Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b53b0484-7639-4088-a3bd-280a8ed2335d.roa
File:                     b53b0484-7639-4088-a3bd-280a8ed2335d.roa (raw, json)
Hash identifier:          1cHYpcw7WcEe7ffVZ8dU+pXU3UVBae4lU1YQkQD0ug0=
Subject key identifier:   58:31:AA:EB:D4:67:14:84:E2:BA:1A:5B:77:C6:51:E7:DC:69:51:E8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       67F0583F3FF15A11974E20DE0C362085D5EE6CC1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b53b0484-7639-4088-a3bd-280a8ed2335d.roa
Signing time:             Fri 21 Jul 2023 00:00:00 +0000
ROA not before:           Fri 21 Jul 2023 00:00:00 +0000
ROA not after:            Fri 25 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:f0:58:3f:3f:f1:5a:11:97:4e:20:de:0c:36:20:85:d5:ee:6c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 21 00:00:00 2023 GMT
            Not After : Aug 25 23:59:59 2023 GMT
        Subject: serialNumber=61376c7186cda4465064a3d968ac5f53372e8f79f8e3be1fedda9fa399670e66, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:45:1e:ac:90:4f:1b:00:e2:cf:40:b1:54:1d:
                    00:b4:2b:e5:a3:66:c3:65:fe:c3:75:23:e9:71:8f:
                    ac:10:94:4b:4f:b6:2c:18:15:6c:7e:11:50:64:67:
                    15:4b:0f:d0:3c:be:35:87:63:27:63:4e:43:82:33:
                    14:27:c2:3e:7b:e5:19:75:27:54:27:a3:88:b5:ec:
                    e8:0f:8f:a9:90:b3:ac:0f:26:db:c6:38:02:b4:cf:
                    ae:43:fa:a2:a7:57:24:0c:e3:75:c6:97:dd:fc:2d:
                    9c:20:d0:b1:fe:04:cd:16:c8:41:53:f3:54:16:c0:
                    bb:99:e3:0e:3a:84:29:aa:43:29:32:f8:c1:8b:d8:
                    54:a0:f3:e6:cc:01:f5:e2:72:01:05:ef:f6:91:db:
                    ba:74:87:1e:bd:21:af:cd:43:e9:99:42:14:b3:80:
                    8c:33:53:a4:40:78:8c:93:38:5e:42:05:9f:10:18:
                    1a:6b:b8:44:0a:52:b6:f2:4a:22:ab:4d:37:78:d8:
                    55:5d:c0:77:00:5e:07:96:83:24:73:90:2c:63:c4:
                    46:c7:70:f0:58:66:82:67:f1:2a:c4:6e:7f:f4:bb:
                    11:f9:a0:62:d6:f3:e4:80:72:71:6c:4d:34:1b:a7:
                    eb:45:d9:90:55:93:9f:7c:24:04:71:8a:96:e9:f1:
                    cd:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:31:AA:EB:D4:67:14:84:E2:BA:1A:5B:77:C6:51:E7:DC:69:51:E8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b53b0484-7639-4088-a3bd-280a8ed2335d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:34:fc:32:b8:e2:e6:b2:30:95:95:12:03:67:be:b4:c3:f2:
         fd:ed:a5:81:85:88:ba:a3:a1:53:7d:0b:e4:e5:c5:43:b5:b3:
         16:4b:72:84:77:79:2c:10:a5:3a:a7:1f:9c:37:f4:1d:e0:84:
         82:22:e4:09:72:83:fc:57:b6:38:19:8f:7f:e3:af:f7:8c:3b:
         e1:7e:75:fe:72:71:0c:5f:ea:23:d2:d3:0c:b7:78:2d:99:20:
         e1:c1:42:c5:5d:32:86:fd:1f:62:ac:2d:1d:f9:28:6d:f8:a8:
         b7:d9:ac:8a:4d:e3:b7:bf:7d:36:66:3c:f4:03:6c:90:d2:ee:
         23:9d:3c:bb:c3:42:8c:e9:b5:8a:02:50:63:6d:63:63:0c:15:
         e6:b6:76:ce:d2:10:c2:50:79:a7:ba:51:4b:64:17:7b:63:3c:
         3b:1a:51:c3:80:5d:5e:fc:85:ea:77:da:64:7b:ec:73:c5:f8:
         4e:08:51:55:6f:78:49:16:e2:3b:ed:26:4d:4e:d8:cf:91:76:
         75:a1:bf:e5:0b:52:23:e1:88:44:19:89:40:3c:72:b6:eb:d0:
         2d:bd:6a:83:50:fb:fa:d6:ec:06:f0:04:00:f6:4a:98:c0:56:
         cb:d0:4c:b7:70:d6:f5:64:f9:66:c8:ea:31:4d:31:c5:79:26:
         dd:aa:7d:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ/BYPz/xWhGXTiDeDDYghdXubMEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzIxMDAwMDAwWhcNMjMwODI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTM3NmM3MTg2Y2RhNDQ2NTA2NGEzZDk2OGFjNWY1MzM3
MmU4Zjc5ZjhlM2JlMWZlZGRhOWZhMzk5NjcwZTY2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0RR6skE8bAOLPQLFUHQC0K+WjZsNl/sN1I+lxj6wQlEtP
tiwYFWx+EVBkZxVLD9A8vjWHYydjTkOCMxQnwj575Rl1J1Qno4i17OgPj6mQs6wP
JtvGOAK0z65D+qKnVyQM43XGl938LZwg0LH+BM0WyEFT81QWwLuZ4w46hCmqQyky
+MGL2FSg8+bMAfXicgEF7/aR27p0hx69Ia/NQ+mZQhSzgIwzU6RAeIyTOF5CBZ8Q
GBpruEQKUrbySiKrTTd42FVdwHcAXgeWgyRzkCxjxEbHcPBYZoJn8SrEbn/0uxH5
oGLW8+SAcnFsTTQbp+tF2ZBVk598JARxipbp8c3JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWDGq69RnFITiuhpbd8ZR59xpUegwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I1M2IwNDg0LTc2MzktNDA4OC1hM2JkLTI4MGE4ZWQyMzM1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGI0/DK44uayMJWVEgNnvrTD8v3t
pYGFiLqjoVN9C+TlxUO1sxZLcoR3eSwQpTqnH5w39B3ghIIi5Alyg/xXtjgZj3/j
r/eMO+F+df5ycQxf6iPS0wy3eC2ZIOHBQsVdMob9H2KsLR35KG34qLfZrIpN47e/
fTZmPPQDbJDS7iOdPLvDQozptYoCUGNtY2MMFea2ds7SEMJQeae6UUtkF3tjPDsa
UcOAXV78hep32mR77HPF+E4IUVVveEkW4jvtJk1O2M+RdnWhv+ULUiPhiEQZiUA8
crbr0C29aoNQ+/rW7AbwBAD2SpjAVsvQTLdw1vVk+WbI6jFNMcV5Jt2qfVQ=
-----END CERTIFICATE-----