Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30a44d00-759b-4aad-b751-52b43899e516.roa
File:                     30a44d00-759b-4aad-b751-52b43899e516.roa (raw, json)
Hash identifier:          iGYNviH+j0oxV0ALKjW4CXTI+l6zqJULDQkZvOzkNJc=
Subject key identifier:   CE:64:0A:3A:6C:02:25:D0:71:83:A1:DF:17:A5:00:91:BB:17:08:21
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       042C64C71ABF5193DF659B32503411B8F9423B1A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30a44d00-759b-4aad-b751-52b43899e516.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        134.63.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:2c:64:c7:1a:bf:51:93:df:65:9b:32:50:34:11:b8:f9:42:3b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b3:85:70:bc:78:17:ef:a7:11:9d:2a:17:98:
                    67:b4:8e:78:55:25:8f:03:0e:48:dd:60:ab:07:90:
                    7d:47:e0:02:b6:65:82:93:96:d4:94:76:2d:c7:25:
                    0c:c9:c7:e6:50:b0:2e:c5:eb:bc:90:89:96:96:c6:
                    34:a5:88:e4:a3:2f:25:8e:34:8f:48:c0:90:60:f1:
                    8f:02:c5:32:9c:65:f6:83:39:1c:50:d3:c7:d7:88:
                    b8:d1:83:45:89:85:9d:1d:f1:78:e8:fa:86:f3:60:
                    e6:1d:af:fb:5e:d4:35:06:c9:80:31:d3:50:0d:b1:
                    31:dc:a6:39:99:8a:8c:62:9a:24:15:4d:7a:7a:86:
                    e6:31:4a:74:17:42:c4:56:52:3d:97:5d:58:46:9e:
                    59:2e:df:25:98:22:4a:04:6f:95:46:4f:9a:02:ac:
                    4e:11:20:5d:3f:d0:e7:51:8b:f1:65:c4:2e:a3:dd:
                    f5:27:95:0f:54:19:68:8c:ad:8e:96:01:ba:a0:16:
                    73:84:a9:dc:2f:51:90:e5:e5:1c:79:30:cc:ef:19:
                    c4:d5:90:3e:81:b8:d4:32:c6:bb:3b:89:83:fd:de:
                    a7:01:a5:3b:fd:4b:35:f5:97:ae:ec:71:f9:f8:ad:
                    57:af:f4:cd:79:a7:95:e9:19:c8:43:a6:58:5e:a4:
                    d4:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:64:0A:3A:6C:02:25:D0:71:83:A1:DF:17:A5:00:91:BB:17:08:21
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30a44d00-759b-4aad-b751-52b43899e516.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.63.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1b:f6:60:4a:5a:d9:91:48:6c:cf:72:b6:13:61:4e:30:27:95:
         2a:4d:17:01:0f:2d:de:74:33:e7:95:8e:12:1f:ca:1b:0c:ed:
         5a:98:41:1a:7c:7b:ce:29:02:85:be:59:2f:d6:d8:4b:38:26:
         70:79:0b:02:73:65:d1:4d:8a:f6:98:f8:f1:69:95:cb:f8:8e:
         62:bf:25:8e:2a:7a:bf:4f:7c:cd:aa:72:e6:a3:b4:25:29:85:
         89:d0:e9:f2:07:2b:bb:d3:2a:db:4a:bc:73:ae:00:75:2c:5b:
         ea:e6:8f:6c:22:81:78:27:e7:a1:bf:7e:74:fa:fc:db:48:fe:
         ab:ec:af:fc:e3:70:77:6e:b5:6d:cd:56:e2:22:94:cc:3e:7f:
         ee:17:16:0a:7c:14:fb:d2:9f:6d:38:0a:79:20:5f:61:61:f0:
         3a:94:eb:5d:a4:2c:21:41:f4:46:53:36:f8:4e:48:22:07:0a:
         cc:6f:c9:2f:f9:8e:f0:c0:05:b2:a4:60:45:0b:52:a8:14:47:
         c0:1a:3b:56:81:7d:75:07:a4:bf:93:0b:1e:0b:87:53:4b:2c:
         13:9f:b8:f1:e0:c2:18:1c:2d:d5:c0:15:3a:81:a8:46:1a:a4:
         f1:52:2d:54:fd:f1:72:81:b3:e0:d3:d0:2a:e3:89:a6:21:ec:
         75:c5:c3:72
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBCxkxxq/UZPfZZsyUDQRuPlCOxowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjdmYTAyMmQyZjFlZDc4MmIxYzdhMDVjNDk4NzQxNWE3
MjI5NjNmNTRiOTY0YzkzNTk4Nzk0MmJiMzBhMjViMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+s4VwvHgX76cRnSoXmGe0jnhVJY8DDkjdYKsHkH1H4AK2
ZYKTltSUdi3HJQzJx+ZQsC7F67yQiZaWxjSliOSjLyWONI9IwJBg8Y8CxTKcZfaD
ORxQ08fXiLjRg0WJhZ0d8Xjo+obzYOYdr/te1DUGyYAx01ANsTHcpjmZioximiQV
TXp6huYxSnQXQsRWUj2XXVhGnlku3yWYIkoEb5VGT5oCrE4RIF0/0OdRi/FlxC6j
3fUnlQ9UGWiMrY6WAbqgFnOEqdwvUZDl5Rx5MMzvGcTVkD6BuNQyxrs7iYP93qcB
pTv9SzX1l67scfn4rVev9M15p5XpGchDplhepNQxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUzmQKOmwCJdBxg6HfF6UAkbsXCCEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMwYTQ0ZDAwLTc1OWItNGFhZC1iNzUxLTUyYjQzODk5ZTUxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCGPzANBgkqhkiG9w0BAQsFAAOCAQEAG/ZgSlrZkUhsz3K2E2FOMCeVKk0X
AQ8t3nQz55WOEh/KGwztWphBGnx7zikChb5ZL9bYSzgmcHkLAnNl0U2K9pj48WmV
y/iOYr8ljip6v098zapy5qO0JSmFidDp8gcru9Mq20q8c64AdSxb6uaPbCKBeCfn
ob9+dPr820j+q+yv/ONwd261bc1W4iKUzD5/7hcWCnwU+9KfbTgKeSBfYWHwOpTr
XaQsIUH0RlM2+E5IIgcKzG/JL/mO8MAFsqRgRQtSqBRHwBo7VoF9dQekv5MLHguH
U0ssE5+48eDCGBwt1cAVOoGoRhqk8VItVP3xcoGz4NPQKuOJpiHsdcXDcg==
-----END CERTIFICATE-----