Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ffe18bf7-a5e2-44b6-acd5-238ea4718f20.roa
File:                     ffe18bf7-a5e2-44b6-acd5-238ea4718f20.roa (raw, json)
Hash identifier:          6yWLnWG7tdRMS3Wq0DjyLicS83avRd1sSMX8h8iuOoc=
Subject key identifier:   0B:6A:BC:A4:07:9D:2C:46:7B:59:A6:6D:77:39:0A:27:E5:F5:EB:12
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0C32BDCCDE94949E74E36622E9501A309856499F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ffe18bf7-a5e2-44b6-acd5-238ea4718f20.roa
Signing time:             Thu 09 Nov 2023 00:00:00 +0000
ROA not before:           Thu 09 Nov 2023 00:00:00 +0000
ROA not after:            Thu 14 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:32:bd:cc:de:94:94:9e:74:e3:66:22:e9:50:1a:30:98:56:49:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  9 00:00:00 2023 GMT
            Not After : Dec 14 23:59:59 2023 GMT
        Subject: serialNumber=fd9cabb21f09685928b6650411725aad2d274a5fee152bb2ad1dd8aa9b950f31, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:20:21:ca:99:a5:40:5a:62:e4:87:c1:e8:25:
                    b1:38:75:66:03:88:c0:d7:7a:0d:95:a8:3a:3b:97:
                    66:56:8f:b4:a1:66:c4:4e:75:81:5e:8c:c8:55:0b:
                    28:aa:fe:54:7a:96:a2:6f:f3:31:12:6b:de:0b:c5:
                    3c:70:75:a2:31:f5:96:42:14:e5:6d:09:91:95:ed:
                    ca:c9:b6:a6:66:92:22:fa:72:5a:47:6c:88:6b:30:
                    6c:66:44:f2:cc:3f:b1:bf:0f:90:4b:2a:aa:6d:ab:
                    76:05:79:38:ed:5f:c8:54:45:b0:4f:8b:8a:08:1f:
                    a5:35:e5:a8:9c:a7:5a:12:2c:2c:87:ea:61:7e:41:
                    a2:a0:68:2c:f9:c5:23:0f:23:06:8b:da:92:5d:51:
                    77:d1:08:76:58:2d:f3:7b:28:fc:d8:e1:fc:16:cf:
                    00:5f:a7:da:b6:b4:1e:5b:79:6d:38:30:9e:69:cb:
                    61:29:8a:a6:9a:27:ba:64:fa:b3:cc:00:9a:ed:e6:
                    5f:5e:1c:28:35:f9:59:89:2f:1f:be:47:30:64:b0:
                    a5:21:f3:ba:85:00:ba:5e:b0:1d:62:34:aa:fb:04:
                    7e:f4:fa:08:56:47:3c:17:54:ad:39:cb:f2:26:62:
                    5e:e2:28:fd:00:f9:f2:31:d0:66:50:e1:51:fc:1c:
                    67:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:6A:BC:A4:07:9D:2C:46:7B:59:A6:6D:77:39:0A:27:E5:F5:EB:12
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ffe18bf7-a5e2-44b6-acd5-238ea4718f20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:bf:21:ba:c6:0d:56:25:df:70:62:8a:fc:8d:48:b1:21:fe:
         54:45:f1:bf:c6:0a:bf:0c:cd:b4:a9:47:89:af:c4:ff:43:84:
         7a:22:9d:18:3e:9c:01:11:8e:1e:60:a2:62:ce:59:c7:c4:7c:
         38:8b:30:c0:02:0d:b2:49:08:d1:d3:80:45:ec:24:6a:bb:bf:
         94:84:56:68:d4:66:9f:5e:14:d2:ba:29:17:63:68:79:7e:a6:
         b5:45:82:21:55:6b:24:74:26:24:80:04:7d:83:69:88:09:9d:
         cd:60:60:8e:2b:16:d0:fa:9f:7d:a9:ae:cf:13:05:0d:a3:0c:
         ea:71:d5:eb:a1:78:04:d4:d4:9a:84:68:90:e2:9b:36:c4:12:
         fb:29:19:fa:c1:17:cd:8a:dc:4e:20:42:cd:35:36:31:41:b5:
         1c:ae:36:cf:84:35:f2:06:e3:16:84:76:04:ae:38:3e:4e:b6:
         a5:8a:a8:97:76:58:cd:1a:f0:73:07:47:58:2b:1b:ac:72:23:
         a3:9f:d2:ca:5b:ac:4f:32:3e:81:3d:ea:1c:d2:3c:4f:96:29:
         92:e0:24:3a:19:e6:60:b4:27:ae:1b:8d:bd:36:98:8b:42:1b:
         86:4c:82:17:34:fc:14:e7:fe:c0:bb:75:45:48:bd:27:7a:f0:
         fb:08:4c:0e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDDK9zN6UlJ5042Yi6VAaMJhWSZ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA5MDAwMDAwWhcNMjMxMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDljYWJiMjFmMDk2ODU5MjhiNjY1MDQxMTcyNWFhZDJk
Mjc0YTVmZWUxNTJiYjJhZDFkZDhhYTliOTUwZjMxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXICHKmaVAWmLkh8HoJbE4dWYDiMDXeg2VqDo7l2ZWj7Sh
ZsROdYFejMhVCyiq/lR6lqJv8zESa94LxTxwdaIx9ZZCFOVtCZGV7crJtqZmkiL6
clpHbIhrMGxmRPLMP7G/D5BLKqptq3YFeTjtX8hURbBPi4oIH6U15aicp1oSLCyH
6mF+QaKgaCz5xSMPIwaL2pJdUXfRCHZYLfN7KPzY4fwWzwBfp9q2tB5beW04MJ5p
y2EpiqaaJ7pk+rPMAJrt5l9eHCg1+VmJLx++RzBksKUh87qFALpesB1iNKr7BH70
+ghWRzwXVK05y/ImYl7iKP0A+fIx0GZQ4VH8HGenAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUC2q8pAedLEZ7WaZtdzkKJ+X16xIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZmZTE4YmY3LWE1ZTItNDRiNi1hY2Q1LTIzOGVhNDcxOGYyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHi/IbrGDVYl33BiivyNSLEh/lRF
8b/GCr8MzbSpR4mvxP9DhHoinRg+nAERjh5gomLOWcfEfDiLMMACDbJJCNHTgEXs
JGq7v5SEVmjUZp9eFNK6KRdjaHl+prVFgiFVayR0JiSABH2DaYgJnc1gYI4rFtD6
n32prs8TBQ2jDOpx1euheATU1JqEaJDimzbEEvspGfrBF82K3E4gQs01NjFBtRyu
Ns+ENfIG4xaEdgSuOD5OtqWKqJd2WM0a8HMHR1grG6xyI6Of0spbrE8yPoE96hzS
PE+WKZLgJDoZ5mC0J64bjb02mItCG4ZMghc0/BTn/sC7dUVIvSd68PsITA4=
-----END CERTIFICATE-----