Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/27bdc2aa-e7d2-4855-9ced-1656e3ef236c.roa
File:                     27bdc2aa-e7d2-4855-9ced-1656e3ef236c.roa (raw, json)
Hash identifier:          GfeA4zeQ7VnClcHlxl2SwYvMCWvQB6vHJudx2oopEIM=
Subject key identifier:   F8:7E:0E:E9:F6:71:0E:EB:62:2E:38:4C:DA:C7:CB:4F:D9:EC:57:79
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       467CA19899A20309991CF705C9A2CF953BC9E4A3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/27bdc2aa-e7d2-4855-9ced-1656e3ef236c.roa
Signing time:             Fri 17 Nov 2023 00:00:00 +0000
ROA not before:           Fri 17 Nov 2023 00:00:00 +0000
ROA not after:            Fri 22 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:7c:a1:98:99:a2:03:09:99:1c:f7:05:c9:a2:cf:95:3b:c9:e4:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 17 00:00:00 2023 GMT
            Not After : Dec 22 23:59:59 2023 GMT
        Subject: serialNumber=bd169a5420799672e4a58d6083f646004b6acc8302e85aff30d518db04dc5edf, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:42:03:12:8e:08:0c:ed:2c:0a:48:3c:0c:73:
                    98:96:56:56:51:17:40:71:ae:3c:80:2b:02:43:c5:
                    f1:45:94:68:f7:a4:1a:9d:b8:fe:99:3c:02:d9:2b:
                    56:da:6c:cc:cc:3c:5b:39:f5:e9:0e:36:87:3a:93:
                    7b:da:84:d3:50:8e:8f:27:64:8b:44:0b:0e:73:b9:
                    1c:41:08:8a:ae:93:2e:84:6f:be:76:1b:87:3e:13:
                    0a:35:e1:d3:30:08:6b:da:66:57:12:bc:23:c6:ea:
                    db:ac:d9:c9:84:d2:ca:22:31:92:25:68:b3:e5:dc:
                    94:4c:49:ae:0a:3c:ea:c3:e2:10:e0:55:5b:2a:ed:
                    cb:f9:f7:26:7d:5c:c6:56:72:b8:a7:76:64:c7:30:
                    be:4e:a5:b0:cc:5e:21:f1:18:24:e2:73:1e:af:cd:
                    45:44:c7:46:9a:1a:e3:ff:94:bc:02:3f:d1:a9:4a:
                    21:9a:23:ed:97:f5:58:d5:4f:49:e3:c6:1d:8c:4f:
                    a4:e5:ef:f9:23:91:f8:de:29:43:c3:c6:b7:48:38:
                    b6:6c:ca:a3:df:37:77:10:d7:d8:a1:1a:9e:75:e8:
                    92:4a:af:85:a1:55:e0:de:8b:51:cb:05:24:50:57:
                    b6:cb:fe:43:7f:e8:1a:fe:02:eb:e2:b3:39:db:83:
                    ca:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:7E:0E:E9:F6:71:0E:EB:62:2E:38:4C:DA:C7:CB:4F:D9:EC:57:79
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/27bdc2aa-e7d2-4855-9ced-1656e3ef236c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:4d:db:6d:6f:34:2a:32:27:42:a4:74:0c:91:e2:20:f2:4a:
         e8:62:c2:d2:ba:42:ee:c8:fc:50:d7:7a:54:8c:fa:4e:89:21:
         f6:60:59:de:48:1b:68:17:50:00:b2:dd:05:33:ee:79:1b:ed:
         b3:8b:c8:b2:66:9b:0b:fa:bd:e7:c5:1c:30:b3:a0:da:f9:c5:
         4b:82:f4:8a:fd:0b:31:e9:b0:51:4a:fd:fc:ad:8e:cc:76:9b:
         9b:fa:93:bd:6a:6b:96:dc:f5:dd:69:12:b1:39:84:95:0e:60:
         dc:9b:85:65:3b:66:4b:71:08:17:27:fb:75:c6:1d:2d:10:20:
         11:e0:92:61:3d:48:93:99:45:81:f8:90:13:7f:10:74:b8:73:
         d2:28:cd:fd:51:07:11:7d:bb:ae:2f:a3:f6:15:83:b6:26:0d:
         73:f1:af:f8:4b:68:6a:58:91:23:cf:c0:62:2d:e0:81:8c:e8:
         2e:86:f8:b6:a7:46:ba:99:7a:66:82:d6:80:ba:6e:fb:f5:2e:
         b8:58:0c:4e:07:5b:05:0d:5f:b8:16:a4:8d:4d:7c:05:42:4b:
         cf:ad:00:6d:26:8c:82:d6:1b:a0:10:38:e4:1b:44:62:a1:4f:
         8f:6c:30:b4:68:ea:c9:70:be:0c:1f:61:1c:2a:c7:eb:6a:87:
         17:7c:89:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURnyhmJmiAwmZHPcFyaLPlTvJ5KMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE3MDAwMDAwWhcNMjMxMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZDE2OWE1NDIwNzk5NjcyZTRhNThkNjA4M2Y2NDYwMDRi
NmFjYzgzMDJlODVhZmYzMGQ1MThkYjA0ZGM1ZWRmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUQgMSjggM7SwKSDwMc5iWVlZRF0BxrjyAKwJDxfFFlGj3
pBqduP6ZPALZK1babMzMPFs59ekONoc6k3vahNNQjo8nZItECw5zuRxBCIquky6E
b752G4c+Ewo14dMwCGvaZlcSvCPG6tus2cmE0soiMZIlaLPl3JRMSa4KPOrD4hDg
VVsq7cv59yZ9XMZWcrindmTHML5OpbDMXiHxGCTicx6vzUVEx0aaGuP/lLwCP9Gp
SiGaI+2X9VjVT0njxh2MT6Tl7/kjkfjeKUPDxrdIOLZsyqPfN3cQ19ihGp516JJK
r4WhVeDei1HLBSRQV7bL/kN/6Br+Auvisznbg8orAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+H4O6fZxDutiLjhM2sfLT9nsV3kwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI3YmRjMmFhLWU3ZDItNDg1NS05Y2VkLTE2NTZlM2VmMjM2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABtN221vNCoyJ0KkdAyR4iDySuhi
wtK6Qu7I/FDXelSM+k6JIfZgWd5IG2gXUACy3QUz7nkb7bOLyLJmmwv6vefFHDCz
oNr5xUuC9Ir9CzHpsFFK/fytjsx2m5v6k71qa5bc9d1pErE5hJUOYNybhWU7Zktx
CBcn+3XGHS0QIBHgkmE9SJOZRYH4kBN/EHS4c9Iozf1RBxF9u64vo/YVg7YmDXPx
r/hLaGpYkSPPwGIt4IGM6C6G+LanRrqZemaC1oC6bvv1LrhYDE4HWwUNX7gWpI1N
fAVCS8+tAG0mjILWG6AQOOQbRGKhT49sMLRo6slwvgwfYRwqx+tqhxd8iR8=
-----END CERTIFICATE-----