Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/85055926-df0f-4b1b-9cb3-d35cad823773.roa
File:                     85055926-df0f-4b1b-9cb3-d35cad823773.roa (raw, json)
Hash identifier:          uDJ6AjlwquJe40Y6LaQu35OC5JecWYgOwJiPkWKBx1o=
Subject key identifier:   95:1C:2A:09:79:03:C3:A5:AE:C6:48:FA:E6:B8:93:7C:D1:79:C1:F9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       538483F16523D47ACDC5F2050C8E5CCAEC79F017
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/85055926-df0f-4b1b-9cb3-d35cad823773.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.220.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:84:83:f1:65:23:d4:7a:cd:c5:f2:05:0c:8e:5c:ca:ec:79:f0:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:61:70:3e:6f:df:21:49:49:9c:aa:a7:31:50:
                    97:b5:d7:a2:95:55:a1:e7:4a:a5:24:f4:0d:d7:34:
                    cd:13:d6:9e:a6:2c:b6:0d:00:75:56:31:be:a6:41:
                    67:99:96:e2:72:01:83:1c:c7:41:01:d7:9f:83:83:
                    26:e1:d4:21:25:bb:85:3d:fd:e9:c2:a7:fc:30:94:
                    ff:c2:50:04:ea:e8:47:29:9d:6a:b6:81:49:c1:61:
                    6e:da:3d:be:aa:34:96:78:96:b1:cb:30:ec:14:aa:
                    40:1b:22:a8:68:f5:89:1f:3f:a7:35:23:47:f0:02:
                    c5:cc:fe:0e:78:ab:1a:0f:45:4b:a1:51:4d:10:5b:
                    73:c8:25:8e:1f:f8:f5:3d:5e:2a:28:8c:7b:b7:63:
                    3e:49:d4:39:72:bb:5c:84:78:c7:bd:6a:af:7f:a9:
                    d1:9d:d1:21:8f:57:20:f4:94:87:4d:53:05:eb:49:
                    b9:9a:50:47:dd:da:ae:1c:56:21:ba:c4:68:6c:a9:
                    aa:f6:ce:33:9c:d5:e0:89:c7:dd:e4:75:5a:55:ce:
                    51:b3:b5:69:5e:a8:d7:f2:5c:d3:98:d2:8a:c0:4f:
                    92:ee:2b:11:96:7d:7f:a4:86:be:7e:6c:90:5d:24:
                    ca:bc:5b:86:86:3f:a7:40:22:c7:ea:e7:1f:60:1b:
                    13:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:1C:2A:09:79:03:C3:A5:AE:C6:48:FA:E6:B8:93:7C:D1:79:C1:F9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/85055926-df0f-4b1b-9cb3-d35cad823773.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:10:c8:72:8b:73:8d:cf:7c:0e:6d:73:e9:9f:c1:a0:db:20:
         33:ad:df:20:85:38:8a:fb:0a:2b:36:16:7a:54:5a:b9:19:e1:
         eb:6a:6b:71:8d:26:30:df:26:3b:12:16:44:ee:15:0e:7f:41:
         6a:96:46:54:92:5a:7a:1e:20:87:c4:81:5f:b6:c4:e5:fd:5b:
         f5:46:10:88:9f:40:8b:dc:cd:a0:29:3e:94:90:6b:6d:9d:42:
         1c:8f:d7:37:e9:f0:8a:fb:ec:52:15:32:9c:a1:38:3e:e7:2b:
         07:1c:e7:e8:56:62:d9:d6:30:15:59:f6:f4:5e:d5:70:c3:62:
         dd:f0:3d:31:1f:08:05:0a:a9:c8:0a:05:0a:90:9e:77:df:84:
         51:08:39:6a:68:ee:5b:e1:15:c2:72:b3:dd:ab:66:9f:60:98:
         16:97:71:03:65:68:a4:75:ff:82:a7:df:dd:b9:01:16:7a:90:
         60:bc:88:a9:d6:c4:11:31:4a:86:64:d9:5c:90:f8:e0:1f:51:
         ba:04:79:5b:69:31:5b:d7:5a:5c:18:ac:22:54:30:42:e5:c3:
         df:9d:9a:5e:0e:b9:00:34:0f:19:17:e4:92:1b:5c:bb:33:e7:
         4c:fd:c8:db:56:a4:cd:6d:b7:55:20:4a:b1:f3:d3:20:de:ec:
         e0:30:d7:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU4SD8WUj1HrNxfIFDI5cyux58BcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZmJkY2MzNjdmNzNmYTZkNmY5ODI3ZDU0N2JjNGViMWMw
N2YwOGMwODAyMDA1OWEwOWFiZDYyMTIxZTZhYTFhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHYXA+b98hSUmcqqcxUJe116KVVaHnSqUk9A3XNM0T1p6m
LLYNAHVWMb6mQWeZluJyAYMcx0EB15+Dgybh1CElu4U9/enCp/wwlP/CUATq6Ecp
nWq2gUnBYW7aPb6qNJZ4lrHLMOwUqkAbIqho9YkfP6c1I0fwAsXM/g54qxoPRUuh
UU0QW3PIJY4f+PU9XioojHu3Yz5J1Dlyu1yEeMe9aq9/qdGd0SGPVyD0lIdNUwXr
SbmaUEfd2q4cViG6xGhsqar2zjOc1eCJx93kdVpVzlGztWleqNfyXNOY0orAT5Lu
KxGWfX+khr5+bJBdJMq8W4aGP6dAIsfq5x9gGxMdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlRwqCXkDw6Wuxkj65riTfNF5wfkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg1MDU1OTI2LWRmMGYtNGIxYi05Y2IzLWQzNWNhZDgyMzc3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3twwDQYJKoZIhvcNAQELBQADggEBAGgQyHKLc43PfA5tc+mfwaDbIDOt
3yCFOIr7Cis2FnpUWrkZ4etqa3GNJjDfJjsSFkTuFQ5/QWqWRlSSWnoeIIfEgV+2
xOX9W/VGEIifQIvczaApPpSQa22dQhyP1zfp8Ir77FIVMpyhOD7nKwcc5+hWYtnW
MBVZ9vRe1XDDYt3wPTEfCAUKqcgKBQqQnnffhFEIOWpo7lvhFcJys92rZp9gmBaX
cQNlaKR1/4Kn3925ARZ6kGC8iKnWxBExSoZk2VyQ+OAfUboEeVtpMVvXWlwYrCJU
MELlw9+dml4OuQA0DxkX5JIbXLsz50z9yNtWpM1tt1UgSrHz0yDe7OAw1+g=
-----END CERTIFICATE-----