Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/71c01b33-b6cf-484e-a5cb-7ddd5509906c.roa
File:                     71c01b33-b6cf-484e-a5cb-7ddd5509906c.roa (raw, json)
Hash identifier:          CgQWHzELujX0uYQ8v4i7CjisVCbozhPPTNEQ9LR3H2I=
Subject key identifier:   AE:FA:D6:01:2A:1B:C8:18:82:F2:B8:B6:75:3A:45:BC:62:B0:6E:7D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6CB62074804734533A73949AF3BBBF2B868DBE19
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/71c01b33-b6cf-484e-a5cb-7ddd5509906c.roa
Signing time:             Thu 24 Aug 2023 00:00:00 +0000
ROA not before:           Thu 24 Aug 2023 00:00:00 +0000
ROA not after:            Thu 28 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:b6:20:74:80:47:34:53:3a:73:94:9a:f3:bb:bf:2b:86:8d:be:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 24 00:00:00 2023 GMT
            Not After : Sep 28 23:59:59 2023 GMT
        Subject: serialNumber=28eb093eedce9704345022a29e4233f0cd38f5454f4b3957f4e92dd29515f429, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:28:66:e3:ea:7c:92:52:e9:eb:55:77:fd:8b:
                    60:11:92:6c:59:c0:de:fa:a5:15:12:17:a8:79:d6:
                    76:64:58:b0:90:22:00:46:30:49:2d:1f:d2:0a:1b:
                    d0:85:94:f7:00:b7:cf:23:5e:52:72:c4:dd:9c:8d:
                    07:2a:5c:dc:27:5f:8a:70:20:b5:a5:0d:62:95:54:
                    61:0a:bd:e4:89:76:ca:b3:b7:75:f6:8f:bd:3e:c7:
                    41:17:4b:c7:60:cd:68:38:91:96:b4:90:63:c7:21:
                    38:f3:b5:78:c0:8d:fd:34:5f:af:27:62:f6:6d:0d:
                    9d:87:05:26:b2:58:63:c8:ac:c7:c3:80:62:65:81:
                    8b:8f:83:f4:7a:03:0c:a5:a7:c9:2a:48:e2:73:f5:
                    1a:7c:e8:8e:77:b3:6e:d4:15:9c:36:ce:e2:de:65:
                    16:e8:68:23:1e:3b:1e:80:fa:b0:7e:29:19:bb:b6:
                    57:0b:17:d1:0b:d2:8d:2d:70:69:19:06:ba:08:66:
                    ee:53:bc:af:bd:fe:e0:6c:b2:88:96:c9:26:fb:41:
                    90:57:f5:0b:f1:cd:9c:21:94:3d:f4:6e:e0:fc:1f:
                    ca:55:63:1d:4a:7d:19:b6:b7:08:3d:cb:fc:d0:03:
                    78:75:8d:01:20:ee:5b:9e:c6:06:88:a3:72:b2:22:
                    39:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:FA:D6:01:2A:1B:C8:18:82:F2:B8:B6:75:3A:45:BC:62:B0:6E:7D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/71c01b33-b6cf-484e-a5cb-7ddd5509906c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:cf:32:11:c4:02:a1:b6:f1:d8:1d:23:31:4c:66:e0:26:ea:
         2c:76:98:88:e5:ff:dd:97:55:93:17:52:e9:c1:ad:83:6a:9e:
         6e:d1:74:40:6a:f2:9f:b5:fb:a6:e8:9a:f0:2e:f8:ff:fe:b5:
         0b:ed:3f:4f:6a:72:f1:ff:9b:59:62:02:a3:9f:d8:1e:10:d3:
         1a:27:65:7d:4c:33:28:0b:4f:1b:74:e7:9e:f2:17:ad:54:d3:
         eb:fd:5e:54:53:96:f6:b3:17:ff:eb:00:f5:93:e8:23:a7:b7:
         b8:ed:42:9c:f7:88:70:fb:16:78:28:ac:b8:66:41:70:de:14:
         c5:bf:de:e2:d9:b0:61:a5:41:7c:53:36:15:05:9d:95:04:3c:
         b5:03:43:9d:e7:c1:53:80:67:c0:82:3f:95:ad:43:4f:a0:b4:
         8b:af:7b:9f:5f:93:d1:99:75:e7:78:e6:20:88:ee:07:b4:27:
         ec:c6:c8:54:9e:02:8c:4e:1f:4b:8e:6a:ef:ac:54:ea:47:84:
         b0:5b:a2:1c:be:53:14:fe:9e:91:07:c6:f1:92:aa:3a:72:84:
         c9:07:fa:7b:1e:6f:8e:d9:ef:46:38:47:d2:73:57:99:b4:73:
         70:6f:49:00:d1:4f:73:61:68:c6:9f:aa:3a:81:4d:67:24:4d:
         fb:7b:35:85
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbLYgdIBHNFM6c5Sa87u/K4aNvhkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI0MDAwMDAwWhcNMjMwOTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOGViMDkzZWVkY2U5NzA0MzQ1MDIyYTI5ZTQyMzNmMGNk
MzhmNTQ1NGY0YjM5NTdmNGU5MmRkMjk1MTVmNDI5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiKGbj6nySUunrVXf9i2ARkmxZwN76pRUSF6h51nZkWLCQ
IgBGMEktH9IKG9CFlPcAt88jXlJyxN2cjQcqXNwnX4pwILWlDWKVVGEKveSJdsqz
t3X2j70+x0EXS8dgzWg4kZa0kGPHITjztXjAjf00X68nYvZtDZ2HBSayWGPIrMfD
gGJlgYuPg/R6Awylp8kqSOJz9Rp86I53s27UFZw2zuLeZRboaCMeOx6A+rB+KRm7
tlcLF9EL0o0tcGkZBroIZu5TvK+9/uBssoiWySb7QZBX9QvxzZwhlD30buD8H8pV
Yx1KfRm2twg9y/zQA3h1jQEg7luexgaIo3KyIjlNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrvrWASobyBiC8ri2dTpFvGKwbn0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcxYzAxYjMzLWI2Y2YtNDg0ZS1hNWNiLTdkZGQ1NTA5OTA2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACXPMhHEAqG28dgdIzFMZuAm6ix2
mIjl/92XVZMXUunBrYNqnm7RdEBq8p+1+6bomvAu+P/+tQvtP09qcvH/m1liAqOf
2B4Q0xonZX1MMygLTxt0557yF61U0+v9XlRTlvazF//rAPWT6COnt7jtQpz3iHD7
FngorLhmQXDeFMW/3uLZsGGlQXxTNhUFnZUEPLUDQ53nwVOAZ8CCP5WtQ0+gtIuv
e59fk9GZded45iCI7ge0J+zGyFSeAoxOH0uOau+sVOpHhLBbohy+UxT+npEHxvGS
qjpyhMkH+nseb47Z70Y4R9JzV5m0c3BvSQDRT3NhaMafqjqBTWckTft7NYU=
-----END CERTIFICATE-----