Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/04cfa462-48df-433d-86f1-73994c9b8fab.roa
File:                     04cfa462-48df-433d-86f1-73994c9b8fab.roa (raw, json)
Hash identifier:          2Cyo9wOAUIlXGlK5G0aPa0lGiZr4pQ81nAvumOqKjZU=
Subject key identifier:   F2:58:29:98:CE:0A:A1:16:8F:05:01:78:1D:3B:2A:7B:66:35:92:0F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2D1253CF28AEF788834F07B2AC3E83CDFADE3373
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/04cfa462-48df-433d-86f1-73994c9b8fab.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        161.188.132.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:12:53:cf:28:ae:f7:88:83:4f:07:b2:ac:3e:83:cd:fa:de:33:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:df:45:d4:ae:05:1e:66:fe:41:8c:0a:09:d2:
                    e9:82:6f:dc:07:72:3e:9d:cf:aa:68:aa:f0:73:d0:
                    d9:c6:7d:9d:66:d9:c1:e8:5d:81:f6:7c:7d:e8:e5:
                    4b:4f:bd:15:2c:e2:36:9a:79:0d:3d:63:4e:16:e2:
                    98:91:6a:ba:29:90:7f:d8:88:ef:3b:7b:2c:f2:61:
                    fc:d2:dc:62:42:b6:d3:76:b7:4b:a9:2d:d0:4b:8c:
                    1d:1c:27:92:23:eb:9f:2d:46:06:21:4e:84:39:09:
                    2a:0f:6c:73:80:f6:ff:c8:b8:e7:8a:4e:95:40:f3:
                    37:70:9d:9f:c5:63:01:54:a4:c1:ed:b1:9d:2f:69:
                    38:2f:cc:64:35:4c:60:66:0b:f5:a2:aa:6e:89:19:
                    70:9a:80:99:de:7f:50:0d:70:3c:fa:27:8f:5e:b1:
                    a3:51:ed:1e:b6:d1:ae:2f:8d:9b:d5:21:f4:87:a5:
                    68:c0:b6:38:69:51:9e:19:87:54:bc:f8:b2:2a:5b:
                    7a:5b:65:6a:a3:fa:00:11:93:34:e6:02:59:9a:c2:
                    d9:ba:bb:2b:47:47:37:05:01:90:a2:e2:b2:16:46:
                    cb:be:e4:a5:66:f2:7e:b2:b6:64:25:2a:6d:9a:bc:
                    0a:bf:06:17:8c:0a:71:4f:25:80:67:6c:27:81:e1:
                    2f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:58:29:98:CE:0A:A1:16:8F:05:01:78:1D:3B:2A:7B:66:35:92:0F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/04cfa462-48df-433d-86f1-73994c9b8fab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.188.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:44:b4:05:b5:81:f0:a9:4a:fb:ea:81:2b:d1:ef:fd:f9:0e:
         2f:18:9f:95:60:2c:2e:7a:84:37:af:ab:af:e8:e0:1a:e8:08:
         05:99:33:ac:26:ec:57:a5:cf:f4:df:97:70:df:a3:43:4e:e0:
         cc:4b:2b:6d:64:9a:59:f5:1c:6f:dc:c7:7a:ff:15:63:3e:40:
         6b:4c:4c:70:37:f1:b9:c2:0c:7d:b7:be:a2:26:09:83:fb:d8:
         40:6a:80:52:20:35:e5:6b:11:e2:2f:e4:3c:da:98:71:0a:39:
         94:3f:07:fe:7d:9a:f1:c7:fc:e5:70:f9:90:ce:70:8b:e6:8a:
         db:e7:c6:39:57:6c:5e:ad:20:d8:5c:96:34:21:30:96:a1:aa:
         63:75:0c:52:99:84:75:67:80:8c:8e:9b:97:e3:93:69:6e:3a:
         2e:10:7f:ec:ba:f4:cc:0e:5f:3e:d3:0e:b7:ee:bd:e9:a3:30:
         23:97:1b:a2:26:e0:83:4f:d8:c5:48:ce:d0:b9:27:c2:c7:9d:
         d4:2d:10:96:5b:55:71:12:1c:f1:36:3d:e2:5d:ba:bd:fc:de:
         d7:c3:d0:e6:b5:f0:3c:a4:94:6f:b8:7d:b6:73:6b:ce:fb:bf:
         22:57:01:97:88:24:05:10:a1:cf:7b:2a:95:80:48:74:b6:e7:
         61:bb:09:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULRJTzyiu94iDTweyrD6DzfreM3MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkODU0MDEwNmU1NWIyMDQ0MzZjMTk4M2ViYzRkY2EzYzhk
NmIxZmU2NDIwNGZjM2M5NGRlNTZlNzNjZjlmZjE3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCU30XUrgUeZv5BjAoJ0umCb9wHcj6dz6poqvBz0NnGfZ1m
2cHoXYH2fH3o5UtPvRUs4jaaeQ09Y04W4piRaropkH/YiO87eyzyYfzS3GJCttN2
t0upLdBLjB0cJ5Ij658tRgYhToQ5CSoPbHOA9v/IuOeKTpVA8zdwnZ/FYwFUpMHt
sZ0vaTgvzGQ1TGBmC/Wiqm6JGXCagJnef1ANcDz6J49esaNR7R620a4vjZvVIfSH
pWjAtjhpUZ4Zh1S8+LIqW3pbZWqj+gARkzTmAlmawtm6uytHRzcFAZCi4rIWRsu+
5KVm8n6ytmQlKm2avAq/BheMCnFPJYBnbCeB4S+RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8lgpmM4KoRaPBQF4HTsqe2Y1kg8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA0Y2ZhNDYyLTQ4ZGYtNDMzZC04NmYxLTczOTk0YzliOGZhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGhvIQwDQYJKoZIhvcNAQELBQADggEBAI1EtAW1gfCpSvvqgSvR7/35Di8Y
n5VgLC56hDevq6/o4BroCAWZM6wm7Felz/Tfl3Dfo0NO4MxLK21kmln1HG/cx3r/
FWM+QGtMTHA38bnCDH23vqImCYP72EBqgFIgNeVrEeIv5DzamHEKOZQ/B/59mvHH
/OVw+ZDOcIvmitvnxjlXbF6tINhcljQhMJahqmN1DFKZhHVngIyOm5fjk2luOi4Q
f+y69MwOXz7TDrfuvemjMCOXG6Im4INP2MVIztC5J8LHndQtEJZbVXESHPE2PeJd
ur383tfD0Oa18DyklG+4fbZza877vyJXAZeIJAUQoc97KpWASHS252G7Ca8=
-----END CERTIFICATE-----