Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d392ede2-27d0-46ee-b725-88e50242c761.roa
File:                     d392ede2-27d0-46ee-b725-88e50242c761.roa (raw, json)
Hash identifier:          QNRRz6IhDjKxJ5PU49uSFjN5kZ9TPGes1y4DiwOsdog=
Subject key identifier:   F5:0D:B8:90:3B:FD:BA:CD:27:A7:5B:8C:BE:CD:BF:D6:8B:EB:BD:9F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7B6734769277E83985B388B1F116C039A690DAA6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d392ede2-27d0-46ee-b725-88e50242c761.roa
Signing time:             Tue 05 Sep 2023 00:00:00 +0000
ROA not before:           Tue 05 Sep 2023 00:00:00 +0000
ROA not after:            Tue 10 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:67:34:76:92:77:e8:39:85:b3:88:b1:f1:16:c0:39:a6:90:da:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  5 00:00:00 2023 GMT
            Not After : Oct 10 23:59:59 2023 GMT
        Subject: serialNumber=07bb9daac61a510cdbe8cdea4b43d3caf184483c7d40324593f8c478aae0bdd4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:31:fc:a9:d4:92:3c:ed:7b:64:42:08:41:1e:
                    dd:b5:2e:50:d1:db:cd:85:0e:07:dc:cc:61:a1:67:
                    de:e7:e4:0b:6a:5f:e0:f4:ff:91:94:ff:a3:06:df:
                    ed:55:d2:87:63:d5:2f:07:35:03:25:f3:1d:d0:74:
                    53:0a:3c:3d:fa:bc:19:cd:50:a6:63:cd:07:63:22:
                    ff:94:1f:e5:f9:d5:1c:d1:ca:2d:50:02:3b:5a:81:
                    5f:9b:08:a0:c0:2c:c3:2d:9b:2b:af:09:1a:50:6d:
                    b4:df:a6:6d:22:89:86:5c:d3:fc:ea:94:15:c3:30:
                    c9:3a:41:bb:66:d0:5b:6d:6e:36:c0:55:da:ec:f1:
                    f8:8e:34:49:eb:b9:d0:f4:6c:39:96:17:d1:f0:ab:
                    8f:35:e6:a6:55:3c:7f:d2:8e:70:11:a0:c5:c2:0c:
                    53:1f:54:21:7c:46:c7:41:84:1f:76:93:d5:6a:02:
                    95:a6:d3:41:0a:8d:2e:59:bd:32:90:19:d3:a7:81:
                    33:3b:37:a8:9c:d8:55:29:f1:7f:83:c1:8c:64:c2:
                    ce:12:f0:c5:47:47:4a:71:3a:aa:7c:91:59:46:91:
                    30:c6:b5:82:ca:1d:e7:21:94:57:ec:89:4a:9f:e4:
                    a3:10:1b:3d:75:82:75:7d:20:32:1b:08:52:ba:15:
                    6b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:0D:B8:90:3B:FD:BA:CD:27:A7:5B:8C:BE:CD:BF:D6:8B:EB:BD:9F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d392ede2-27d0-46ee-b725-88e50242c761.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:5e:b9:af:27:31:95:05:b2:d8:4d:34:ee:80:8e:8f:d8:35:
         65:57:9d:ec:32:0d:96:18:d0:f0:f7:70:ca:4d:f6:d3:4c:3c:
         83:03:cd:19:26:ef:20:c4:e2:25:8b:d2:05:d7:dc:3b:78:98:
         ef:9b:31:1f:2b:8d:11:af:68:f3:71:d8:80:ff:83:59:84:f5:
         e1:11:ce:2e:a8:59:65:c2:90:8f:d0:6f:b6:a7:4d:c9:6a:3b:
         af:38:5f:b4:1d:78:dd:22:6a:6f:54:70:c2:d9:0d:3a:a2:dc:
         0f:7d:53:26:1e:fd:5f:74:72:ec:52:a3:10:62:df:5f:4c:ef:
         3e:97:ea:95:60:02:b1:00:e3:1d:35:e1:62:81:2a:0b:2f:1a:
         94:1f:12:de:2d:36:da:47:a9:d5:d0:f2:d8:2c:5d:bb:51:97:
         8f:1b:cc:0f:b1:4e:d9:6e:24:d3:da:11:ca:ac:aa:9a:d7:b2:
         87:56:77:bf:23:22:13:bc:38:2f:6e:7d:f4:09:38:04:7d:e0:
         8b:48:d4:d7:9c:3e:17:c9:02:89:25:82:70:f8:38:0d:f8:ac:
         15:a0:bd:7b:30:53:72:c1:07:ba:c1:ae:40:28:ba:2d:84:da:
         b8:cd:f0:10:8e:c4:b3:bf:1e:9d:69:d5:ee:9b:c9:9c:57:8f:
         66:05:f5:70
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe2c0dpJ36DmFs4ix8RbAOaaQ2qYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA1MDAwMDAwWhcNMjMxMDEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwN2JiOWRhYWM2MWE1MTBjZGJlOGNkZWE0YjQzZDNjYWYx
ODQ0ODNjN2Q0MDMyNDU5M2Y4YzQ3OGFhZTBiZGQ0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIMfyp1JI87XtkQghBHt21LlDR282FDgfczGGhZ97n5Atq
X+D0/5GU/6MG3+1V0odj1S8HNQMl8x3QdFMKPD36vBnNUKZjzQdjIv+UH+X51RzR
yi1QAjtagV+bCKDALMMtmyuvCRpQbbTfpm0iiYZc0/zqlBXDMMk6Qbtm0FttbjbA
Vdrs8fiONEnrudD0bDmWF9Hwq4815qZVPH/SjnARoMXCDFMfVCF8RsdBhB92k9Vq
ApWm00EKjS5ZvTKQGdOngTM7N6ic2FUp8X+DwYxkws4S8MVHR0pxOqp8kVlGkTDG
tYLKHechlFfsiUqf5KMQGz11gnV9IDIbCFK6FWvbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9Q24kDv9us0np1uMvs2/1ovrvZ8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QzOTJlZGUyLTI3ZDAtNDZlZS1iNzI1LTg4ZTUwMjQyYzc2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJxeua8nMZUFsthNNO6Ajo/YNWVX
newyDZYY0PD3cMpN9tNMPIMDzRkm7yDE4iWL0gXX3Dt4mO+bMR8rjRGvaPNx2ID/
g1mE9eERzi6oWWXCkI/Qb7anTclqO684X7QdeN0iam9UcMLZDTqi3A99UyYe/V90
cuxSoxBi319M7z6X6pVgArEA4x014WKBKgsvGpQfEt4tNtpHqdXQ8tgsXbtRl48b
zA+xTtluJNPaEcqsqprXsodWd78jIhO8OC9uffQJOAR94ItI1NecPhfJAoklgnD4
OA34rBWgvXswU3LBB7rBrkAoui2E2rjN8BCOxLO/Hp1p1e6byZxXj2YF9XA=
-----END CERTIFICATE-----