Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aabed090-669d-4b41-831d-1944c370cc94.roa
File:                     aabed090-669d-4b41-831d-1944c370cc94.roa (raw, json)
Hash identifier:          2i8DBZRDcCYcAQcYJKibNa7f2IoamIG+yLHjBlwpvaU=
Subject key identifier:   09:3C:32:75:46:EB:9D:E7:B6:33:B9:BA:D9:52:02:15:88:3D:7F:85
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       43BBA934613475E0093BCB5AC1478BD7E21CA79D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aabed090-669d-4b41-831d-1944c370cc94.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.5.168.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:bb:a9:34:61:34:75:e0:09:3b:cb:5a:c1:47:8b:d7:e2:1c:a7:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d1:1d:5b:fc:af:48:57:f9:cb:16:8f:7c:6e:
                    58:85:b9:9b:06:db:e5:ac:1a:ac:e7:cd:46:42:5b:
                    00:a0:f9:14:b6:97:f1:cf:4d:ed:a7:5a:7e:c7:85:
                    a0:c3:98:cd:12:7e:2d:87:f7:98:90:ba:0e:50:aa:
                    d1:1c:a6:a8:5f:8c:32:69:62:1b:94:bb:81:35:fa:
                    b4:f5:45:96:60:8b:9d:1e:8c:8a:37:3d:bd:98:62:
                    66:4a:7f:7e:ee:85:34:a4:38:8d:05:10:88:3a:3e:
                    d7:a4:2d:6c:34:d6:0f:86:75:fc:f9:fb:91:04:1c:
                    c4:83:c7:c9:4b:ce:09:74:46:11:35:68:c1:c3:18:
                    cf:1c:76:c9:58:b1:00:04:6d:be:f3:e7:41:7b:df:
                    eb:a8:3f:c8:bd:2e:d0:77:4b:41:46:b5:32:89:b4:
                    0d:c0:ff:91:bb:ef:49:89:24:c3:24:35:4f:f7:f8:
                    03:8a:11:ec:89:c6:fd:e2:33:46:17:3f:15:60:1b:
                    f2:8c:5d:8b:f4:c9:92:04:f6:64:ad:05:bd:bd:dc:
                    74:5b:b7:03:36:f9:8c:2f:e8:a7:28:67:da:cb:b4:
                    38:34:2b:94:16:ce:eb:39:b9:d3:9e:a9:d1:44:23:
                    96:d8:a6:58:c7:9c:37:e5:3a:80:ec:03:41:4c:75:
                    47:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:3C:32:75:46:EB:9D:E7:B6:33:B9:BA:D9:52:02:15:88:3D:7F:85
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aabed090-669d-4b41-831d-1944c370cc94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.5.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:89:df:29:56:f1:98:10:a8:95:9d:0f:2b:93:98:ee:a9:72:
         6e:88:a7:d4:11:11:f7:df:53:d7:38:41:33:4c:c3:d6:14:35:
         f2:c0:09:e4:89:7a:4f:87:ac:48:5f:c7:c2:78:2a:49:a5:79:
         bf:b6:d7:65:90:dd:09:45:21:ba:ce:24:6c:7c:56:b2:d9:ab:
         11:dd:b5:c6:7c:44:e0:5c:68:68:94:7a:be:de:0e:f2:71:84:
         ce:84:d7:b5:81:43:92:d3:a6:84:ee:44:22:a4:1a:2e:3f:b0:
         45:99:e0:97:54:45:d0:e5:8d:23:97:91:61:ab:70:71:67:fa:
         38:df:77:e4:36:47:f4:f2:1f:9e:17:dc:dd:e8:49:46:fc:47:
         f4:18:5a:11:1b:13:be:3e:66:8f:e5:5f:ad:1b:c3:df:db:35:
         fe:1f:7a:ad:64:11:aa:2d:51:d2:36:74:31:2b:6d:9f:af:cb:
         f1:02:1b:37:e0:41:2d:d8:87:5a:b4:f0:05:34:f3:de:6d:b1:
         35:7e:3a:49:85:b5:f3:63:72:31:12:68:f7:fd:48:bb:c0:2c:
         b3:52:6e:41:18:6a:55:68:d7:67:4a:16:01:f5:c0:9c:c3:6d:
         26:d5:91:12:95:25:d4:45:c4:3a:24:6d:b3:aa:0d:76:39:15:
         50:87:1b:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ7upNGE0deAJO8tawUeL1+Icp50wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NDU0ODI1M2NmYmVlMzg3YzAzM2UyM2U0N2MzNDliYWQz
NGY5N2YyNTdiNzc3MTMzNTczOWQwY2FkNGM4YTY5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCe0R1b/K9IV/nLFo98bliFuZsG2+WsGqznzUZCWwCg+RS2
l/HPTe2nWn7HhaDDmM0Sfi2H95iQug5QqtEcpqhfjDJpYhuUu4E1+rT1RZZgi50e
jIo3Pb2YYmZKf37uhTSkOI0FEIg6PtekLWw01g+Gdfz5+5EEHMSDx8lLzgl0RhE1
aMHDGM8cdslYsQAEbb7z50F73+uoP8i9LtB3S0FGtTKJtA3A/5G770mJJMMkNU/3
+AOKEeyJxv3iM0YXPxVgG/KMXYv0yZIE9mStBb293HRbtwM2+Ywv6KcoZ9rLtDg0
K5QWzus5udOeqdFEI5bYpljHnDflOoDsA0FMdUcHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCTwydUbrnee2M7m62VICFYg9f4UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FhYmVkMDkwLTY2OWQtNGI0MS04MzFkLTE5NDRjMzcwY2M5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDBagwDQYJKoZIhvcNAQELBQADggEBAKKJ3ylW8ZgQqJWdDyuTmO6pcm6I
p9QREfffU9c4QTNMw9YUNfLACeSJek+HrEhfx8J4Kkmleb+212WQ3QlFIbrOJGx8
VrLZqxHdtcZ8ROBcaGiUer7eDvJxhM6E17WBQ5LTpoTuRCKkGi4/sEWZ4JdURdDl
jSOXkWGrcHFn+jjfd+Q2R/TyH54X3N3oSUb8R/QYWhEbE74+Zo/lX60bw9/bNf4f
eq1kEaotUdI2dDErbZ+vy/ECGzfgQS3Yh1q08AU0895tsTV+OkmFtfNjcjESaPf9
SLvALLNSbkEYalVo12dKFgH1wJzDbSbVkRKVJdRFxDokbbOqDXY5FVCHG3I=
-----END CERTIFICATE-----