Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5ae4ac27-4366-4045-b419-8c2c9e8a175a.roa
File:                     5ae4ac27-4366-4045-b419-8c2c9e8a175a.roa (raw, json)
Hash identifier:          TiP8Iy3AfJ1akoYDoq4TieRCI4PeQtWVdlo+hyKzzXY=
Subject key identifier:   78:1C:CE:E7:CB:01:23:45:6F:13:16:DF:F7:05:00:05:9A:48:A0:E8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       02649DAE94203F501ED6D3BBF043BD7594E858C5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5ae4ac27-4366-4045-b419-8c2c9e8a175a.roa
Signing time:             Wed 28 Jun 2023 00:00:00 +0000
ROA not before:           Wed 28 Jun 2023 00:00:00 +0000
ROA not after:            Wed 02 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:64:9d:ae:94:20:3f:50:1e:d6:d3:bb:f0:43:bd:75:94:e8:58:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 28 00:00:00 2023 GMT
            Not After : Aug  2 23:59:59 2023 GMT
        Subject: serialNumber=3a24b80402239c09c83cb0052825f1ea31483ed66b6190f40dbb99d575f681c0, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2d:45:14:4b:f8:dc:bd:5d:99:4a:0f:10:af:
                    30:af:c3:7f:27:fa:ec:8f:7e:03:b6:a1:be:0d:e7:
                    64:54:92:26:e1:f8:fa:07:6e:a6:de:f3:87:8f:5d:
                    46:e7:5c:04:dc:88:83:6d:2c:44:31:36:f8:e9:0d:
                    e1:20:c0:55:59:c9:09:ca:b0:fb:3b:37:c3:22:53:
                    0c:0d:a0:16:f6:8a:97:f4:d4:94:ac:97:82:2c:2b:
                    ba:4e:fd:a6:80:af:c2:8a:f6:12:10:7b:ea:8f:56:
                    18:f4:38:72:ef:b7:a1:cc:bf:1d:34:1c:07:0a:8a:
                    35:32:2d:34:78:26:20:a3:3d:31:65:17:ac:00:4f:
                    30:46:0c:a7:f1:1a:3d:ce:b8:d0:76:08:34:9e:97:
                    05:25:3f:68:fb:b9:9b:6a:61:5d:bf:55:2b:cf:f6:
                    19:3f:a0:8c:b2:46:af:19:24:76:b1:72:f9:a7:22:
                    df:88:1d:02:a6:10:49:07:22:75:5e:1a:ae:80:40:
                    32:eb:89:a1:0c:f9:4b:0b:3f:2b:bf:03:e3:5f:0c:
                    be:b7:60:b2:a1:66:4d:38:6b:b3:ce:aa:db:a6:1d:
                    30:4e:83:41:08:50:8e:8d:5a:c6:5d:72:12:3c:00:
                    c3:5e:2b:ab:cb:72:d2:e4:08:f2:b8:6e:21:9f:d1:
                    7c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:1C:CE:E7:CB:01:23:45:6F:13:16:DF:F7:05:00:05:9A:48:A0:E8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5ae4ac27-4366-4045-b419-8c2c9e8a175a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:5e:dd:22:c5:bc:f5:41:0f:cb:9f:0b:8d:38:07:d2:61:98:
         a4:48:c7:1b:7f:18:ed:c5:a8:2d:b2:7f:52:18:f7:51:e6:38:
         24:2f:43:60:84:d3:0d:59:e1:a8:54:72:76:89:73:60:60:2e:
         69:14:96:19:a4:57:1c:cc:c6:59:76:4b:cd:8b:4d:c2:a8:93:
         4a:43:f5:0c:72:60:e6:a6:0f:e9:e6:54:06:d3:8d:cb:d3:b0:
         22:56:76:bf:e2:98:0e:0e:a5:6d:e0:10:f1:db:cf:3d:04:54:
         e6:e0:8b:45:c1:46:73:69:f2:3a:74:b9:82:e5:56:db:12:3e:
         78:e8:05:6c:7f:58:45:e6:08:63:e3:19:a2:31:62:f5:bf:1b:
         8c:62:e7:6c:21:55:7b:e6:1c:d5:3f:a3:35:ea:48:56:81:3f:
         3c:ba:38:a5:17:f9:05:ab:28:42:18:dd:ab:d0:54:18:52:b6:
         3d:20:3f:a1:f3:61:df:49:92:3d:13:2e:0c:54:f9:c8:74:2a:
         97:3a:d7:c2:41:3e:e3:af:57:ed:70:ad:8c:9b:ad:52:4c:24:
         11:f9:ed:3f:c4:ad:46:02:38:26:8a:ab:80:22:c2:a8:c1:5f:
         22:84:32:6b:a1:c7:f1:4c:96:a0:4e:df:5c:09:bb:78:eb:b8:
         6a:3a:82:3b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAmSdrpQgP1Ae1tO78EO9dZToWMUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjI4MDAwMDAwWhcNMjMwODAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTI0YjgwNDAyMjM5YzA5YzgzY2IwMDUyODI1ZjFlYTMx
NDgzZWQ2NmI2MTkwZjQwZGJiOTlkNTc1ZjY4MWMwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYLUUUS/jcvV2ZSg8QrzCvw38n+uyPfgO2ob4N52RUkibh
+PoHbqbe84ePXUbnXATciINtLEQxNvjpDeEgwFVZyQnKsPs7N8MiUwwNoBb2ipf0
1JSsl4IsK7pO/aaAr8KK9hIQe+qPVhj0OHLvt6HMvx00HAcKijUyLTR4JiCjPTFl
F6wATzBGDKfxGj3OuNB2CDSelwUlP2j7uZtqYV2/VSvP9hk/oIyyRq8ZJHaxcvmn
It+IHQKmEEkHInVeGq6AQDLriaEM+UsLPyu/A+NfDL63YLKhZk04a7POqtumHTBO
g0EIUI6NWsZdchI8AMNeK6vLctLkCPK4biGf0XytAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeBzO58sBI0VvExbf9wUABZpIoOgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVhZTRhYzI3LTQzNjYtNDA0NS1iNDE5LThjMmM5ZThhMTc1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGNe3SLFvPVBD8ufC404B9JhmKRI
xxt/GO3FqC2yf1IY91HmOCQvQ2CE0w1Z4ahUcnaJc2BgLmkUlhmkVxzMxll2S82L
TcKok0pD9QxyYOamD+nmVAbTjcvTsCJWdr/imA4OpW3gEPHbzz0EVObgi0XBRnNp
8jp0uYLlVtsSPnjoBWx/WEXmCGPjGaIxYvW/G4xi52whVXvmHNU/ozXqSFaBPzy6
OKUX+QWrKEIY3avQVBhStj0gP6HzYd9Jkj0TLgxU+ch0Kpc618JBPuOvV+1wrYyb
rVJMJBH57T/ErUYCOCaKq4AiwqjBXyKEMmuhx/FMlqBO31wJu3jruGo6gjs=
-----END CERTIFICATE-----