Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2eab7ab9-356d-42f4-a6bb-0248c19d8d5b.roa
File:                     2eab7ab9-356d-42f4-a6bb-0248c19d8d5b.roa (raw, json)
Hash identifier:          HsWFJxYux151kyzd1fkErZi5d9EXUwWS0s7hqqvPnRU=
Subject key identifier:   99:A0:65:EE:56:44:2E:B0:1F:0F:06:2D:A3:47:1E:A4:5D:7F:0C:C0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       20A8825B7F645F04DE136D4A0A10EC770A898DEF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2eab7ab9-356d-42f4-a6bb-0248c19d8d5b.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.250.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:a8:82:5b:7f:64:5f:04:de:13:6d:4a:0a:10:ec:77:0a:89:8d:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4d:63:61:6b:95:85:a9:dc:3e:dd:8a:e2:07:
                    aa:30:57:6f:eb:62:e2:81:28:6e:68:ca:36:b8:32:
                    aa:5d:48:54:bb:59:81:e0:5e:f1:a6:b9:8f:01:3e:
                    cc:28:4e:65:fd:78:57:37:5c:6f:c9:1c:e9:d2:c3:
                    c5:91:8a:fb:be:4d:a8:7c:76:f8:d2:76:30:a4:31:
                    b7:13:78:43:7b:4d:4a:da:47:23:10:4b:38:12:92:
                    11:80:f9:02:ff:d0:8b:29:83:be:5e:72:4f:8d:c4:
                    46:ee:e9:63:25:47:7c:d7:c3:ec:aa:ea:1c:1b:43:
                    ae:a5:90:33:0c:44:f7:38:87:39:e1:7b:f9:45:3d:
                    f8:8a:21:5c:a5:83:db:cf:7b:32:da:b5:68:0d:7f:
                    d4:8e:4f:17:f7:3f:bb:e3:cc:5b:f6:b5:4d:ff:b0:
                    26:ec:9d:8a:2b:03:a7:03:b4:c7:ee:2e:f4:9a:2a:
                    0b:01:50:69:98:28:6a:41:03:49:99:ca:17:9b:d3:
                    ae:5a:b8:73:a6:4b:44:32:6e:ab:12:d9:34:04:b5:
                    d3:59:74:1c:3d:04:f5:e6:a9:82:e7:7c:06:b7:f8:
                    30:7d:21:ab:cb:2d:b8:bb:90:46:d1:f1:76:34:13:
                    ca:42:d7:70:5f:b1:c0:33:1b:6a:9b:d7:fc:13:ef:
                    3b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:A0:65:EE:56:44:2E:B0:1F:0F:06:2D:A3:47:1E:A4:5D:7F:0C:C0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2eab7ab9-356d-42f4-a6bb-0248c19d8d5b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.250.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         43:5b:85:0f:c2:15:c1:53:f4:89:8e:46:8f:62:10:82:ef:52:
         75:48:73:1e:f1:34:53:25:c4:f0:ea:1f:73:4e:a4:2a:31:e3:
         6d:e7:e2:4e:de:1d:c8:34:5f:27:53:04:b0:53:32:d1:f3:dc:
         a3:45:2c:4b:04:c3:3b:84:15:5c:b1:3c:4b:4b:76:d3:c2:e8:
         25:a3:28:49:80:c8:48:74:04:84:d3:ae:78:f9:00:df:91:d2:
         72:81:7d:2b:15:70:e4:e4:45:72:19:4e:09:35:e2:43:b4:68:
         18:25:54:7e:5e:d1:88:66:b0:02:a7:4f:b2:58:b3:28:11:c2:
         d0:f8:11:aa:a2:0e:6d:77:90:19:5c:6d:ad:c1:52:a9:54:f6:
         1f:31:4b:93:ca:19:7d:01:15:be:72:23:1d:97:93:2c:4e:1b:
         f1:ed:3a:20:3b:e8:f1:d8:6d:76:21:7c:65:9e:f0:2f:fd:90:
         dc:d5:3b:e4:c1:ce:a3:19:04:b9:b7:e6:d6:11:7e:6a:87:ed:
         69:9f:37:c8:28:9f:af:6f:96:8a:10:b4:be:a6:4b:a7:d3:48:
         7a:b6:53:78:46:c0:d2:43:d6:a2:b8:e0:44:b6:09:1a:84:26:
         2a:8c:aa:fa:94:d2:86:44:d9:f4:c9:28:de:e8:aa:ed:00:a3:
         b7:83:19:1f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIKiCW39kXwTeE21KChDsdwqJje8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYzM3OGZiNzhmM2E1ZTBiOTZhYmY2ZGMxN2YzMWEyMWYy
ZWVmM2JjNWM2MzE0NTIwZTVhNGM2OTQ3MThhZTNkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1TWNha5WFqdw+3YriB6owV2/rYuKBKG5oyja4MqpdSFS7
WYHgXvGmuY8BPswoTmX9eFc3XG/JHOnSw8WRivu+Tah8dvjSdjCkMbcTeEN7TUra
RyMQSzgSkhGA+QL/0Ispg75eck+NxEbu6WMlR3zXw+yq6hwbQ66lkDMMRPc4hznh
e/lFPfiKIVylg9vPezLatWgNf9SOTxf3P7vjzFv2tU3/sCbsnYorA6cDtMfuLvSa
KgsBUGmYKGpBA0mZyheb065auHOmS0QybqsS2TQEtdNZdBw9BPXmqYLnfAa3+DB9
IavLLbi7kEbR8XY0E8pC13BfscAzG2qb1/wT7zsdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUmaBl7lZELrAfDwYto0cepF1/DMAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJlYWI3YWI5LTM1NmQtNDJmNC1hNmJiLTAyNDhjMTlkOGQ1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP+jANBgkqhkiG9w0BAQsFAAOCAQEAQ1uFD8IVwVP0iY5Gj2IQgu9SdUhz
HvE0UyXE8Oofc06kKjHjbefiTt4dyDRfJ1MEsFMy0fPco0UsSwTDO4QVXLE8S0t2
08LoJaMoSYDISHQEhNOuePkA35HScoF9KxVw5ORFchlOCTXiQ7RoGCVUfl7RiGaw
AqdPslizKBHC0PgRqqIObXeQGVxtrcFSqVT2HzFLk8oZfQEVvnIjHZeTLE4b8e06
IDvo8dhtdiF8ZZ7wL/2Q3NU75MHOoxkEubfm1hF+aoftaZ83yCifr2+WihC0vqZL
p9NIerZTeEbA0kPWorjgRLYJGoQmKoyq+pTShkTZ9Mko3uiq7QCjt4MZHw==
-----END CERTIFICATE-----