Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b04d6a26-b6ae-4a6d-828c-c150576e907b.roa
File:                     b04d6a26-b6ae-4a6d-828c-c150576e907b.roa (raw, json)
Hash identifier:          iiUIiSqLUG/G6SGjghjNeFgFqT8wFKT8b+skq5aX+SQ=
Subject key identifier:   FC:2A:22:8E:F9:3D:D8:3D:11:8B:FA:73:9E:8F:1F:A0:30:9E:E7:5C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       01FA06FAFE2113BDA83397CF8BA8B6D71C780791
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b04d6a26-b6ae-4a6d-828c-c150576e907b.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.248.120.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:fa:06:fa:fe:21:13:bd:a8:33:97:cf:8b:a8:b6:d7:1c:78:07:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:68:f2:3b:3a:2b:cf:a5:54:43:a7:fd:92:f3:
                    be:21:cc:ae:5f:c2:fa:04:a0:64:0c:13:cc:24:7a:
                    5b:26:d7:02:82:48:f8:b0:f6:12:34:73:d4:5d:41:
                    9c:a0:37:ef:d8:68:83:61:f0:7d:04:ac:6e:9e:c2:
                    89:a2:34:45:41:1d:b6:43:5b:aa:e6:a9:77:ca:c3:
                    c9:95:70:b0:9b:a7:54:c5:c1:80:64:81:2c:40:5c:
                    d5:f4:c4:d8:1f:0e:f9:ab:14:95:4d:fc:0a:3a:4c:
                    7d:5e:80:2b:03:49:bc:16:36:a8:31:5b:a3:e2:5b:
                    bf:59:ca:89:45:4b:80:9c:99:9e:7f:76:dd:d6:95:
                    3d:b3:03:f9:82:f6:45:81:c5:dd:6f:8b:6e:1f:a4:
                    17:c8:1c:4d:ea:8f:c8:44:32:a7:59:1f:b6:ec:56:
                    55:73:79:74:cb:4e:87:25:20:89:18:58:60:59:dc:
                    5e:43:5e:7a:79:c3:93:7a:65:23:6c:66:de:93:51:
                    d7:84:53:28:de:82:bc:2b:8f:18:e4:f6:0d:7e:31:
                    53:df:b0:97:6c:99:00:78:f5:b9:f8:f0:52:0d:f3:
                    07:a8:2d:e5:b0:4a:9b:bf:8b:67:64:af:b7:e3:eb:
                    4d:f8:ef:70:da:0f:f4:fe:9e:97:ee:3b:44:40:8e:
                    cf:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:2A:22:8E:F9:3D:D8:3D:11:8B:FA:73:9E:8F:1F:A0:30:9E:E7:5C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b04d6a26-b6ae-4a6d-828c-c150576e907b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.248.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         12:b9:5f:8c:b3:3a:4b:15:dc:7a:70:f1:41:21:67:a8:15:45:
         1f:c0:1d:a8:49:36:f6:bd:e5:bf:a2:d3:7e:ca:b7:94:52:60:
         9f:ee:d5:c3:94:77:6c:b1:dc:92:6c:ee:85:8a:cc:b3:04:93:
         90:d8:88:d9:31:6e:ec:15:8b:e3:71:27:72:11:03:45:73:86:
         ea:fd:40:e5:73:72:0c:d6:7d:cd:3b:07:ca:7e:cc:90:03:eb:
         31:73:50:b6:29:ee:35:7c:97:b4:1c:51:5d:60:f1:50:5b:56:
         6f:17:a6:71:29:f0:5a:ae:33:62:6b:6b:c2:ec:8e:c8:29:84:
         8c:48:87:22:6f:1e:bc:d5:e1:9d:6e:19:64:6f:1f:fa:74:a2:
         11:ce:26:0e:40:79:3d:ea:29:ab:46:31:c8:08:7e:e2:aa:61:
         f4:dc:1b:89:32:95:99:55:88:40:eb:d7:9a:42:2e:57:ca:4c:
         88:4e:f2:de:6c:95:d8:0a:81:05:8c:bf:72:06:3c:15:65:9a:
         b5:4c:d7:80:7f:5b:76:7d:04:11:27:cc:0a:a9:a8:fb:82:0e:
         2c:a9:bc:a2:0f:4d:1d:26:50:f9:29:d7:7b:e4:72:48:fd:b9:
         19:99:26:8e:c8:19:1b:d7:41:58:d5:25:21:79:22:b4:7b:02:
         c8:0a:1b:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAfoG+v4hE72oM5fPi6i21xx4B5EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZDVjOTdiODViMWFmYzk0N2EzNmNmMGQ4MzU4MTYzMDFm
NmY4MTk0YzA3MWU1YTI5OWVhOTEyMGFjZjU4OTVlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRaPI7OivPpVRDp/2S874hzK5fwvoEoGQME8wkelsm1wKC
SPiw9hI0c9RdQZygN+/YaINh8H0ErG6ewomiNEVBHbZDW6rmqXfKw8mVcLCbp1TF
wYBkgSxAXNX0xNgfDvmrFJVN/Ao6TH1egCsDSbwWNqgxW6PiW79ZyolFS4CcmZ5/
dt3WlT2zA/mC9kWBxd1vi24fpBfIHE3qj8hEMqdZH7bsVlVzeXTLToclIIkYWGBZ
3F5DXnp5w5N6ZSNsZt6TUdeEUyjegrwrjxjk9g1+MVPfsJdsmQB49bn48FIN8weo
LeWwSpu/i2dkr7fj603473DaD/T+npfuO0RAjs+zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/Coijvk92D0Ri/pzno8foDCe51wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IwNGQ2YTI2LWI2YWUtNGE2ZC04MjhjLWMxNTA1NzZlOTA3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP+HgwDQYJKoZIhvcNAQELBQADggEBABK5X4yzOksV3Hpw8UEhZ6gVRR/A
HahJNva95b+i037Kt5RSYJ/u1cOUd2yx3JJs7oWKzLMEk5DYiNkxbuwVi+NxJ3IR
A0Vzhur9QOVzcgzWfc07B8p+zJAD6zFzULYp7jV8l7QcUV1g8VBbVm8XpnEp8Fqu
M2Jra8LsjsgphIxIhyJvHrzV4Z1uGWRvH/p0ohHOJg5AeT3qKatGMcgIfuKqYfTc
G4kylZlViEDr15pCLlfKTIhO8t5sldgKgQWMv3IGPBVlmrVM14B/W3Z9BBEnzAqp
qPuCDiypvKIPTR0mUPkp13vkckj9uRmZJo7IGRvXQVjVJSF5IrR7AsgKG+g=
-----END CERTIFICATE-----