Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ffe8bbb-03c0-477b-8ecc-4159d5a1bbba.roa
File:                     4ffe8bbb-03c0-477b-8ecc-4159d5a1bbba.roa (raw, json)
Hash identifier:          3Hs0xRG3inaqtS0/JJeCflaHM3HtWcvtIh7R8QkcFYE=
Subject key identifier:   E2:0B:EF:2A:A1:C9:02:32:F1:99:9F:9C:10:EB:D7:FF:8C:0A:E1:2E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4EE6E466887183F6905E43EDB71837F54683323F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ffe8bbb-03c0-477b-8ecc-4159d5a1bbba.roa
Signing time:             Mon 17 Jul 2023 00:00:00 +0000
ROA not before:           Mon 17 Jul 2023 00:00:00 +0000
ROA not after:            Mon 21 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:e6:e4:66:88:71:83:f6:90:5e:43:ed:b7:18:37:f5:46:83:32:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 17 00:00:00 2023 GMT
            Not After : Aug 21 23:59:59 2023 GMT
        Subject: serialNumber=19fe91287bb3e1d45d734ac29df89943d557933ab234c33f5d92d147f6bcd0bf, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1b:be:d4:14:16:81:71:c9:b5:0c:ec:2a:89:
                    58:bb:93:54:16:25:53:f6:0f:90:17:50:fb:cf:67:
                    db:a3:b9:9b:6b:7b:70:9e:b7:8c:0d:53:25:59:6e:
                    d3:d5:5d:8d:6a:5c:05:a2:48:0c:77:fd:85:b3:8e:
                    d5:26:5d:78:f1:43:d1:28:bd:9c:16:cc:37:0e:57:
                    ec:95:0c:89:37:bb:e5:c6:07:29:01:ad:83:ff:06:
                    d2:be:11:23:4f:e4:98:87:8c:44:e7:03:8d:d2:64:
                    56:35:f1:c0:85:7c:29:f8:4c:08:07:10:81:33:8c:
                    60:98:7c:89:f3:58:02:50:1f:41:e6:ea:ef:fa:f2:
                    93:52:96:fb:df:ff:92:c5:ef:3a:89:37:0d:a2:78:
                    95:9b:6e:09:ea:4d:8e:6e:fb:4a:d5:c7:36:86:a6:
                    9d:31:1e:d0:f4:23:da:a3:68:a0:70:fe:72:ed:6f:
                    75:3c:2c:48:7d:fa:39:fc:b6:6b:97:3b:12:a5:d0:
                    47:ca:a2:16:7b:54:41:8a:50:b8:10:72:49:2d:20:
                    a6:db:dc:06:a8:0e:df:13:e4:42:ce:71:ec:af:bd:
                    e9:72:34:b0:69:2a:5c:6e:93:50:5b:27:09:93:9f:
                    f3:d5:63:ae:72:23:bd:47:a5:73:67:98:21:4a:ef:
                    52:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:0B:EF:2A:A1:C9:02:32:F1:99:9F:9C:10:EB:D7:FF:8C:0A:E1:2E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ffe8bbb-03c0-477b-8ecc-4159d5a1bbba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:90:f0:07:f0:b2:8d:e7:6e:1b:1d:9b:32:a1:b6:6c:02:9c:
         5f:3b:be:75:4a:d5:a6:55:de:e4:d9:df:e0:37:b2:87:a7:bf:
         c9:d8:7c:3f:5f:5a:81:7f:5f:c9:4a:c6:aa:75:a6:f1:d6:0b:
         ac:03:16:20:c3:35:2e:f7:00:ae:c3:ad:dc:1c:95:ed:77:66:
         93:a7:19:fe:e1:98:9c:96:1c:7c:36:e8:f2:64:63:81:7b:b0:
         89:c2:02:4d:a0:25:3c:69:bd:5b:b9:db:4f:22:38:21:57:59:
         10:97:9d:53:44:c8:a5:35:86:8d:94:87:1a:de:2f:2e:dd:b3:
         02:7b:ea:58:3a:42:47:d4:2b:7b:f6:ea:2e:01:b4:b5:8b:b4:
         6e:92:5b:af:d9:c0:9a:aa:da:69:d9:0d:e9:77:46:6d:9e:dc:
         de:d7:bb:4c:85:d4:50:b7:bb:97:c5:96:bc:0d:8a:69:89:7d:
         64:be:04:3c:6b:1d:b2:23:73:56:b7:62:33:8f:b1:2a:8b:67:
         ce:39:8a:c8:ab:5c:ce:a8:70:cb:c7:e8:54:65:b0:7f:0b:bf:
         25:74:b8:62:46:58:5f:38:8f:57:02:68:a4:5c:dd:39:76:66:
         82:b7:e6:c7:a2:0a:99:c0:42:9f:d4:77:9d:11:83:b8:63:f9:
         81:07:72:8b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTubkZohxg/aQXkPttxg39UaDMj8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE3MDAwMDAwWhcNMjMwODIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxOWZlOTEyODdiYjNlMWQ0NWQ3MzRhYzI5ZGY4OTk0M2Q1
NTc5MzNhYjIzNGMzM2Y1ZDkyZDE0N2Y2YmNkMGJmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtG77UFBaBccm1DOwqiVi7k1QWJVP2D5AXUPvPZ9ujuZtr
e3Cet4wNUyVZbtPVXY1qXAWiSAx3/YWzjtUmXXjxQ9EovZwWzDcOV+yVDIk3u+XG
BykBrYP/BtK+ESNP5JiHjETnA43SZFY18cCFfCn4TAgHEIEzjGCYfInzWAJQH0Hm
6u/68pNSlvvf/5LF7zqJNw2ieJWbbgnqTY5u+0rVxzaGpp0xHtD0I9qjaKBw/nLt
b3U8LEh9+jn8tmuXOxKl0EfKohZ7VEGKULgQckktIKbb3AaoDt8T5ELOceyvvely
NLBpKlxuk1BbJwmTn/PVY65yI71HpXNnmCFK71IlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4gvvKqHJAjLxmZ+cEOvX/4wK4S4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRmZmU4YmJiLTAzYzAtNDc3Yi04ZWNjLTQxNTlkNWExYmJiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFqQ8Afwso3nbhsdmzKhtmwCnF87
vnVK1aZV3uTZ3+A3soenv8nYfD9fWoF/X8lKxqp1pvHWC6wDFiDDNS73AK7Drdwc
le13ZpOnGf7hmJyWHHw26PJkY4F7sInCAk2gJTxpvVu5208iOCFXWRCXnVNEyKU1
ho2UhxreLy7dswJ76lg6QkfUK3v26i4BtLWLtG6SW6/ZwJqq2mnZDel3Rm2e3N7X
u0yF1FC3u5fFlrwNimmJfWS+BDxrHbIjc1a3YjOPsSqLZ845isirXM6ocMvH6FRl
sH8LvyV0uGJGWF84j1cCaKRc3Tl2ZoK35seiCpnAQp/Ud50Rg7hj+YEHcos=
-----END CERTIFICATE-----