Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5468c098-eec2-43e6-b270-01b66010b3b9.roa
File:                     5468c098-eec2-43e6-b270-01b66010b3b9.roa (raw, json)
Hash identifier:          F8T6HXLWmFR1YahO4hO+46YZ3X3V6kpg+qNS/qS3cBc=
Subject key identifier:   62:7A:C2:37:E5:BE:E4:E8:0A:4B:4E:20:E3:A7:B6:8F:4F:EF:C8:2B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5DF000E7AABFCB355EC98CDA96BABE2140D3D311
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5468c098-eec2-43e6-b270-01b66010b3b9.roa
Signing time:             Sat 24 Jun 2023 00:00:00 +0000
ROA not before:           Sat 24 Jun 2023 00:00:00 +0000
ROA not after:            Sat 29 Jul 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:f0:00:e7:aa:bf:cb:35:5e:c9:8c:da:96:ba:be:21:40:d3:d3:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 24 00:00:00 2023 GMT
            Not After : Jul 29 23:59:59 2023 GMT
        Subject: serialNumber=f643d1d0a447d2a50580978edb171ca97a9a6f8807f30e34fd0c7959cc7e703d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b6:24:40:5d:9b:c8:fd:5b:af:99:78:e6:d6:
                    2f:3c:b2:46:da:ce:f0:00:62:0a:f0:52:25:e2:00:
                    87:d7:b2:cb:39:c2:a5:c5:ca:0a:74:cd:e6:0d:60:
                    1d:3e:92:72:f5:5b:e5:a9:1b:62:c7:87:87:46:db:
                    76:dd:e6:74:5a:d9:28:9b:9b:9c:79:bb:4f:7d:75:
                    1c:bc:99:1a:d2:40:66:07:a6:05:65:c2:64:f3:e9:
                    e6:63:c1:93:9f:09:bf:8c:69:49:51:1d:1f:44:e6:
                    ad:53:dd:dc:f9:e0:3a:f8:0d:25:1d:21:de:76:2f:
                    e5:c1:80:ac:34:b3:9f:cf:a8:1c:a0:94:dd:1c:3e:
                    58:c6:05:4e:bd:2a:f7:a6:ec:08:d8:30:5c:f9:1b:
                    76:24:d6:4e:71:d0:5b:33:4a:25:e2:89:fc:27:fc:
                    d5:76:5c:b6:3a:1f:97:0e:25:0c:60:50:83:e2:e6:
                    81:23:20:0e:66:56:f8:04:24:98:34:84:75:91:89:
                    14:3f:c3:57:15:4a:33:13:6f:fe:07:cb:90:e1:db:
                    b9:4e:cd:92:39:5f:11:71:b3:ba:d9:63:77:a7:d1:
                    98:fc:b7:d3:18:83:a5:29:6b:8d:19:a4:9f:2f:a4:
                    aa:f2:b6:d1:d5:47:73:0a:26:0f:63:ea:25:27:1e:
                    72:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:7A:C2:37:E5:BE:E4:E8:0A:4B:4E:20:E3:A7:B6:8F:4F:EF:C8:2B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5468c098-eec2-43e6-b270-01b66010b3b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:24:fa:6d:be:07:ae:92:57:9b:c8:a3:dd:54:7f:e9:e1:fe:
         82:12:1a:94:a4:56:d2:a9:e5:8b:13:66:33:51:6f:cc:ab:dc:
         8b:94:d3:2f:41:84:b1:d2:41:ea:51:26:53:ad:9a:8c:dc:7c:
         44:3d:75:d7:82:d4:2b:98:38:47:8a:c9:af:1b:19:ed:b0:c4:
         3c:ce:47:1e:69:21:22:a6:61:b2:a1:d4:12:6d:18:0b:7c:db:
         16:5e:00:ba:c9:8f:6d:97:64:cc:df:49:e5:ba:45:78:00:a1:
         d4:c9:9b:b1:92:8a:8f:ae:bd:3f:13:4e:53:c9:a1:f0:09:65:
         11:01:10:70:c5:f4:dd:81:ab:de:69:72:82:65:43:68:94:40:
         5a:ac:01:48:f9:6c:89:e0:99:c3:26:c1:05:f4:11:1d:ab:ac:
         48:a8:25:8d:c8:69:10:e1:aa:45:6d:49:53:15:35:42:7f:f3:
         11:00:00:5d:af:37:15:4c:42:ea:41:d7:dc:01:fe:52:bd:34:
         dc:09:18:3b:00:aa:ba:ac:7a:c4:9c:64:0d:f7:90:81:e9:5e:
         f6:18:0b:80:0e:22:82:49:07:8c:e5:28:6e:5c:73:11:c0:d6:
         9d:7b:fc:9c:f2:c4:09:90:20:5f:fc:36:56:af:3e:c9:38:0c:
         f4:27:8c:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXfAA56q/yzVeyYzalrq+IUDT0xEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI0MDAwMDAwWhcNMjMwNzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNjQzZDFkMGE0NDdkMmE1MDU4MDk3OGVkYjE3MWNhOTdh
OWE2Zjg4MDdmMzBlMzRmZDBjNzk1OWNjN2U3MDNkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrtiRAXZvI/VuvmXjm1i88skbazvAAYgrwUiXiAIfXsss5
wqXFygp0zeYNYB0+knL1W+WpG2LHh4dG23bd5nRa2Sibm5x5u099dRy8mRrSQGYH
pgVlwmTz6eZjwZOfCb+MaUlRHR9E5q1T3dz54Dr4DSUdId52L+XBgKw0s5/PqByg
lN0cPljGBU69Kvem7AjYMFz5G3Yk1k5x0FszSiXiifwn/NV2XLY6H5cOJQxgUIPi
5oEjIA5mVvgEJJg0hHWRiRQ/w1cVSjMTb/4Hy5Dh27lOzZI5XxFxs7rZY3en0Zj8
t9MYg6Upa40ZpJ8vpKryttHVR3MKJg9j6iUnHnI1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYnrCN+W+5OgKS04g46e2j0/vyCswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU0NjhjMDk4LWVlYzItNDNlNi1iMjcwLTAxYjY2MDEwYjNiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFgk+m2+B66SV5vIo91Uf+nh/oIS
GpSkVtKp5YsTZjNRb8yr3IuU0y9BhLHSQepRJlOtmozcfEQ9ddeC1CuYOEeKya8b
Ge2wxDzORx5pISKmYbKh1BJtGAt82xZeALrJj22XZMzfSeW6RXgAodTJm7GSio+u
vT8TTlPJofAJZREBEHDF9N2Bq95pcoJlQ2iUQFqsAUj5bIngmcMmwQX0ER2rrEio
JY3IaRDhqkVtSVMVNUJ/8xEAAF2vNxVMQupB19wB/lK9NNwJGDsAqrqsesScZA33
kIHpXvYYC4AOIoJJB4zlKG5ccxHA1p17/JzyxAmQIF/8NlavPsk4DPQnjOc=
-----END CERTIFICATE-----