Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1f2bfa91-b4b9-46fe-b513-3a5b2ae3c9bc.roa
File:                     1f2bfa91-b4b9-46fe-b513-3a5b2ae3c9bc.roa (raw, json)
Hash identifier:          Wj21Vx/3Uh6OLUj7iVgBgtAd+DWZ9JkJc8AXfBsN/OE=
Subject key identifier:   50:E7:2F:DA:B4:5A:67:C6:C0:2F:3B:C9:1B:2D:E2:BE:01:20:83:5B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       603461E60C4F89DED21C8DDC34EFC8AA78F5259B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1f2bfa91-b4b9-46fe-b513-3a5b2ae3c9bc.roa
Signing time:             Tue 18 Jul 2023 00:00:00 +0000
ROA not before:           Tue 18 Jul 2023 00:00:00 +0000
ROA not after:            Tue 22 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:34:61:e6:0c:4f:89:de:d2:1c:8d:dc:34:ef:c8:aa:78:f5:25:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 18 00:00:00 2023 GMT
            Not After : Aug 22 23:59:59 2023 GMT
        Subject: serialNumber=88035978eab7b2d06b58b5a26605d4f6a6c73f79d9383c213e78a1a0731966b6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:c4:61:00:2a:53:e8:e2:da:8f:57:0f:7c:a6:
                    a6:c8:6b:9a:94:b8:33:79:5a:21:a8:cd:dd:77:17:
                    22:66:0d:a7:6c:51:c1:35:6d:3c:17:fd:6b:d6:e0:
                    80:bd:f4:18:bd:ba:e9:f7:4a:0d:96:dd:15:d4:80:
                    d1:7b:d7:a8:10:0c:91:c3:d9:93:a7:bb:02:a8:f5:
                    31:c4:75:c9:1a:76:f3:3b:67:c5:c6:77:8c:1a:f4:
                    ed:72:de:01:a9:e6:00:0d:7d:b2:ff:78:bd:e4:d3:
                    31:21:4d:03:88:21:e0:a9:39:c8:13:98:01:af:6c:
                    f8:4a:52:c7:44:99:20:b6:20:0e:be:a4:67:50:55:
                    60:5f:c0:8b:34:bb:3a:73:40:a3:12:34:59:47:6c:
                    f0:70:df:b9:04:e6:54:9b:e1:a2:a2:a8:75:a2:57:
                    25:4c:68:82:21:81:86:22:86:c9:e8:7a:90:3c:01:
                    88:ef:1d:c4:97:28:ea:4d:8a:cf:79:9b:57:d0:65:
                    f1:9b:be:5c:4a:07:3f:b4:be:a3:6d:33:45:30:da:
                    2f:fd:77:85:9d:fe:24:c8:5a:10:ce:e1:23:4e:cc:
                    a7:8d:11:0e:b6:63:da:d3:e5:bf:18:fb:62:76:1d:
                    d4:75:69:b9:89:ea:2f:69:c1:5b:ee:45:b2:e6:65:
                    b6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E7:2F:DA:B4:5A:67:C6:C0:2F:3B:C9:1B:2D:E2:BE:01:20:83:5B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1f2bfa91-b4b9-46fe-b513-3a5b2ae3c9bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:dd:7f:98:79:05:7e:d0:04:2d:d2:59:73:17:e5:80:5b:e8:
         bd:12:77:e8:a3:8b:92:4d:9b:4e:a6:9b:83:a9:c6:30:a0:77:
         b3:fc:5d:c8:90:42:f0:7c:08:12:9a:2d:97:ed:59:06:37:39:
         73:7f:7b:9b:19:52:98:3f:8a:d8:f7:da:d7:17:eb:bc:a6:7a:
         07:55:52:78:19:da:7c:d8:98:bc:96:91:0d:9f:fd:f1:e8:3e:
         3b:fe:f7:1a:8a:3d:7a:15:7c:a2:40:e3:25:4c:69:13:85:bb:
         0b:99:66:37:1d:40:38:cf:70:8b:5c:0c:8b:28:57:44:ad:e3:
         b8:e3:f2:64:5d:90:c2:4f:fd:0b:41:ed:db:8a:b3:d0:4f:6f:
         f6:52:0a:aa:56:f9:a9:cc:32:b5:cc:20:22:0a:08:2c:17:29:
         0f:3e:97:67:00:09:a2:34:af:d4:8e:8b:9e:af:a3:7d:94:37:
         15:2e:2d:95:79:7f:73:c3:71:54:00:cb:50:1c:e1:c3:2f:7e:
         f1:e9:a5:45:57:c3:ab:64:d0:3f:5e:13:ae:5b:8e:53:c9:4d:
         7d:33:70:df:57:5f:54:ac:63:78:1e:7a:1b:ac:a3:29:f5:f0:
         4d:e6:52:8b:cd:c7:47:47:ad:6b:1a:93:ff:b3:08:2b:7a:75:
         04:5d:15:53
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYDRh5gxPid7SHI3cNO/Iqnj1JZswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzE4MDAwMDAwWhcNMjMwODIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ODAzNTk3OGVhYjdiMmQwNmI1OGI1YTI2NjA1ZDRmNmE2
YzczZjc5ZDkzODNjMjEzZTc4YTFhMDczMTk2NmI2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfxGEAKlPo4tqPVw98pqbIa5qUuDN5WiGozd13FyJmDads
UcE1bTwX/WvW4IC99Bi9uun3Sg2W3RXUgNF716gQDJHD2ZOnuwKo9THEdckadvM7
Z8XGd4wa9O1y3gGp5gANfbL/eL3k0zEhTQOIIeCpOcgTmAGvbPhKUsdEmSC2IA6+
pGdQVWBfwIs0uzpzQKMSNFlHbPBw37kE5lSb4aKiqHWiVyVMaIIhgYYihsnoepA8
AYjvHcSXKOpNis95m1fQZfGbvlxKBz+0vqNtM0Uw2i/9d4Wd/iTIWhDO4SNOzKeN
EQ62Y9rT5b8Y+2J2HdR1abmJ6i9pwVvuRbLmZbY/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUOcv2rRaZ8bALzvJGy3ivgEgg1swHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFmMmJmYTkxLWI0YjktNDZmZS1iNTEzLTNhNWIyYWUzYzliYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABfdf5h5BX7QBC3SWXMX5YBb6L0S
d+iji5JNm06mm4OpxjCgd7P8XciQQvB8CBKaLZftWQY3OXN/e5sZUpg/itj32tcX
67ymegdVUngZ2nzYmLyWkQ2f/fHoPjv+9xqKPXoVfKJA4yVMaROFuwuZZjcdQDjP
cItcDIsoV0St47jj8mRdkMJP/QtB7duKs9BPb/ZSCqpW+anMMrXMICIKCCwXKQ8+
l2cACaI0r9SOi56vo32UNxUuLZV5f3PDcVQAy1Ac4cMvfvHppUVXw6tk0D9eE65b
jlPJTX0zcN9XX1SsY3geehusoyn18E3mUovNx0dHrWsak/+zCCt6dQRdFVM=
-----END CERTIFICATE-----