Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4bbdf400-a623-4ebf-8efb-cebb54f658fe.roa
File:                     4bbdf400-a623-4ebf-8efb-cebb54f658fe.roa (raw, json)
Hash identifier:          TuM0cpl++mWtLSjPN7X97/K2rBkJRZdA1ytdVKxS8Gc=
Subject key identifier:   D7:87:32:83:65:58:D1:92:98:50:C1:01:8C:48:8E:2A:B6:57:EE:39
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1499F6E759D8E16A508D9BC68212405EAC377EF6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4bbdf400-a623-4ebf-8efb-cebb54f658fe.roa
Signing time:             Fri 25 Aug 2023 00:00:00 +0000
ROA not before:           Fri 25 Aug 2023 00:00:00 +0000
ROA not after:            Fri 29 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:99:f6:e7:59:d8:e1:6a:50:8d:9b:c6:82:12:40:5e:ac:37:7e:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 25 00:00:00 2023 GMT
            Not After : Sep 29 23:59:59 2023 GMT
        Subject: serialNumber=398386ef763f229d761d2217104d17ebd1fa7db2391388969edf4f818056f085, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:7b:41:ea:fc:d9:fa:0b:c1:f3:ee:cd:39:c4:
                    f7:f3:9d:7d:22:b8:30:ed:26:d0:27:68:35:5d:3c:
                    65:80:50:40:bf:80:99:44:42:94:6f:64:18:c8:37:
                    25:ec:ce:25:e1:33:04:04:4d:e6:6c:3f:81:df:38:
                    30:2c:13:ec:b6:ba:ca:a4:82:bc:5f:2d:b7:87:0c:
                    c6:71:7b:eb:2c:e7:07:1b:7a:91:ed:5c:64:9a:f3:
                    6f:f6:fc:1d:41:b2:32:9f:c2:33:27:76:a2:0e:16:
                    cc:de:09:c7:81:0b:fa:ef:ad:96:ec:3a:ff:8e:30:
                    7c:67:db:63:35:22:01:da:ca:9d:6f:2c:09:a9:e1:
                    17:4b:fc:0f:b3:1e:a2:8c:40:04:b6:5c:a1:cf:8a:
                    9b:77:49:88:db:3a:60:31:21:ce:37:d4:d0:61:bf:
                    c1:59:2d:27:af:b6:b9:a5:36:ff:74:96:a0:7c:ae:
                    68:02:3c:c6:75:9d:29:ff:49:5b:e7:72:b7:04:ac:
                    e5:0f:f6:91:3d:b2:bd:cb:80:ec:b9:7d:78:86:c5:
                    87:dc:3b:84:3f:6c:eb:b9:00:9b:99:e5:25:29:19:
                    4c:55:73:b9:58:e2:28:c5:3e:5d:47:b5:63:31:4e:
                    48:e5:e6:fd:4a:71:40:2c:60:81:d7:54:18:fb:f7:
                    bf:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:87:32:83:65:58:D1:92:98:50:C1:01:8C:48:8E:2A:B6:57:EE:39
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4bbdf400-a623-4ebf-8efb-cebb54f658fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:5c:d1:be:f8:65:c7:d6:96:2b:16:88:23:0d:cf:1d:70:65:
         fe:49:e1:47:25:5b:c4:77:3a:b8:7e:19:a1:39:ad:24:32:10:
         9c:de:86:e9:d1:fa:c6:67:7a:58:b6:63:14:a3:b5:ac:79:a6:
         bc:0c:71:92:be:62:9a:df:02:90:ff:6c:2f:07:52:ff:3a:d0:
         bf:82:52:1a:83:dd:60:5a:84:79:11:92:07:95:01:4c:f3:45:
         c9:55:60:a5:fb:9f:51:dc:9d:ee:44:77:7c:57:a9:4d:20:f8:
         d6:90:cd:ec:23:86:ef:ba:b8:e6:43:a8:c5:df:2d:4a:d1:64:
         ea:9c:09:77:e1:c9:56:63:7c:13:ff:62:82:f7:85:ff:95:d8:
         1a:4d:97:69:29:b4:53:2c:19:d7:b7:3c:59:f6:f5:dc:52:43:
         73:8a:9f:59:e3:1e:b9:40:eb:6e:e0:2a:64:e4:14:2a:61:73:
         f3:31:08:c9:7c:a0:3b:63:5e:37:7e:a9:02:6d:61:70:22:79:
         f3:e6:39:f3:76:4e:bb:82:fd:7d:9b:60:ad:03:ca:0c:ee:4a:
         e9:89:c4:13:7f:a4:a4:9a:58:c3:f2:bd:3d:da:a3:56:7a:a1:
         5a:83:62:d0:d0:e8:28:fd:3f:6b:6e:ab:be:ac:b6:30:62:d4:
         12:9e:21:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFJn251nY4WpQjZvGghJAXqw3fvYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI1MDAwMDAwWhcNMjMwOTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTgzODZlZjc2M2YyMjlkNzYxZDIyMTcxMDRkMTdlYmQx
ZmE3ZGIyMzkxMzg4OTY5ZWRmNGY4MTgwNTZmMDg1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhe0Hq/Nn6C8Hz7s05xPfznX0iuDDtJtAnaDVdPGWAUEC/
gJlEQpRvZBjINyXsziXhMwQETeZsP4HfODAsE+y2usqkgrxfLbeHDMZxe+ss5wcb
epHtXGSa82/2/B1BsjKfwjMndqIOFszeCceBC/rvrZbsOv+OMHxn22M1IgHayp1v
LAmp4RdL/A+zHqKMQAS2XKHPipt3SYjbOmAxIc431NBhv8FZLSevtrmlNv90lqB8
rmgCPMZ1nSn/SVvncrcErOUP9pE9sr3LgOy5fXiGxYfcO4Q/bOu5AJuZ5SUpGUxV
c7lY4ijFPl1HtWMxTkjl5v1KcUAsYIHXVBj797//AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU14cyg2VY0ZKYUMEBjEiOKrZX7jkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRiYmRmNDAwLWE2MjMtNGViZi04ZWZiLWNlYmI1NGY2NThmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJtc0b74ZcfWlisWiCMNzx1wZf5J
4UclW8R3Orh+GaE5rSQyEJzehunR+sZneli2YxSjtax5prwMcZK+YprfApD/bC8H
Uv860L+CUhqD3WBahHkRkgeVAUzzRclVYKX7n1Hcne5Ed3xXqU0g+NaQzewjhu+6
uOZDqMXfLUrRZOqcCXfhyVZjfBP/YoL3hf+V2BpNl2kptFMsGde3PFn29dxSQ3OK
n1njHrlA627gKmTkFCphc/MxCMl8oDtjXjd+qQJtYXAiefPmOfN2TruC/X2bYK0D
ygzuSumJxBN/pKSaWMPyvT3ao1Z6oVqDYtDQ6Cj9P2tuq76stjBi1BKeIZs=
-----END CERTIFICATE-----