Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/43cc2bdf-89a0-4694-992d-4cfedbd75d73.roa
File:                     43cc2bdf-89a0-4694-992d-4cfedbd75d73.roa (raw, json)
Hash identifier:          lD7XEtVFn1XgRn8XVfUsGh+w3AzAecihkC3XYqrEYbE=
Subject key identifier:   04:47:13:A2:F1:15:21:16:75:15:2B:68:B4:35:67:C7:2D:6F:48:A2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1BECFEC37183A453F867702241F46CDA102CB651
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/43cc2bdf-89a0-4694-992d-4cfedbd75d73.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.219.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:ec:fe:c3:71:83:a4:53:f8:67:70:22:41:f4:6c:da:10:2c:b6:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:92:09:f1:1f:17:a4:6b:8e:99:cd:08:ff:78:
                    81:c5:c4:1b:8c:17:e4:e2:9f:f6:64:aa:c6:16:bf:
                    b4:13:dd:c6:dc:59:4f:50:43:7f:5d:cb:5e:7a:f4:
                    b9:60:2d:87:78:a9:38:e7:6f:fd:e5:c8:71:7d:c4:
                    cb:f7:98:e2:a4:19:33:8f:d4:70:f6:a0:66:dd:e0:
                    de:84:b0:d1:d6:6c:66:9c:c6:5f:8b:ed:4c:5f:2f:
                    47:5c:10:5e:7e:74:d5:c2:d4:70:ed:97:19:6e:de:
                    7a:63:fb:af:a0:d1:9f:0f:ff:e4:f0:dd:e4:8f:54:
                    79:e5:77:b6:90:da:02:62:87:87:d0:30:5b:90:a5:
                    7f:1f:a2:e7:9d:41:d4:49:6a:b8:af:23:05:18:eb:
                    06:59:51:9c:89:41:db:27:c7:d4:a0:d1:17:70:51:
                    67:17:42:07:85:a6:52:2e:da:b3:73:6b:a9:71:1d:
                    12:b3:e8:cb:e1:9b:bd:96:26:67:43:67:d8:75:b1:
                    24:af:71:41:59:15:bc:3f:e3:11:ed:d7:48:6a:0c:
                    e1:33:72:30:05:a2:ef:15:4a:4f:e4:16:4f:d3:a5:
                    62:7a:29:7d:71:ff:0d:7d:f6:0a:9d:5b:df:69:d6:
                    f5:3a:1b:20:d0:a3:d1:8b:6c:d7:61:94:04:ed:d3:
                    16:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:47:13:A2:F1:15:21:16:75:15:2B:68:B4:35:67:C7:2D:6F:48:A2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/43cc2bdf-89a0-4694-992d-4cfedbd75d73.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:35:9f:30:80:d0:e9:39:0c:69:2a:6f:13:c0:89:19:fd:de:
         17:c3:9f:90:70:30:94:01:c2:d8:db:b6:4f:d6:6f:a2:bf:e6:
         2c:1e:b1:82:75:9e:e8:ed:18:3b:b4:19:ca:0e:de:9f:71:5e:
         84:fc:0d:00:c9:24:80:69:64:29:19:4a:03:01:a9:1f:ed:81:
         6d:13:b6:86:e6:b3:a9:99:9c:fb:e0:64:6c:20:41:c4:57:5d:
         ff:c7:b0:a6:af:0f:fe:23:6c:90:15:58:3c:ad:9c:eb:5d:1b:
         93:e1:d8:1d:98:34:62:cd:f9:b4:d3:77:67:f3:88:c3:75:74:
         91:e4:27:21:04:16:aa:a0:f5:7e:f2:2a:9b:b6:b5:92:18:3f:
         ee:8c:c8:a6:ce:d2:7a:0b:8a:f8:e1:e0:a2:25:ff:cd:1c:d8:
         11:ac:bc:51:50:b8:85:c3:3c:fe:92:28:c7:ca:91:4c:50:61:
         12:2b:76:c5:27:98:72:07:f7:cc:dc:21:9e:23:70:d2:65:6e:
         14:5a:2f:d2:25:46:1f:b8:43:72:5f:c1:a6:e6:4f:33:38:54:
         09:e7:2f:a8:1e:6a:7f:46:6e:79:a9:ed:36:74:a7:b0:99:19:
         88:ea:3a:dd:bd:a1:d6:d6:3b:5a:9f:e4:99:1f:f9:44:c2:8b:
         86:5b:fe:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG+z+w3GDpFP4Z3AiQfRs2hAstlEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTE5YThjODIyODJlNDJlYTBhNTUyMWI2YWI1YjlhMmUy
YzQyMTViMWRkOGQ1MDQyOTI0NmM1MTU5MTI3MDIyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZkgnxHxeka46ZzQj/eIHFxBuMF+Tin/ZkqsYWv7QT3cbc
WU9QQ39dy1569LlgLYd4qTjnb/3lyHF9xMv3mOKkGTOP1HD2oGbd4N6EsNHWbGac
xl+L7UxfL0dcEF5+dNXC1HDtlxlu3npj+6+g0Z8P/+Tw3eSPVHnld7aQ2gJih4fQ
MFuQpX8fouedQdRJarivIwUY6wZZUZyJQdsnx9Sg0RdwUWcXQgeFplIu2rNza6lx
HRKz6Mvhm72WJmdDZ9h1sSSvcUFZFbw/4xHt10hqDOEzcjAFou8VSk/kFk/TpWJ6
KX1x/w199gqdW99p1vU6GyDQo9GLbNdhlATt0xZdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBEcTovEVIRZ1FStotDVnxy1vSKIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQzY2MyYmRmLTg5YTAtNDY5NC05OTJkLTRjZmVkYmQ3NWQ3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3tswDQYJKoZIhvcNAQELBQADggEBAFg1nzCA0Ok5DGkqbxPAiRn93hfD
n5BwMJQBwtjbtk/Wb6K/5iwesYJ1nujtGDu0GcoO3p9xXoT8DQDJJIBpZCkZSgMB
qR/tgW0Ttobms6mZnPvgZGwgQcRXXf/HsKavD/4jbJAVWDytnOtdG5Ph2B2YNGLN
+bTTd2fziMN1dJHkJyEEFqqg9X7yKpu2tZIYP+6MyKbO0noLivjh4KIl/80c2BGs
vFFQuIXDPP6SKMfKkUxQYRIrdsUnmHIH98zcIZ4jcNJlbhRaL9IlRh+4Q3Jfwabm
TzM4VAnnL6gean9Gbnmp7TZ0p7CZGYjqOt29odbWO1qf5Jkf+UTCi4Zb/ns=
-----END CERTIFICATE-----