Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f6b647b-b775-4064-b916-5181743a45d6.roa
File:                     5f6b647b-b775-4064-b916-5181743a45d6.roa (raw, json)
Hash identifier:          MKNNShTwbR1rGUgyFXXQo8e/IBWGCQGII+SWSUL6eg8=
Subject key identifier:   50:6C:B3:FA:45:E3:76:36:02:AC:55:3C:C8:E1:CB:DC:57:98:A0:50
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5565A6476FACE05F99B239ED47BF9DC8C30F6CD2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f6b647b-b775-4064-b916-5181743a45d6.roa
Signing time:             Thu 21 Dec 2023 00:00:00 +0000
ROA not before:           Thu 21 Dec 2023 00:00:00 +0000
ROA not after:            Thu 25 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:65:a6:47:6f:ac:e0:5f:99:b2:39:ed:47:bf:9d:c8:c3:0f:6c:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 21 00:00:00 2023 GMT
            Not After : Jan 25 23:59:59 2024 GMT
        Subject: serialNumber=685b5d8f88e5365eefae77200715415071fb02ac73e0194422b1ee4138134b2b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c2:96:38:fd:35:d7:ce:c0:fc:91:ce:32:38:
                    aa:c6:15:da:f7:6b:0d:f3:9a:66:c4:3d:d8:29:1c:
                    f7:f9:bd:9f:e2:a8:bb:af:52:cb:50:df:65:31:aa:
                    5f:92:4d:28:4d:b0:3a:87:8c:34:cb:44:71:bd:f0:
                    97:e6:3c:26:c7:ef:0a:e8:03:0f:2a:9e:c4:00:b0:
                    9c:7c:5f:54:db:60:fa:c2:82:79:1e:76:e7:76:5f:
                    e6:db:bb:c4:3a:2e:4b:b1:d5:95:3f:1c:e0:9f:8b:
                    db:bb:ab:21:82:89:6c:1c:1f:67:38:4c:57:97:4d:
                    98:e3:ba:dd:63:bf:b2:85:da:39:05:2f:bc:f7:cb:
                    10:c6:4b:45:4c:bf:09:4c:81:c6:bd:01:a7:08:c0:
                    c7:ce:55:bf:33:53:3f:c7:07:c9:3e:bb:b6:5a:bb:
                    20:67:ae:5d:46:00:ff:31:1f:75:f2:03:e1:3f:6d:
                    8a:59:b3:c2:f6:a9:3e:7c:69:30:94:c1:3b:1e:ac:
                    a1:89:39:67:a7:e6:fa:f3:fc:7d:73:7c:76:5e:7a:
                    a5:8b:59:40:9d:06:a4:a7:ad:e7:d0:24:6d:ed:97:
                    65:b4:6c:54:18:ad:33:90:e7:54:f4:69:ac:ae:29:
                    56:0d:26:9f:6c:a5:4b:ef:34:b9:7a:da:69:13:f2:
                    44:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:6C:B3:FA:45:E3:76:36:02:AC:55:3C:C8:E1:CB:DC:57:98:A0:50
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f6b647b-b775-4064-b916-5181743a45d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:3f:ed:d1:34:90:6c:9d:a9:f4:a1:8e:14:7c:85:d4:3c:24:
         b2:5b:0c:39:f6:42:bc:25:b1:21:e5:ce:19:80:bb:8e:f4:56:
         86:be:ee:97:f3:a0:ad:4f:3d:58:23:d4:2e:8e:b4:7c:50:de:
         be:3e:3c:74:d7:72:35:da:f0:87:75:ca:08:23:0e:86:65:c0:
         47:0d:56:e5:06:e9:57:af:64:b6:d0:08:4b:eb:be:b5:9c:f8:
         e6:a9:9a:39:57:5b:fc:f8:19:3e:75:ee:29:ba:9d:56:db:fc:
         23:57:ae:f4:d7:da:71:17:42:ac:de:bf:d8:3d:ac:6f:2a:66:
         5a:7d:5e:a9:52:7b:4a:fd:b4:75:33:12:e5:37:14:7f:d3:dd:
         eb:93:2a:0f:c5:60:fa:84:68:84:db:1f:5c:7c:db:8a:4c:a5:
         1e:19:5d:4a:64:16:28:fc:97:ee:1d:f0:66:0f:59:b2:d3:87:
         b2:a3:68:c2:bf:3d:9e:b7:59:a0:05:60:1d:af:62:9d:97:18:
         ad:d7:af:40:23:3f:43:0a:a9:6a:b2:67:57:2f:aa:ed:cf:d3:
         11:b0:5b:c8:d3:46:3a:e5:e1:89:9b:69:bb:d5:7e:eb:6a:94:
         8d:76:1f:5b:c4:8d:98:40:1d:61:e7:50:05:36:18:a1:5f:f6:
         b8:ff:63:4a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVWWmR2+s4F+ZsjntR7+dyMMPbNIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjIxMDAwMDAwWhcNMjQwMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ODViNWQ4Zjg4ZTUzNjVlZWZhZTc3MjAwNzE1NDE1MDcx
ZmIwMmFjNzNlMDE5NDQyMmIxZWU0MTM4MTM0YjJiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgwpY4/TXXzsD8kc4yOKrGFdr3aw3zmmbEPdgpHPf5vZ/i
qLuvUstQ32Uxql+STShNsDqHjDTLRHG98JfmPCbH7wroAw8qnsQAsJx8X1TbYPrC
gnkedud2X+bbu8Q6Lkux1ZU/HOCfi9u7qyGCiWwcH2c4TFeXTZjjut1jv7KF2jkF
L7z3yxDGS0VMvwlMgca9AacIwMfOVb8zUz/HB8k+u7ZauyBnrl1GAP8xH3XyA+E/
bYpZs8L2qT58aTCUwTserKGJOWen5vrz/H1zfHZeeqWLWUCdBqSnrefQJG3tl2W0
bFQYrTOQ51T0aayuKVYNJp9spUvvNLl62mkT8kR1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUGyz+kXjdjYCrFU8yOHL3FeYoFAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVmNmI2NDdiLWI3NzUtNDA2NC1iOTE2LTUxODE3NDNhNDVkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ8/7dE0kGydqfShjhR8hdQ8JLJb
DDn2QrwlsSHlzhmAu470Voa+7pfzoK1PPVgj1C6OtHxQ3r4+PHTXcjXa8Id1yggj
DoZlwEcNVuUG6VevZLbQCEvrvrWc+OapmjlXW/z4GT517im6nVbb/CNXrvTX2nEX
Qqzev9g9rG8qZlp9XqlSe0r9tHUzEuU3FH/T3euTKg/FYPqEaITbH1x824pMpR4Z
XUpkFij8l+4d8GYPWbLTh7KjaMK/PZ63WaAFYB2vYp2XGK3Xr0AjP0MKqWqyZ1cv
qu3P0xGwW8jTRjrl4YmbabvVfutqlI12H1vEjZhAHWHnUAU2GKFf9rj/Y0o=
-----END CERTIFICATE-----