Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8babc2c9-6704-4449-b4b2-5e2ba09844a1.roa
File:                     8babc2c9-6704-4449-b4b2-5e2ba09844a1.roa (raw, json)
Hash identifier:          i84c/hLhbKj72YesiuBIjmAab0o8q23p6IjEq+kHueM=
Subject key identifier:   45:A3:58:3C:BA:5E:76:8E:82:56:D6:DE:5D:4F:30:A6:0F:10:0C:6A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6BA4EFD05E7A41D88BF3B0C2AB6C7B276E857A09
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8babc2c9-6704-4449-b4b2-5e2ba09844a1.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.28.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:a4:ef:d0:5e:7a:41:d8:8b:f3:b0:c2:ab:6c:7b:27:6e:85:7a:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5f:47:34:89:71:73:60:02:a5:d3:c3:0a:6d:
                    df:cd:26:8a:6f:22:ed:7e:d4:76:cd:4e:d0:68:d6:
                    40:bd:67:41:2e:dd:78:3f:64:0b:80:a4:c2:0d:98:
                    ae:13:53:0d:e3:c4:25:09:ef:9e:11:4c:1b:1b:b2:
                    f0:b4:da:73:88:22:8a:8b:cd:41:b9:04:29:77:67:
                    38:49:e2:b6:80:15:3c:02:ac:fb:0e:0f:d8:22:5d:
                    85:b7:c4:a3:94:fd:02:cf:b8:d0:85:84:f4:2f:37:
                    30:01:a2:c6:77:ac:da:e2:ff:b5:d4:d8:c6:ae:7f:
                    e5:ad:58:fe:df:6e:22:69:2b:94:c5:b7:0f:a9:f1:
                    4a:15:05:b6:4c:16:b5:9f:ee:70:df:88:28:f0:e5:
                    1a:5d:ce:65:87:db:5a:12:d5:ea:ac:25:d1:d4:5a:
                    74:da:a3:e0:74:5f:37:4f:34:a1:97:e1:5a:32:77:
                    f0:31:ce:2c:71:d0:10:7b:53:3d:6d:3f:1d:cf:72:
                    a6:4b:57:ba:1e:69:d9:10:f0:db:07:77:98:7b:24:
                    f7:4c:ce:58:bc:6f:3a:b2:b5:bf:09:f5:09:4d:c2:
                    2a:49:91:cd:59:2a:cb:f8:4b:b6:9b:ca:bb:0b:c7:
                    bc:18:49:fd:93:5e:b6:9d:ac:bc:eb:7d:42:f0:34:
                    8a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:A3:58:3C:BA:5E:76:8E:82:56:D6:DE:5D:4F:30:A6:0F:10:0C:6A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8babc2c9-6704-4449-b4b2-5e2ba09844a1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.28.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         98:d8:b7:03:a8:93:59:12:08:37:c5:6b:d7:98:81:59:bc:18:
         82:ce:e0:56:58:c2:6e:18:9b:f0:b3:00:5f:de:f0:7e:4e:65:
         ea:af:0f:46:99:c3:24:9d:81:79:fa:bd:cd:2c:99:36:9e:3f:
         e1:8f:7d:7a:5d:08:7d:b9:a7:17:9b:6c:f5:f8:16:cc:37:f2:
         a0:e1:cb:d3:a3:cd:11:d8:0d:ad:6a:03:a6:a5:39:83:fb:01:
         54:02:d0:58:fc:31:26:bd:05:b4:2d:1b:b3:66:13:d7:87:37:
         9a:dd:77:cf:13:7e:98:1c:c5:e7:be:09:37:8f:fd:65:58:48:
         36:2e:65:60:f2:07:b7:b6:50:5b:00:2b:8e:87:13:59:59:df:
         99:48:58:ed:b7:11:08:c6:49:93:b7:04:de:f2:04:2b:c0:21:
         80:26:b6:ab:0b:2c:5c:d3:07:e9:71:ad:29:9a:36:e1:b9:77:
         e3:b6:33:45:8d:1d:24:a7:09:01:8d:ab:18:ff:44:88:6d:06:
         b4:cd:33:70:4d:a3:80:11:63:50:f7:1a:ca:5a:cc:43:eb:43:
         2a:71:53:04:36:82:a4:5b:df:22:c6:9e:22:46:e0:ec:65:d2:
         ef:0b:15:25:fb:c2:93:2b:7f:6c:11:7c:87:bb:89:4c:73:e7:
         56:e2:00:0b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUa6Tv0F56QdiL87DCq2x7J26FegkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NWI0Njk4NmM5ODFkZGVhMjdjNTgwOGE3MDI1ZWU4MWNi
YzIzNzcyNTkwNjMyNWQ2ZTBjM2QzMDc5OTM1OTcyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOX0c0iXFzYAKl08MKbd/NJopvIu1+1HbNTtBo1kC9Z0Eu
3Xg/ZAuApMINmK4TUw3jxCUJ754RTBsbsvC02nOIIoqLzUG5BCl3ZzhJ4raAFTwC
rPsOD9giXYW3xKOU/QLPuNCFhPQvNzABosZ3rNri/7XU2Mauf+WtWP7fbiJpK5TF
tw+p8UoVBbZMFrWf7nDfiCjw5RpdzmWH21oS1eqsJdHUWnTao+B0XzdPNKGX4Voy
d/Axzixx0BB7Uz1tPx3PcqZLV7oeadkQ8NsHd5h7JPdMzli8bzqytb8J9QlNwipJ
kc1ZKsv4S7abyrsLx7wYSf2TXradrLzrfULwNIqDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURaNYPLpedo6CVtbeXU8wpg8QDGowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhiYWJjMmM5LTY3MDQtNDQ0OS1iNGIyLTVlMmJhMDk4NDRhMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEDHDANBgkqhkiG9w0BAQsFAAOCAQEAmNi3A6iTWRIIN8Vr15iBWbwYgs7g
VljCbhib8LMAX97wfk5l6q8PRpnDJJ2Befq9zSyZNp4/4Y99el0IfbmnF5ts9fgW
zDfyoOHL06PNEdgNrWoDpqU5g/sBVALQWPwxJr0FtC0bs2YT14c3mt13zxN+mBzF
574JN4/9ZVhINi5lYPIHt7ZQWwArjocTWVnfmUhY7bcRCMZJk7cE3vIEK8AhgCa2
qwssXNMH6XGtKZo24bl347YzRY0dJKcJAY2rGP9EiG0GtM0zcE2jgBFjUPcaylrM
Q+tDKnFTBDaCpFvfIsaeIkbg7GXS7wsVJfvCkyt/bBF8h7uJTHPnVuIACw==
-----END CERTIFICATE-----