Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1bb2a023-c71a-45f8-a13f-d979af1c7d93.roa
File:                     1bb2a023-c71a-45f8-a13f-d979af1c7d93.roa (raw, json)
Hash identifier:          7zyAM17iLENz1VYHLxrx35PK+Nf158JjloKrOawox4Q=
Subject key identifier:   B7:F1:13:05:B1:23:A1:A7:42:EC:5F:63:26:8C:65:38:05:BF:C5:46
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1D91B3901348C01DBCC06B53CA1CC2DB2A47CD1A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1bb2a023-c71a-45f8-a13f-d979af1c7d93.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.232.0.0/13 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:91:b3:90:13:48:c0:1d:bc:c0:6b:53:ca:1c:c2:db:2a:47:cd:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:27:eb:fb:61:1e:40:b4:63:e4:e3:63:5c:b4:
                    5a:60:88:30:78:aa:5f:9e:ea:f6:7b:1a:26:fc:a9:
                    d0:c1:29:b7:36:9e:be:f5:11:77:ee:b2:7f:f8:df:
                    f7:ad:0f:6d:c3:a6:83:1f:e7:f5:22:5a:a1:60:0a:
                    33:d0:37:3d:a9:c5:0b:b0:f8:45:d4:33:b5:7c:4c:
                    18:67:fc:9c:14:51:55:d9:23:44:05:2f:58:6e:59:
                    43:c9:39:3a:df:20:9d:3a:f4:0d:a2:d3:ba:66:cf:
                    55:44:4a:35:ea:66:af:a3:6b:7f:ff:06:83:17:5c:
                    35:8e:55:b1:26:43:08:df:34:8f:f6:7e:41:42:21:
                    bb:7d:9d:79:c3:68:0a:85:47:0b:22:85:a0:ff:c9:
                    ba:1a:14:92:ac:17:02:7a:bc:b9:62:96:a4:dc:cf:
                    1b:c0:21:03:7d:46:57:4f:1b:2b:0f:35:0b:01:8f:
                    c8:62:e0:1a:88:db:eb:91:12:ef:4a:d5:54:d8:3c:
                    3b:67:cc:a2:16:a5:76:f0:f3:0e:23:a7:ca:af:60:
                    cb:3b:02:ac:5b:e2:8f:18:c2:47:87:f5:7f:e0:ee:
                    38:96:04:44:5a:48:e1:8a:60:7f:e5:84:60:be:22:
                    b6:1a:7c:a8:2d:57:28:8c:eb:27:50:fc:a2:52:74:
                    32:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:F1:13:05:B1:23:A1:A7:42:EC:5F:63:26:8C:65:38:05:BF:C5:46
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1bb2a023-c71a-45f8-a13f-d979af1c7d93.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.232.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         1b:60:97:18:f3:d0:26:62:ee:3d:98:55:de:ba:e2:bd:56:f8:
         48:3b:52:7e:1b:07:8b:23:3d:46:0d:ab:77:a5:01:fb:75:b7:
         dc:b3:93:08:ea:43:d7:23:99:fe:12:04:86:7f:80:50:65:e4:
         09:dc:2d:79:eb:7a:88:bd:bd:49:28:f8:f6:1f:98:c0:23:b3:
         c9:29:cb:c5:e9:d0:f9:15:ee:8a:f0:83:60:22:b5:ed:19:c9:
         56:f6:0c:7c:4a:82:b8:13:fa:e0:8e:a4:57:71:ad:e7:b0:21:
         1b:79:b8:64:e9:3f:4a:4a:38:24:73:9d:83:ac:62:4b:a1:38:
         85:45:c3:5c:48:cf:1a:c7:6f:c5:f0:58:26:ba:c4:2a:6c:00:
         e8:fd:b3:12:3f:5e:69:7c:3a:9f:5a:67:ee:18:39:03:35:c8:
         b9:ce:c4:83:e2:4d:87:5b:4f:71:16:9d:f1:c6:8b:15:7d:8b:
         90:00:87:b1:5d:e3:c3:b0:27:64:5a:3d:8c:a9:ca:45:0e:30:
         4d:2b:7d:6f:ae:c9:ec:ca:93:b7:4c:b5:a1:d9:bd:58:28:ec:
         30:03:d2:c8:5b:89:92:d2:a3:19:82:d5:73:4d:58:01:35:0a:
         21:33:55:bf:82:22:11:d2:b6:f7:b8:51:5b:25:23:7b:cc:60:
         4b:1d:d5:00
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHZGzkBNIwB28wGtTyhzC2ypHzRowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTA1NjQ5MDNjMzUwYmQyNGE5ZTQxYmVmZDliNDQ2MmI2
YjAxMThiNjBmMzExYjYyNGMyNmEzMDY4OTQwNTVmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfJ+v7YR5AtGPk42NctFpgiDB4ql+e6vZ7Gib8qdDBKbc2
nr71EXfusn/43/etD23DpoMf5/UiWqFgCjPQNz2pxQuw+EXUM7V8TBhn/JwUUVXZ
I0QFL1huWUPJOTrfIJ069A2i07pmz1VESjXqZq+ja3//BoMXXDWOVbEmQwjfNI/2
fkFCIbt9nXnDaAqFRwsihaD/yboaFJKsFwJ6vLlilqTczxvAIQN9RldPGysPNQsB
j8hi4BqI2+uREu9K1VTYPDtnzKIWpXbw8w4jp8qvYMs7Aqxb4o8YwkeH9X/g7jiW
BERaSOGKYH/lhGC+IrYafKgtVyiM6ydQ/KJSdDLzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUt/ETBbEjoadC7F9jJoxlOAW/xUYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFiYjJhMDIzLWM3MWEtNDVmOC1hMTNmLWQ5NzlhZjFjN2Q5My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwMN6DANBgkqhkiG9w0BAQsFAAOCAQEAG2CXGPPQJmLuPZhV3rrivVb4SDtS
fhsHiyM9Rg2rd6UB+3W33LOTCOpD1yOZ/hIEhn+AUGXkCdwteet6iL29SSj49h+Y
wCOzySnLxenQ+RXuivCDYCK17RnJVvYMfEqCuBP64I6kV3Gt57AhG3m4ZOk/Sko4
JHOdg6xiS6E4hUXDXEjPGsdvxfBYJrrEKmwA6P2zEj9eaXw6n1pn7hg5AzXIuc7E
g+JNh1tPcRad8caLFX2LkACHsV3jw7AnZFo9jKnKRQ4wTSt9b67J7MqTt0y1odm9
WCjsMAPSyFuJktKjGYLVc01YATUKITNVv4IiEdK297hRWyUje8xgSx3VAA==
-----END CERTIFICATE-----