Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/32de3b36-285a-49ad-aec9-dce71e387248.roa
File:                     32de3b36-285a-49ad-aec9-dce71e387248.roa (raw, json)
Hash identifier:          Sz6muB+K8/6vL6LGV+l99BeYZisBN0/3nRJ0Gw8PXiQ=
Subject key identifier:   C5:CC:44:3F:33:67:40:90:5B:9E:B1:77:31:17:25:33:CB:75:C1:DB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       56A61A4F3E696CBA59328347938E6ABAAC7BD926
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/32de3b36-285a-49ad-aec9-dce71e387248.roa
Signing time:             Mon 11 Sep 2023 00:00:00 +0000
ROA not before:           Mon 11 Sep 2023 00:00:00 +0000
ROA not after:            Mon 16 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:a6:1a:4f:3e:69:6c:ba:59:32:83:47:93:8e:6a:ba:ac:7b:d9:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 11 00:00:00 2023 GMT
            Not After : Oct 16 23:59:59 2023 GMT
        Subject: serialNumber=a64467bbb90546bf968042063677043bacda2577dd342d8283956c93a2cebc23, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:27:2f:cb:10:95:75:fb:82:2c:c9:d4:df:fd:
                    1f:1a:fe:95:27:71:2d:33:fb:25:0b:9f:22:e8:ab:
                    0b:46:43:b8:17:84:f5:21:4d:d4:f4:80:f5:4b:63:
                    a5:ed:79:b4:54:d9:11:70:7a:41:80:21:3e:75:d2:
                    63:33:97:38:2e:9d:2d:71:d8:4e:88:a0:b0:39:3d:
                    20:c5:eb:74:48:d4:04:12:18:0f:0c:0a:2d:9f:03:
                    48:99:15:10:f9:ea:43:83:1c:df:33:2e:a6:dd:50:
                    08:d8:18:c6:db:ac:74:d8:d1:a0:cf:99:bc:29:28:
                    9c:19:2c:c1:3f:19:57:a2:9b:9e:bb:3a:5e:53:89:
                    78:ea:45:4e:fd:89:cd:8c:4b:74:f3:7e:98:c3:7c:
                    6c:c0:7a:76:e0:1e:7c:2b:3f:91:a4:28:7e:81:29:
                    a9:66:04:cb:5b:69:c5:29:65:69:b8:92:c9:f4:56:
                    d8:3f:9a:2d:fb:48:cc:98:a0:cd:0f:1a:24:5b:79:
                    e9:68:fc:fd:e2:a6:ac:9d:f1:c2:78:37:2b:fa:8d:
                    b4:3d:3f:a3:85:97:9d:27:bb:3a:6f:a5:35:f3:26:
                    5b:89:57:b3:44:78:ea:31:1d:9f:35:49:7f:6b:1a:
                    33:b0:d3:67:88:72:0d:3f:6a:b1:aa:26:33:4a:e6:
                    db:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:CC:44:3F:33:67:40:90:5B:9E:B1:77:31:17:25:33:CB:75:C1:DB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/32de3b36-285a-49ad-aec9-dce71e387248.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:4f:77:0f:d6:3d:3e:70:93:bc:3b:c6:19:5b:f9:91:3a:28:
         e7:ac:0a:c1:56:af:b5:72:49:31:8c:ae:1c:6b:ba:d7:03:b1:
         87:af:b0:f5:89:f5:67:0a:c1:a0:dc:88:ac:ba:e3:6c:2f:c8:
         f3:ba:70:eb:ab:7f:56:1d:81:a8:b4:5b:3a:11:1e:fe:ef:31:
         79:50:ef:a4:b8:88:03:9e:fa:28:8f:f5:e1:15:46:0a:f7:34:
         78:28:34:08:61:61:12:59:5a:27:77:00:45:b0:b3:f4:13:c1:
         32:03:02:9f:5b:22:d7:05:38:8f:ae:c2:62:27:87:12:3a:3b:
         42:d4:81:9f:df:90:ca:44:16:ab:58:95:61:f4:8e:f3:5d:2e:
         ff:4b:30:19:29:65:d2:81:b4:81:de:96:e5:be:69:be:81:66:
         a2:57:f6:f6:f6:8a:27:a3:f7:6e:f0:d0:9b:ba:d1:78:00:3b:
         01:1d:d9:40:34:c7:45:19:c2:a0:c6:dc:3a:9d:77:83:ee:ec:
         5e:69:0c:52:4f:c5:10:dd:fb:6e:b5:cd:2e:8a:58:6d:79:14:
         ec:59:44:de:af:7f:be:9d:9e:77:74:4f:40:d7:f9:0f:30:07:
         55:b5:4c:a1:73:46:86:c5:fe:a1:07:2d:b9:12:a0:a8:5f:8b:
         8c:32:be:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVqYaTz5pbLpZMoNHk45quqx72SYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTExMDAwMDAwWhcNMjMxMDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNjQ0NjdiYmI5MDU0NmJmOTY4MDQyMDYzNjc3MDQzYmFj
ZGEyNTc3ZGQzNDJkODI4Mzk1NmM5M2EyY2ViYzIzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9Jy/LEJV1+4IsydTf/R8a/pUncS0z+yULnyLoqwtGQ7gX
hPUhTdT0gPVLY6XtebRU2RFwekGAIT510mMzlzgunS1x2E6IoLA5PSDF63RI1AQS
GA8MCi2fA0iZFRD56kODHN8zLqbdUAjYGMbbrHTY0aDPmbwpKJwZLME/GVeim567
Ol5TiXjqRU79ic2MS3TzfpjDfGzAenbgHnwrP5GkKH6BKalmBMtbacUpZWm4ksn0
Vtg/mi37SMyYoM0PGiRbeelo/P3ipqyd8cJ4Nyv6jbQ9P6OFl50nuzpvpTXzJluJ
V7NEeOoxHZ81SX9rGjOw02eIcg0/arGqJjNK5tujAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxcxEPzNnQJBbnrF3MRclM8t1wdswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMyZGUzYjM2LTI4NWEtNDlhZC1hZWM5LWRjZTcxZTM4NzI0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADtPdw/WPT5wk7w7xhlb+ZE6KOes
CsFWr7VySTGMrhxrutcDsYevsPWJ9WcKwaDciKy642wvyPO6cOurf1Ydgai0WzoR
Hv7vMXlQ76S4iAOe+iiP9eEVRgr3NHgoNAhhYRJZWid3AEWws/QTwTIDAp9bItcF
OI+uwmInhxI6O0LUgZ/fkMpEFqtYlWH0jvNdLv9LMBkpZdKBtIHeluW+ab6BZqJX
9vb2iiej927w0Ju60XgAOwEd2UA0x0UZwqDG3Dqdd4Pu7F5pDFJPxRDd+261zS6K
WG15FOxZRN6vf76dnnd0T0DX+Q8wB1W1TKFzRobF/qEHLbkSoKhfi4wyvlc=
-----END CERTIFICATE-----