Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0273e18a-79b6-4403-9312-d79d2131f061.roa
File:                     0273e18a-79b6-4403-9312-d79d2131f061.roa (raw, json)
Hash identifier:          HLT+KCyjCuwnZVo5MUel0i+esDs+9s9gIl/rYhyK8xE=
Subject key identifier:   41:FA:41:B1:B8:BB:B0:A7:6F:2B:5D:41:16:BE:C7:4A:D1:FE:6F:4A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       75E1E9883E6AFF658F6348E54F34F61A96F9FF9B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0273e18a-79b6-4403-9312-d79d2131f061.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.197.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:e1:e9:88:3e:6a:ff:65:8f:63:48:e5:4f:34:f6:1a:96:f9:ff:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a9:ef:b3:c2:a5:97:67:6f:6c:29:7c:b9:27:
                    ec:f1:60:45:9e:0e:f0:6a:c3:86:fd:b1:2e:06:99:
                    69:0f:60:d3:d6:cf:5e:e0:1c:5d:38:87:fa:61:dd:
                    b9:5a:99:17:1a:aa:04:40:d7:0f:6d:30:0d:bf:27:
                    e7:40:6b:bf:7d:21:83:1c:31:7e:38:4f:16:0f:c0:
                    8d:94:f9:08:48:f3:25:04:6a:dc:78:b9:ab:6d:37:
                    f1:12:10:86:dd:ed:63:b8:08:a5:22:ee:c6:85:57:
                    44:d1:b1:9b:61:13:3f:11:7d:04:62:ef:d2:e9:f5:
                    e2:11:0f:dc:e3:5b:70:af:13:8f:1b:7e:37:6b:a4:
                    30:dc:ed:aa:68:13:94:66:db:72:a0:de:e3:cd:57:
                    93:62:3b:88:df:66:44:9f:36:23:3d:87:f4:93:ac:
                    15:af:b5:dc:9b:a1:58:24:6d:1e:35:c3:19:64:22:
                    5a:c2:7e:1a:71:57:3d:82:35:d7:2d:78:1f:bd:77:
                    0a:71:6b:15:61:b9:af:a2:4a:ec:d6:39:9a:eb:d9:
                    5c:6e:33:d5:e6:e5:c4:07:20:a6:aa:6c:9a:70:8d:
                    57:7b:90:06:6e:19:3e:e2:34:5d:30:13:b2:d9:21:
                    18:99:00:b6:0e:b9:f6:00:32:42:ec:8e:4a:69:9f:
                    f8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:FA:41:B1:B8:BB:B0:A7:6F:2B:5D:41:16:BE:C7:4A:D1:FE:6F:4A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0273e18a-79b6-4403-9312-d79d2131f061.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.197.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         87:53:1d:75:07:d2:04:3b:ce:4d:11:1e:16:dd:21:42:f8:7e:
         fd:7a:ac:a2:ca:1e:d6:cd:b2:d3:94:4d:ce:c7:63:b5:6c:8f:
         54:21:e1:3b:b1:02:70:94:d2:8f:4c:54:d4:07:53:b1:23:c3:
         10:bc:5d:56:9b:b5:7d:0c:2c:fe:0b:1f:b8:43:e4:e0:ed:c9:
         1d:cc:f4:16:2c:3e:f2:cd:56:0a:27:5e:e6:95:df:22:c8:eb:
         48:d8:d0:19:3b:fd:ba:6e:c0:59:26:27:31:c0:b4:b1:6b:9c:
         1f:65:59:98:0c:37:22:15:c0:50:0d:6e:ef:f3:7a:07:d2:95:
         94:c3:2a:3e:f0:d3:db:1b:d8:0d:f1:7c:22:c3:2c:f7:f4:8c:
         e1:fb:6b:dd:82:24:96:dc:df:51:16:bb:99:5f:55:00:e6:a6:
         4b:10:4d:2e:df:40:84:0c:f6:99:00:74:20:53:c3:63:c9:89:
         1b:c5:8c:14:fa:4b:05:1e:6b:0b:4f:11:44:77:1e:cf:b1:c6:
         09:f8:67:32:71:69:e0:c1:77:60:fc:5e:a5:cc:b7:cf:52:85:
         35:bf:5d:4b:0c:29:73:19:a2:d0:06:34:76:0d:d0:ad:80:8c:
         ce:09:68:09:4c:67:27:9b:93:e5:84:7e:b1:eb:62:bb:f2:de:
         9c:44:34:f1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdeHpiD5q/2WPY0jlTzT2Gpb5/5swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZjEwZDk3OGQ1YmY5ZDcwOGJhNjk1ZDBhNDc5NGRjNjhl
ZWY5M2NjODFiNmI1YWRiNzM1NWI3YjRhODY5ZGRiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClqe+zwqWXZ29sKXy5J+zxYEWeDvBqw4b9sS4GmWkPYNPW
z17gHF04h/ph3blamRcaqgRA1w9tMA2/J+dAa799IYMcMX44TxYPwI2U+QhI8yUE
atx4uattN/ESEIbd7WO4CKUi7saFV0TRsZthEz8RfQRi79Lp9eIRD9zjW3CvE48b
fjdrpDDc7apoE5Rm23Kg3uPNV5NiO4jfZkSfNiM9h/STrBWvtdyboVgkbR41wxlk
IlrCfhpxVz2CNdcteB+9dwpxaxVhua+iSuzWOZrr2VxuM9Xm5cQHIKaqbJpwjVd7
kAZuGT7iNF0wE7LZIRiZALYOufYAMkLsjkppn/h5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQfpBsbi7sKdvK11BFr7HStH+b0owHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAyNzNlMThhLTc5YjYtNDQwMy05MzEyLWQ3OWQyMTMxZjA2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcPxYAwDQYJKoZIhvcNAQELBQADggEBAIdTHXUH0gQ7zk0RHhbdIUL4fv16
rKLKHtbNstOUTc7HY7Vsj1Qh4TuxAnCU0o9MVNQHU7EjwxC8XVabtX0MLP4LH7hD
5ODtyR3M9BYsPvLNVgonXuaV3yLI60jY0Bk7/bpuwFkmJzHAtLFrnB9lWZgMNyIV
wFANbu/zegfSlZTDKj7w09sb2A3xfCLDLPf0jOH7a92CJJbc31EWu5lfVQDmpksQ
TS7fQIQM9pkAdCBTw2PJiRvFjBT6SwUeawtPEUR3Hs+xxgn4ZzJxaeDBd2D8XqXM
t89ShTW/XUsMKXMZotAGNHYN0K2AjM4JaAlMZyebk+WEfrHrYrvy3pxENPE=
-----END CERTIFICATE-----