Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bfaf409c-b688-4298-99f5-b70de0b0d5c7.roa
File:                     bfaf409c-b688-4298-99f5-b70de0b0d5c7.roa (raw, json)
Hash identifier:          SzEf/oMAqK0Q1cRdf0oI6pGXPar05rqtgWSfQOFmI7A=
Subject key identifier:   B9:2B:34:DB:56:8D:47:6B:65:F0:3F:B2:DD:4D:20:0A:68:CE:29:BD
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2E346150D99BB27814C4559750CAECB786BCFA73
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bfaf409c-b688-4298-99f5-b70de0b0d5c7.roa
Signing time:             Mon 21 Aug 2023 00:00:00 +0000
ROA not before:           Mon 21 Aug 2023 00:00:00 +0000
ROA not after:            Mon 25 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:34:61:50:d9:9b:b2:78:14:c4:55:97:50:ca:ec:b7:86:bc:fa:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 21 00:00:00 2023 GMT
            Not After : Sep 25 23:59:59 2023 GMT
        Subject: serialNumber=ac4cdac9510ab347ca32227a0592548aaad531f6039bee55188eda0649156cb6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:31:7d:04:a5:a4:72:29:50:85:ae:31:d0:71:
                    5e:2c:09:1f:1d:cb:09:1c:60:5e:88:a2:32:08:ba:
                    04:a1:93:6c:78:42:20:0a:d4:e5:84:80:0f:86:10:
                    00:0f:72:24:55:fa:69:d8:a4:7f:3e:ac:39:d1:4e:
                    01:e3:48:b2:e5:b8:d8:c4:1a:46:b8:2d:1e:e9:e4:
                    dc:ee:b4:e3:c4:48:55:89:cf:aa:fd:75:54:76:97:
                    3f:6e:b6:35:ff:4b:e1:1f:93:9f:7a:f4:77:d4:a8:
                    9e:70:d9:63:10:b4:07:01:8c:d3:70:e1:64:1b:64:
                    df:12:b8:cc:a5:ed:73:1d:5a:9d:3b:e8:14:62:a6:
                    f2:77:d6:53:7c:1d:8f:04:e1:bf:9b:00:55:11:bc:
                    65:78:4c:34:ed:d3:f2:47:4a:65:b0:67:d9:fc:3a:
                    b2:07:82:be:23:0d:96:d6:73:32:47:8c:c2:04:fa:
                    b0:2b:ba:4f:05:4a:89:b8:50:90:7a:cc:6f:7b:06:
                    74:3c:a9:58:c1:0a:30:18:08:93:9e:1c:0a:ab:cb:
                    4f:08:59:51:92:0e:08:18:71:e6:a6:24:2d:db:df:
                    f8:7d:5d:68:f3:ea:b9:48:8c:3c:19:fa:ae:fe:54:
                    d2:3a:42:83:d8:f5:cc:c7:41:93:08:22:31:a5:6e:
                    b0:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:2B:34:DB:56:8D:47:6B:65:F0:3F:B2:DD:4D:20:0A:68:CE:29:BD
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bfaf409c-b688-4298-99f5-b70de0b0d5c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:b2:6b:50:d4:f1:f2:e3:a2:5b:dd:25:56:95:0c:dd:50:fa:
         13:c7:81:30:98:6a:4f:7e:0b:da:5f:87:97:cc:39:ec:ab:20:
         92:ea:2b:4f:89:ad:0d:c8:4c:fb:fa:66:3d:d0:75:78:8d:4b:
         ca:93:49:fb:7c:f5:19:99:4c:2c:86:b3:4e:4a:83:2e:53:fd:
         87:bc:f9:4c:a9:56:7c:30:83:17:f5:5a:20:94:04:3e:fc:a9:
         21:da:98:a8:09:5e:cd:81:55:5b:26:a0:1a:93:a7:1f:60:b9:
         02:95:54:84:90:c1:99:82:c6:b0:55:1c:fc:ed:c1:df:f4:7a:
         42:1a:56:30:34:b4:a3:7f:de:de:77:df:f2:66:74:57:cf:d9:
         0e:01:34:1a:20:46:5c:bc:61:21:b5:8d:32:0b:fc:37:a8:c1:
         11:af:27:c5:27:49:b4:40:ea:fe:7b:bf:d8:61:30:4a:fe:90:
         1c:1b:32:54:b5:2e:a9:72:f4:96:2c:c1:5c:89:75:72:11:ce:
         1a:c9:d8:72:e3:d7:19:f0:53:92:08:64:65:d4:40:45:b0:02:
         c0:8b:a9:24:81:0e:38:a9:78:2d:19:33:33:3b:d2:9d:94:6f:
         5e:67:e7:3b:13:cf:cf:a2:47:9f:37:18:c4:8b:ca:f9:76:31:
         a4:82:44:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULjRhUNmbsngUxFWXUMrst4a8+nMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODIxMDAwMDAwWhcNMjMwOTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYzRjZGFjOTUxMGFiMzQ3Y2EzMjIyN2EwNTkyNTQ4YWFh
ZDUzMWY2MDM5YmVlNTUxODhlZGEwNjQ5MTU2Y2I2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDwMX0EpaRyKVCFrjHQcV4sCR8dywkcYF6IojIIugShk2x4
QiAK1OWEgA+GEAAPciRV+mnYpH8+rDnRTgHjSLLluNjEGka4LR7p5NzutOPESFWJ
z6r9dVR2lz9utjX/S+Efk5969HfUqJ5w2WMQtAcBjNNw4WQbZN8SuMyl7XMdWp07
6BRipvJ31lN8HY8E4b+bAFURvGV4TDTt0/JHSmWwZ9n8OrIHgr4jDZbWczJHjMIE
+rAruk8FSom4UJB6zG97BnQ8qVjBCjAYCJOeHAqry08IWVGSDggYceamJC3b3/h9
XWjz6rlIjDwZ+q7+VNI6QoPY9czHQZMIIjGlbrCXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuSs021aNR2tl8D+y3U0gCmjOKb0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JmYWY0MDljLWI2ODgtNDI5OC05OWY1LWI3MGRlMGIwZDVjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAACya1DU8fLjolvdJVaVDN1Q+hPH
gTCYak9+C9pfh5fMOeyrIJLqK0+JrQ3ITPv6Zj3QdXiNS8qTSft89RmZTCyGs05K
gy5T/Ye8+UypVnwwgxf1WiCUBD78qSHamKgJXs2BVVsmoBqTpx9guQKVVISQwZmC
xrBVHPztwd/0ekIaVjA0tKN/3t533/JmdFfP2Q4BNBogRly8YSG1jTIL/DeowRGv
J8UnSbRA6v57v9hhMEr+kBwbMlS1Lqly9JYswVyJdXIRzhrJ2HLj1xnwU5IIZGXU
QEWwAsCLqSSBDjipeC0ZMzM70p2Ub15n5zsTz8+iR583GMSLyvl2MaSCRCY=
-----END CERTIFICATE-----