Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3cd75f71-1508-4906-8d90-1f913fc41d2d.roa
File:                     3cd75f71-1508-4906-8d90-1f913fc41d2d.roa (raw, json)
Hash identifier:          nTY2okb8pCTydKMe1yqsNdtqgy2lZY9o2NCBVEmKMZ0=
Subject key identifier:   8D:E5:08:5B:50:C7:BC:D6:C2:EE:84:CC:5D:8A:E6:A4:CE:01:A5:D5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7CC108009EDB9E85B43E4D7460C89C080A5FE311
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3cd75f71-1508-4906-8d90-1f913fc41d2d.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        13.228.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:c1:08:00:9e:db:9e:85:b4:3e:4d:74:60:c8:9c:08:0a:5f:e3:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:44:5f:3d:43:84:f2:1f:1a:cf:55:7b:0b:ae:
                    8a:a1:f3:43:ed:89:72:37:d7:f8:5f:a8:f7:db:e5:
                    ee:e3:4c:ed:26:b8:5d:1a:91:aa:09:73:e9:9e:80:
                    92:fd:6d:4d:f0:8a:3e:7a:96:d4:09:49:87:00:04:
                    97:4d:38:63:ba:e2:df:de:93:5b:76:6d:ec:bc:ad:
                    9a:1c:14:34:8a:14:95:f2:ac:f8:da:d3:b0:d1:d2:
                    2a:df:02:ec:5e:db:f0:e5:97:ae:ad:2a:db:81:99:
                    a6:c6:d8:d1:c9:02:f2:7d:e5:fb:5e:34:b0:dc:47:
                    3a:0b:1e:44:3b:da:91:67:d0:1d:25:97:29:b3:df:
                    9c:e8:45:22:50:66:03:04:14:e9:ef:bd:ab:88:c8:
                    52:d1:a3:8e:80:d1:f2:8a:68:6e:1f:50:c2:0e:a8:
                    7e:34:c4:ac:2a:9b:9d:48:07:b0:18:e5:e8:fe:3f:
                    82:1b:3a:3c:f2:7d:9f:0a:7c:0c:e9:5b:da:5a:bb:
                    5e:44:11:56:30:1a:08:fd:7b:6b:b5:ee:32:f6:75:
                    f1:cd:ed:da:7e:ad:a7:1d:4e:98:dd:97:f6:25:48:
                    26:33:b6:b8:0f:c7:46:d8:69:46:d1:f3:ad:ca:5f:
                    44:c2:96:9e:01:e1:ee:b9:e6:63:5b:77:19:f8:d4:
                    76:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E5:08:5B:50:C7:BC:D6:C2:EE:84:CC:5D:8A:E6:A4:CE:01:A5:D5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3cd75f71-1508-4906-8d90-1f913fc41d2d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.228.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         1b:b4:71:92:5e:52:71:08:82:2f:88:36:2c:84:98:36:25:2c:
         7c:b0:fb:e7:c5:a8:15:ca:38:06:54:ca:d5:7a:ae:7e:b6:b2:
         91:21:5d:65:df:9e:27:d0:ca:8b:1b:c3:3c:6b:c0:c9:72:c1:
         99:3f:94:4b:4e:c9:5f:c1:e7:00:50:29:2d:98:95:0b:8a:04:
         33:ba:70:06:7e:28:e9:3b:f4:2a:ce:f1:f8:97:9c:67:02:93:
         6b:da:66:ce:e6:78:66:02:c7:62:d2:b9:26:be:77:b7:16:5b:
         8e:cc:af:af:8d:eb:11:ad:7f:f3:32:e8:35:ad:e9:8f:2c:d9:
         18:32:90:34:40:d4:8f:81:19:e7:7a:ef:26:ca:07:46:b9:6a:
         8f:6d:0d:d7:72:7d:e3:c2:8b:75:e8:e9:ec:f9:2b:b4:a6:db:
         b6:b4:45:a1:23:d0:5d:71:ab:6a:d8:e8:a3:3f:2f:79:43:98:
         7b:78:9c:3f:4d:bb:ed:cf:52:f3:57:fa:7b:8d:c9:5a:80:5d:
         23:c9:b6:02:fa:8a:b8:82:6c:34:b6:90:37:ef:64:95:4b:5b:
         99:10:c4:37:ec:d3:1d:d7:09:82:4b:09:aa:dc:7c:e2:87:dc:
         76:61:31:a0:71:c2:65:7b:04:8a:e3:d8:3a:3c:3b:59:e6:5c:
         02:bf:db:06
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfMEIAJ7bnoW0Pk10YMicCApf4xEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkOTE5YWRkODZiODg1MDkzZDMwZTZjZWY0NDU1YWNlMzEz
MTc0YzEwZjExZTgzOGIyYWUwY2IxNDdjZDllOTljMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYRF89Q4TyHxrPVXsLroqh80PtiXI31/hfqPfb5e7jTO0m
uF0akaoJc+megJL9bU3wij56ltQJSYcABJdNOGO64t/ek1t2bey8rZocFDSKFJXy
rPja07DR0irfAuxe2/Dll66tKtuBmabG2NHJAvJ95fteNLDcRzoLHkQ72pFn0B0l
lymz35zoRSJQZgMEFOnvvauIyFLRo46A0fKKaG4fUMIOqH40xKwqm51IB7AY5ej+
P4IbOjzyfZ8KfAzpW9pau15EEVYwGgj9e2u17jL2dfHN7dp+racdTpjdl/YlSCYz
trgPx0bYaUbR863KX0TClp4B4e655mNbdxn41HY/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjeUIW1DHvNbC7oTMXYrmpM4BpdUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNjZDc1ZjcxLTE1MDgtNDkwNi04ZDkwLTFmOTEzZmM0MWQyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIN5DANBgkqhkiG9w0BAQsFAAOCAQEAG7Rxkl5ScQiCL4g2LISYNiUsfLD7
58WoFco4BlTK1XqufraykSFdZd+eJ9DKixvDPGvAyXLBmT+US07JX8HnAFApLZiV
C4oEM7pwBn4o6Tv0Ks7x+JecZwKTa9pmzuZ4ZgLHYtK5Jr53txZbjsyvr43rEa1/
8zLoNa3pjyzZGDKQNEDUj4EZ53rvJsoHRrlqj20N13J948KLdejp7PkrtKbbtrRF
oSPQXXGratjooz8veUOYe3icP0277c9S81f6e43JWoBdI8m2AvqKuIJsNLaQN+9k
lUtbmRDEN+zTHdcJgksJqtx84ofcdmExoHHCZXsEiuPYOjw7WeZcAr/bBg==
-----END CERTIFICATE-----