Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c7259307-90de-4241-b9e2-c1db39deadf1.roa
File:                     c7259307-90de-4241-b9e2-c1db39deadf1.roa (raw, json)
Hash identifier:          1QsIidE0lJXRabb0MXH5GS3PFjVoiYV1OKQ2PpRypg0=
Subject key identifier:   05:41:5B:29:33:AF:FE:FE:19:35:8C:EA:A8:38:36:E2:5F:16:7B:F8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5767685E60B78D4E2CD3D452797964CC186E5A45
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c7259307-90de-4241-b9e2-c1db39deadf1.roa
Signing time:             Tue 07 Nov 2023 00:00:00 +0000
ROA not before:           Tue 07 Nov 2023 00:00:00 +0000
ROA not after:            Tue 12 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:67:68:5e:60:b7:8d:4e:2c:d3:d4:52:79:79:64:cc:18:6e:5a:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  7 00:00:00 2023 GMT
            Not After : Dec 12 23:59:59 2023 GMT
        Subject: serialNumber=c11b105e5c4ff04a7ec88c6082ace81f4c72ddfbf19ebdb971c475c06ec81145, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5f:32:35:ea:66:fa:6f:18:f1:23:f8:00:80:
                    5d:d5:2b:e9:92:3f:9d:95:62:fd:94:59:42:0a:64:
                    5d:99:69:c6:8e:f2:37:d3:c4:0e:1d:45:43:3f:ce:
                    7d:a1:03:d4:ab:ce:d9:38:c5:74:eb:0a:d4:d8:72:
                    43:14:9e:6e:98:7d:73:a5:96:c6:c9:ab:2e:ba:ad:
                    ff:25:46:ff:f3:ed:03:20:b0:de:79:cd:a1:95:63:
                    45:10:57:38:b7:60:8a:9a:6e:77:b7:90:30:b5:37:
                    ca:3d:ad:fc:ac:27:ef:a5:74:a2:6e:76:f5:b0:7c:
                    d0:f9:9f:ba:7d:7e:0a:d8:9b:c5:02:b4:83:15:f6:
                    a2:bc:20:b3:67:5d:f5:f4:3e:3a:01:8c:3e:87:60:
                    17:59:78:5f:85:76:a5:73:16:d4:de:f3:ab:a5:f5:
                    db:b3:59:4f:1a:e8:e4:2b:f3:6f:5a:8e:56:d8:cd:
                    63:7b:40:65:ab:5d:22:19:cc:33:f0:b8:4f:0f:41:
                    34:13:81:1c:c6:e7:65:21:96:95:84:8d:dd:c1:c2:
                    5b:b7:87:6a:18:b0:ae:7b:d2:f5:56:cf:99:a7:03:
                    f6:11:83:51:bc:7f:4f:bb:0f:27:b0:f0:d8:00:5b:
                    8f:57:84:c8:a5:5d:63:41:23:df:49:ba:4c:de:5e:
                    40:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:41:5B:29:33:AF:FE:FE:19:35:8C:EA:A8:38:36:E2:5F:16:7B:F8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c7259307-90de-4241-b9e2-c1db39deadf1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:c7:9a:27:ea:b8:55:47:ef:88:23:39:41:b1:aa:45:67:05:
         a1:cd:76:fa:65:20:f1:7d:99:85:d0:cd:9a:63:69:62:f9:27:
         3d:d1:77:25:58:9b:30:9b:3e:7b:42:86:ce:2f:00:74:ea:c8:
         aa:77:99:ce:0d:b9:82:35:ab:51:92:74:c2:f8:a9:a3:7b:b4:
         b0:1b:b3:c1:72:7c:20:66:6c:56:16:df:a7:d7:f3:46:d6:be:
         88:ab:bf:98:30:11:d5:94:7b:51:55:1f:f0:22:f9:b0:42:e5:
         52:25:b1:82:4a:51:d4:77:80:8a:d4:62:02:22:b5:7c:34:9f:
         61:c2:85:2c:23:6a:43:56:39:47:2f:03:c3:36:75:05:97:ff:
         a5:6a:b0:1a:c4:fa:96:01:79:2b:2f:82:02:aa:c3:f3:7c:cf:
         09:1c:42:3d:ba:05:e2:b1:eb:82:cf:bb:5a:20:5a:d4:f2:44:
         dc:e2:e1:50:ef:82:a2:76:f4:4c:f0:ab:bc:52:6b:c3:ed:ba:
         9b:39:0a:75:33:51:94:66:ad:07:b7:4d:74:a5:e1:06:64:64:
         75:aa:85:f8:d7:94:ca:74:57:3e:c6:df:c2:82:20:84:58:56:
         1b:c7:15:3b:5b:d9:9f:0b:04:84:f8:d6:96:21:ef:92:ab:fa:
         14:b8:f4:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV2doXmC3jU4s09RSeXlkzBhuWkUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA3MDAwMDAwWhcNMjMxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMTFiMTA1ZTVjNGZmMDRhN2VjODhjNjA4MmFjZTgxZjRj
NzJkZGZiZjE5ZWJkYjk3MWM0NzVjMDZlYzgxMTQ1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtXzI16mb6bxjxI/gAgF3VK+mSP52VYv2UWUIKZF2ZacaO
8jfTxA4dRUM/zn2hA9Srztk4xXTrCtTYckMUnm6YfXOllsbJqy66rf8lRv/z7QMg
sN55zaGVY0UQVzi3YIqabne3kDC1N8o9rfysJ++ldKJudvWwfND5n7p9fgrYm8UC
tIMV9qK8ILNnXfX0PjoBjD6HYBdZeF+FdqVzFtTe86ul9duzWU8a6OQr829ajlbY
zWN7QGWrXSIZzDPwuE8PQTQTgRzG52UhlpWEjd3Bwlu3h2oYsK570vVWz5mnA/YR
g1G8f0+7Dyew8NgAW49XhMilXWNBI99JukzeXkAXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBUFbKTOv/v4ZNYzqqDg24l8We/gwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2M3MjU5MzA3LTkwZGUtNDI0MS1iOWUyLWMxZGIzOWRlYWRmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIfHmifquFVH74gjOUGxqkVnBaHN
dvplIPF9mYXQzZpjaWL5Jz3RdyVYmzCbPntChs4vAHTqyKp3mc4NuYI1q1GSdML4
qaN7tLAbs8FyfCBmbFYW36fX80bWvoirv5gwEdWUe1FVH/Ai+bBC5VIlsYJKUdR3
gIrUYgIitXw0n2HChSwjakNWOUcvA8M2dQWX/6VqsBrE+pYBeSsvggKqw/N8zwkc
Qj26BeKx64LPu1ogWtTyRNzi4VDvgqJ29Ezwq7xSa8Ptups5CnUzUZRmrQe3TXSl
4QZkZHWqhfjXlMp0Vz7G38KCIIRYVhvHFTtb2Z8LBIT41pYh75Kr+hS49JA=
-----END CERTIFICATE-----