWQyLTc1Y2EtNDgxNC05NmFmLWUwM2Y2YTE1YmE1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFwZhMsF9CfsUu187Y78DXxATcJM
mZk/NDOa3xPv1X0zR8GYStHCSMr518tQ7WoBWtMy80Mjd/TLoP5d5ycBDovv6TBZ
UQV3MFgr+3fhacO3e1kD14353NnEVwijfAHsbXsQOVXDEwKFXdXNifU7ZQFLl+pQ
KjT3gMUqT6Bn7uoWQi+F5yPlqawDtf5TW5hdAVxJ0mCnYSClSqS/WVLic36xDf3r
Xd1k59OJRzBbDKIM3aNNe6oKS2q+c96YO6lFT8gPab+p6zY8KGVKJ+/tSZVvJtZS
HyCaTcnYNr7bZdab8ave+AuqxRfXvRAkYDGrqzj9V/Sc7yAAJghEvLSWooo=
-----END CERTIFICATE-----