Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/82ade042-4d92-43a2-8fca-5cb6f3804717.roa
File:                     82ade042-4d92-43a2-8fca-5cb6f3804717.roa (raw, json)
Hash identifier:          iQ5YNLko05mjJmK6QK301u9kIfL00CRoQy2AGTo+Co4=
Subject key identifier:   2D:89:6E:B5:D1:BE:18:E7:08:84:D8:57:72:3A:85:D0:F0:1F:1C:C0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5925AF6297D2CF991E1A7DBF9F05C1217462F650
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/82ade042-4d92-43a2-8fca-5cb6f3804717.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.5.232.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:25:af:62:97:d2:cf:99:1e:1a:7d:bf:9f:05:c1:21:74:62:f6:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f0:fb:38:7d:12:9a:fb:5e:ce:16:8e:2d:a2:
                    22:87:55:9f:cf:b0:f9:cc:a2:6b:d6:df:d0:2e:c1:
                    46:45:61:60:de:2f:63:0f:2b:bb:1d:f2:3a:23:d2:
                    b7:fb:60:d8:ce:12:28:49:8e:ad:d9:7f:4c:31:e8:
                    7b:51:02:0e:59:e4:20:23:6d:cf:1a:c4:d9:cf:38:
                    62:1d:f5:d3:02:0b:5c:50:33:72:31:5c:39:5c:93:
                    93:1a:07:0d:a3:9d:79:90:13:7e:cf:28:10:61:12:
                    0e:d9:58:b0:e0:42:ed:28:51:72:76:82:c4:24:37:
                    ac:20:64:1b:7b:82:90:79:e0:cf:aa:c7:05:85:da:
                    75:71:17:40:52:09:3a:91:8d:92:12:4f:b4:b2:62:
                    72:d5:6c:19:f9:ec:c1:6e:b8:8f:5a:ab:bb:fd:20:
                    6c:d6:45:0a:2b:f4:1a:ee:6c:06:0d:d8:87:f1:67:
                    a3:fc:19:f0:17:b5:6b:51:af:f8:1a:9b:e5:65:ed:
                    57:4a:71:29:0a:0e:b1:78:aa:00:97:93:3e:90:e5:
                    0c:14:bc:b4:89:e5:32:4d:8e:14:47:a9:20:17:67:
                    70:02:37:49:c9:28:3d:e6:b8:8c:1b:ef:1f:75:72:
                    5d:b5:b0:17:5b:90:2b:16:70:4e:1f:ac:e8:08:82:
                    96:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:89:6E:B5:D1:BE:18:E7:08:84:D8:57:72:3A:85:D0:F0:1F:1C:C0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/82ade042-4d92-43a2-8fca-5cb6f3804717.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.5.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:2c:3a:be:dc:2b:eb:a6:d4:29:02:33:b3:2a:17:da:be:93:
         d5:7f:6a:41:d2:3e:6b:71:62:38:90:25:78:b5:84:34:ea:fe:
         71:a1:fa:7a:24:55:e9:db:12:c4:b4:aa:2d:1f:83:b3:87:96:
         df:6c:aa:65:3f:f2:27:5d:c9:41:ed:a8:0f:a8:79:58:f2:db:
         65:ba:db:64:de:5c:d6:79:64:5b:69:f6:a2:21:c2:48:5a:d8:
         27:6b:5f:02:49:ad:88:aa:e5:b4:bc:91:47:ab:fa:c8:fc:01:
         4f:57:58:7f:51:29:6b:bd:ed:37:a6:38:39:26:4d:a2:ee:54:
         a2:3c:2b:d2:f0:af:4e:6b:3c:75:1a:7c:ac:17:5b:73:4d:48:
         27:b5:8b:80:b6:74:cd:84:6a:1a:9e:8e:ad:b5:c2:3f:b6:96:
         77:47:4a:f5:07:c8:5f:14:11:83:82:33:aa:6b:b5:6c:cc:ea:
         28:cb:21:60:77:7f:26:60:c6:3d:f5:76:04:a5:20:f8:9f:5d:
         fb:3b:bd:fe:03:44:67:80:e8:de:bd:bf:4e:3d:6d:04:c4:d2:
         c7:01:5a:fe:75:e5:2d:51:99:49:8c:d0:73:d5:00:c6:01:08:
         40:24:2e:8f:75:00:23:87:6e:37:68:11:2a:17:8f:4d:46:5c:
         9e:d5:c1:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWSWvYpfSz5keGn2/nwXBIXRi9lAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxOWVjMWQwYWU1YTAyOTRhZDdkMmE0NmZkN2E4ZWUzNDFm
M2EzMWRjY2Q2ZWQ0YzE4M2E0OTgwMzk4NDE1ZDc4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCR8Ps4fRKa+17OFo4toiKHVZ/PsPnMomvW39AuwUZFYWDe
L2MPK7sd8joj0rf7YNjOEihJjq3Zf0wx6HtRAg5Z5CAjbc8axNnPOGId9dMCC1xQ
M3IxXDlck5MaBw2jnXmQE37PKBBhEg7ZWLDgQu0oUXJ2gsQkN6wgZBt7gpB54M+q
xwWF2nVxF0BSCTqRjZIST7SyYnLVbBn57MFuuI9aq7v9IGzWRQor9BrubAYN2Ifx
Z6P8GfAXtWtRr/gam+Vl7VdKcSkKDrF4qgCXkz6Q5QwUvLSJ5TJNjhRHqSAXZ3AC
N0nJKD3muIwb7x91cl21sBdbkCsWcE4frOgIgpaHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULYlutdG+GOcIhNhXcjqF0PAfHMAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzgyYWRlMDQyLTRkOTItNDNhMi04ZmNhLTVjYjZmMzgwNDcxNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDBegwDQYJKoZIhvcNAQELBQADggEBAA4sOr7cK+um1CkCM7MqF9q+k9V/
akHSPmtxYjiQJXi1hDTq/nGh+nokVenbEsS0qi0fg7OHlt9sqmU/8iddyUHtqA+o
eVjy22W622TeXNZ5ZFtp9qIhwkha2CdrXwJJrYiq5bS8kUer+sj8AU9XWH9RKWu9
7TemODkmTaLuVKI8K9Lwr05rPHUafKwXW3NNSCe1i4C2dM2Eahqejq21wj+2lndH
SvUHyF8UEYOCM6prtWzM6ijLIWB3fyZgxj31dgSlIPifXfs7vf4DRGeA6N69v049
bQTE0scBWv515S1RmUmM0HPVAMYBCEAkLo91ACOHbjdoESoXj01GXJ7VwWk=
-----END CERTIFICATE-----