Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb54a2e8-6110-44fb-b560-a4bd00910347.roa
File:                     bb54a2e8-6110-44fb-b560-a4bd00910347.roa (raw, json)
Hash identifier:          u0r7oW2U6LK7GnCyeo3GH83iPQNe7NLB3yF0cujlE38=
Subject key identifier:   00:D0:E5:9D:93:47:EA:81:A0:C5:C4:7D:AF:00:91:47:FF:A2:52:59
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       15B023B7AD6994B8E390356AF3EAA472DBFF0E93
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb54a2e8-6110-44fb-b560-a4bd00910347.roa
Signing time:             Sat 11 Nov 2023 00:00:00 +0000
ROA not before:           Sat 11 Nov 2023 00:00:00 +0000
ROA not after:            Sat 16 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:b0:23:b7:ad:69:94:b8:e3:90:35:6a:f3:ea:a4:72:db:ff:0e:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 11 00:00:00 2023 GMT
            Not After : Dec 16 23:59:59 2023 GMT
        Subject: serialNumber=42566d89dcfb37d06faa4f2a24bf3a78ab359f8360974d51bf23513b97ea69e2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:05:05:39:25:d4:c1:a6:51:7d:34:5d:15:03:
                    c2:27:46:3c:77:94:ee:9b:68:90:be:af:87:8e:3f:
                    a6:42:29:d3:bb:ea:fd:f5:69:90:f3:94:64:cb:76:
                    a3:13:b2:d8:4a:86:15:62:12:2b:46:81:f6:b5:6e:
                    6b:b3:44:a2:d2:27:10:43:4c:75:8b:55:54:c6:72:
                    5c:60:d7:7d:eb:fd:93:99:65:8a:97:bb:14:cb:e9:
                    aa:ad:3b:b1:b1:03:a5:49:86:19:97:43:a8:a0:1c:
                    bb:de:ff:cc:e6:0c:aa:42:02:47:b9:ca:37:7c:03:
                    14:cd:6a:56:18:32:6d:96:d0:ba:44:cd:60:f2:b1:
                    dd:2e:a7:03:a0:b8:cf:63:14:3f:da:2c:60:13:da:
                    e7:99:c9:ca:d6:e3:58:71:b7:92:e6:07:15:e6:93:
                    98:c6:1a:27:a9:11:fa:7e:6c:b9:86:15:fb:6e:79:
                    0a:c5:69:5c:8d:7d:3b:0b:a4:b7:0e:58:7d:1f:a9:
                    68:1c:de:da:c6:39:3b:75:fd:67:bd:68:43:46:34:
                    47:3f:d2:b5:35:f1:c5:ea:b6:06:b6:9a:09:66:50:
                    a3:27:5c:62:05:33:06:3d:15:5f:81:32:f8:6f:30:
                    1d:5e:f8:9a:a5:fe:fc:74:39:6d:2f:bf:a4:75:bb:
                    4c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:D0:E5:9D:93:47:EA:81:A0:C5:C4:7D:AF:00:91:47:FF:A2:52:59
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb54a2e8-6110-44fb-b560-a4bd00910347.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:d6:09:19:ee:f8:17:c6:4d:6a:f1:5a:0f:fd:52:71:e2:6a:
         24:bc:e1:59:55:51:b2:ec:35:02:46:c4:67:83:35:6c:67:eb:
         32:c5:b0:b7:81:c7:64:61:46:9d:18:03:93:d7:52:ff:3b:d2:
         88:f4:69:ae:08:66:18:e0:55:64:a4:d0:57:6c:f0:86:ae:f9:
         5e:5f:5d:f7:c0:9f:78:00:0b:e5:a7:2e:31:58:d3:ee:f3:aa:
         82:6f:14:bb:9d:99:8e:ec:d9:5c:ce:df:63:fe:ae:46:f1:15:
         7e:a7:7d:1e:b4:68:6f:f0:92:74:35:79:59:a0:08:5e:fc:73:
         d8:b9:8f:55:26:d3:32:9e:3a:6d:3f:78:08:52:52:fe:6e:fd:
         65:58:18:2f:94:b6:d5:ac:d2:5a:8b:06:7a:cd:3f:9d:09:dc:
         1c:2b:6e:ee:af:24:51:48:2b:49:cc:59:be:51:73:f9:fd:b2:
         15:de:7f:d5:fa:ee:6c:c0:23:28:cf:86:74:0e:76:21:30:74:
         6e:4d:94:b0:b8:0e:b1:35:d3:83:0b:0d:07:ee:7f:d9:6b:be:
         f0:1f:de:2d:97:7d:6e:97:a1:af:44:62:f1:db:27:64:30:47:
         c0:fb:fc:60:2f:ab:92:69:b3:52:7f:34:4d:4d:a9:e9:81:63:
         50:4a:d0:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFbAjt61plLjjkDVq8+qkctv/DpMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTExMDAwMDAwWhcNMjMxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MjU2NmQ4OWRjZmIzN2QwNmZhYTRmMmEyNGJmM2E3OGFi
MzU5ZjgzNjA5NzRkNTFiZjIzNTEzYjk3ZWE2OWUyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoBQU5JdTBplF9NF0VA8InRjx3lO6baJC+r4eOP6ZCKdO7
6v31aZDzlGTLdqMTsthKhhViEitGgfa1bmuzRKLSJxBDTHWLVVTGclxg133r/ZOZ
ZYqXuxTL6aqtO7GxA6VJhhmXQ6igHLve/8zmDKpCAke5yjd8AxTNalYYMm2W0LpE
zWDysd0upwOguM9jFD/aLGAT2ueZycrW41hxt5LmBxXmk5jGGiepEfp+bLmGFftu
eQrFaVyNfTsLpLcOWH0fqWgc3trGOTt1/We9aENGNEc/0rU18cXqtga2mglmUKMn
XGIFMwY9FV+BMvhvMB1e+Jql/vx0OW0vv6R1u0wnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUANDlnZNH6oGgxcR9rwCRR/+iUlkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JiNTRhMmU4LTYxMTAtNDRmYi1iNTYwLWE0YmQwMDkxMDM0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI7WCRnu+BfGTWrxWg/9UnHiaiS8
4VlVUbLsNQJGxGeDNWxn6zLFsLeBx2RhRp0YA5PXUv870oj0aa4IZhjgVWSk0Fds
8Iau+V5fXffAn3gAC+WnLjFY0+7zqoJvFLudmY7s2VzO32P+rkbxFX6nfR60aG/w
knQ1eVmgCF78c9i5j1Um0zKeOm0/eAhSUv5u/WVYGC+UttWs0lqLBnrNP50J3Bwr
bu6vJFFIK0nMWb5Rc/n9shXef9X67mzAIyjPhnQOdiEwdG5NlLC4DrE104MLDQfu
f9lrvvAf3i2XfW6Xoa9EYvHbJ2QwR8D7/GAvq5Jps1J/NE1NqemBY1BK0Hs=
-----END CERTIFICATE-----