Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/663eae09-4efb-43ab-97ba-410ba737b007.roa
File:                     663eae09-4efb-43ab-97ba-410ba737b007.roa (raw, json)
Hash identifier:          iPEVUyESN5KUS39e/MvWVNhzi9BStrjtuFpCb9qfZus=
Subject key identifier:   7E:A6:7B:F1:24:6A:E2:5C:67:5C:26:3C:98:CD:2C:87:FB:85:27:45
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7DB50349771509612458304A61857F7E086BDD3C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/663eae09-4efb-43ab-97ba-410ba737b007.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        18.176.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:b5:03:49:77:15:09:61:24:58:30:4a:61:85:7f:7e:08:6b:dd:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c8:44:b7:6e:7a:4e:9e:e9:ec:89:0f:a2:0d:
                    87:d3:e3:04:60:d4:3d:57:4d:bf:61:7e:5b:8a:ab:
                    b8:d0:6c:2b:8d:c0:be:04:99:25:6e:b2:34:ad:e8:
                    b5:aa:72:fd:3f:bc:05:f1:1a:2a:2c:a5:b0:d9:15:
                    b3:dc:65:a6:e2:6c:7e:c5:15:fe:ab:ff:f9:64:2e:
                    35:a3:c6:1a:8f:71:98:c0:22:d9:91:d6:7b:f8:89:
                    9b:8d:46:f1:88:24:c5:5a:16:ec:22:87:c9:f4:74:
                    77:bd:8a:8f:17:73:97:64:5f:15:7d:7f:33:02:27:
                    bd:c2:35:1e:a9:51:7e:2c:c1:15:51:35:78:10:5f:
                    a0:3d:ac:73:9f:66:10:c7:cb:c4:48:95:4b:38:2b:
                    95:3e:77:70:a8:53:8e:af:70:4b:a9:0d:f8:df:fd:
                    c2:d1:4b:41:ed:e0:76:8e:9d:3e:f7:b1:6c:4a:c2:
                    06:c1:8b:5a:f3:1c:7d:2f:92:2a:76:2a:8a:cf:09:
                    03:65:01:65:38:36:97:3e:7f:e6:bb:8c:04:bf:75:
                    5e:59:72:74:b0:40:cc:69:69:bd:5e:33:f6:27:29:
                    3c:0a:37:d4:aa:a7:d2:25:df:47:79:27:9e:7e:01:
                    83:ea:10:11:27:5f:9d:40:63:a1:81:3e:12:cc:c4:
                    30:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:A6:7B:F1:24:6A:E2:5C:67:5C:26:3C:98:CD:2C:87:FB:85:27:45
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/663eae09-4efb-43ab-97ba-410ba737b007.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.176.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         82:92:a3:f3:4d:ac:55:22:55:a4:a7:74:29:3a:0a:8e:1b:43:
         7a:38:a7:3b:1b:b5:89:10:bd:d7:b0:f0:fd:b4:32:03:91:bf:
         d3:ad:c7:43:6f:64:7f:30:8a:5e:0a:7b:1d:cf:aa:b4:ea:8f:
         c5:8b:26:eb:58:fe:16:98:66:f5:80:48:f5:41:12:40:87:a6:
         2c:a2:ca:a6:9f:01:57:1a:03:7b:cc:ea:86:72:6f:11:82:99:
         91:53:bd:bc:70:c7:b8:4f:4f:72:3e:59:3e:b5:1a:f0:eb:17:
         a1:0b:ee:02:68:56:a5:25:e9:b1:48:d8:85:2d:f1:0d:7c:9a:
         7f:9e:85:17:49:11:f2:96:56:28:87:99:a1:a7:a9:3a:8f:3c:
         e5:ce:b0:fe:95:8f:c6:5f:e1:68:87:4e:48:43:64:f9:1c:4d:
         e1:aa:de:38:4f:57:30:46:43:9e:8e:2a:84:f8:cc:3a:aa:a9:
         a4:a9:98:a5:e4:55:a2:d4:7b:bd:4f:39:ec:55:76:0e:55:6d:
         1b:42:ca:6a:df:ec:d1:48:dd:6d:33:95:ed:6b:b9:a9:96:de:
         0f:cb:4f:80:43:11:af:5d:32:ed:86:53:6d:84:52:b5:01:7b:
         8f:67:5f:14:8d:1b:b0:a7:8a:b2:36:a7:7d:94:6a:de:8a:fb:
         f0:69:6d:40
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfbUDSXcVCWEkWDBKYYV/fghr3TwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEzMDAwMDAwWhcNMjUwMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYTcxM2EwZGFhYmUyMDJkZWM5ZTQwOTQ1MmYyYTk5MDQx
YTdiZWMyMTQwOGYxNTQ5YmYzNjA3OGFlZmNlNGQ3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyyES3bnpOnunsiQ+iDYfT4wRg1D1XTb9hfluKq7jQbCuN
wL4EmSVusjSt6LWqcv0/vAXxGiospbDZFbPcZabibH7FFf6r//lkLjWjxhqPcZjA
ItmR1nv4iZuNRvGIJMVaFuwih8n0dHe9io8Xc5dkXxV9fzMCJ73CNR6pUX4swRVR
NXgQX6A9rHOfZhDHy8RIlUs4K5U+d3CoU46vcEupDfjf/cLRS0Ht4HaOnT73sWxK
wgbBi1rzHH0vkip2KorPCQNlAWU4Npc+f+a7jAS/dV5ZcnSwQMxpab1eM/YnKTwK
N9Sqp9Il30d5J55+AYPqEBEnX51AY6GBPhLMxDDBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUfqZ78SRq4lxnXCY8mM0sh/uFJ0UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY2M2VhZTA5LTRlZmItNDNhYi05N2JhLTQxMGJhNzM3YjAwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESsDANBgkqhkiG9w0BAQsFAAOCAQEAgpKj802sVSJVpKd0KToKjhtDejin
Oxu1iRC917Dw/bQyA5G/063HQ29kfzCKXgp7Hc+qtOqPxYsm61j+Fphm9YBI9UES
QIemLKLKpp8BVxoDe8zqhnJvEYKZkVO9vHDHuE9Pcj5ZPrUa8OsXoQvuAmhWpSXp
sUjYhS3xDXyaf56FF0kR8pZWKIeZoaepOo885c6w/pWPxl/haIdOSENk+RxN4are
OE9XMEZDno4qhPjMOqqppKmYpeRVotR7vU857FV2DlVtG0LKat/s0UjdbTOV7Wu5
qZbeD8tPgEMRr10y7YZTbYRStQF7j2dfFI0bsKeKsjanfZRq3or78GltQA==
-----END CERTIFICATE-----