Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b524b34d-935b-46cd-a767-9150ccef5c2e.roa
File:                     b524b34d-935b-46cd-a767-9150ccef5c2e.roa (raw, json)
Hash identifier:          5QQOv3ML8Yw14CO9mD+qlqsmmd7UAcYrofn+aUrRILc=
Subject key identifier:   1A:77:D2:BC:F2:C5:AF:D9:59:97:FD:C2:28:7F:6E:C1:70:85:7B:03
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5E8B6DEBE93DFF29C9E65C5197F10639D7F4C7A5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b524b34d-935b-46cd-a767-9150ccef5c2e.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.43.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:8b:6d:eb:e9:3d:ff:29:c9:e6:5c:51:97:f1:06:39:d7:f4:c7:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:99:90:d9:43:6b:42:2b:e3:19:89:d8:70:5c:
                    38:25:e6:86:88:94:ac:b7:b2:03:70:b2:3a:a5:c1:
                    5f:14:5e:5d:de:88:0f:55:ea:62:50:e0:5f:c5:17:
                    cf:db:05:13:2a:7c:29:87:a6:de:14:12:eb:ab:13:
                    c3:b1:e9:90:65:43:83:26:f1:fb:d2:a2:af:d6:d9:
                    99:95:a4:51:3c:ac:7d:7f:2d:9a:2e:02:f4:b1:fb:
                    a2:93:a3:5d:e7:79:bb:ad:ef:2b:6c:ac:3e:bb:5c:
                    5b:4e:c8:34:32:a4:16:5c:d3:5b:27:40:b1:cc:09:
                    5f:95:46:b4:6e:ef:a6:35:b8:cc:73:e5:bd:cb:04:
                    48:4b:89:17:63:9a:f3:50:3c:ec:ac:b7:92:97:6d:
                    df:99:94:f5:fc:c5:f7:33:c8:8e:f7:74:47:e7:11:
                    d2:11:72:1e:5e:2a:1a:e5:52:bf:02:d2:28:34:87:
                    d0:f3:e6:49:0c:05:60:ce:c9:01:d5:cb:9c:1e:20:
                    9e:96:07:10:89:3a:18:15:89:e5:b9:02:af:99:65:
                    6e:6d:b7:e7:5b:c7:04:c6:6a:d1:08:3c:77:7d:ed:
                    a6:5c:d5:d1:0f:7c:30:d4:a7:ee:5a:43:09:21:7b:
                    23:0d:17:a1:ca:65:14:9e:d1:43:d3:6a:cf:26:ed:
                    c9:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:77:D2:BC:F2:C5:AF:D9:59:97:FD:C2:28:7F:6E:C1:70:85:7B:03
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b524b34d-935b-46cd-a767-9150ccef5c2e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.43.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1a:67:a5:81:08:58:6a:11:79:f6:f1:d9:b8:cc:1e:c3:96:07:
         b4:bf:77:cc:45:7f:42:09:57:bf:5a:9e:9a:a1:a0:2c:8b:21:
         21:25:62:73:79:6a:cc:f8:40:f0:0e:81:68:23:78:84:a6:e7:
         fb:c3:c5:a1:b0:34:5d:df:0a:4d:e5:40:7e:c5:f3:a1:2a:0c:
         10:aa:b0:d7:31:b7:88:6b:0c:b2:78:4b:2f:14:b4:34:bc:5c:
         5f:ce:82:26:59:d3:ae:2b:ba:4d:ee:7a:e5:95:c0:9c:bd:2b:
         a5:d0:3c:b1:e1:a3:fe:6a:99:67:d7:41:11:3e:20:82:1c:e8:
         30:95:70:56:3f:e6:9b:ec:48:4c:56:d2:73:c0:da:c2:11:e2:
         c1:30:2e:6f:5e:6b:3f:2e:bf:35:5e:27:f1:f0:64:85:e8:98:
         55:7a:a6:8d:dd:b1:ba:ab:bf:62:a7:37:31:fc:f2:87:cf:43:
         93:1f:60:b8:ab:1a:b5:d8:6c:81:af:36:83:46:60:a4:67:8a:
         2b:50:cb:05:50:c5:8e:0a:85:ed:4c:5d:45:a9:9b:0e:31:89:
         4f:23:e1:1a:21:0f:ec:4e:a5:db:63:fc:95:40:63:7a:6b:01:
         49:09:f2:85:b0:79:11:65:a4:74:e9:8c:d9:23:41:e2:92:ca:
         81:c7:63:0e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXott6+k9/ynJ5lxRl/EGOdf0x6UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMzlkM2Y4ODA0ZTZkYTE5N2JkZDc3YjU2NmFkOTQ0ZTMx
MTM2NmQ0N2Q5YTcxYmI2ZDEzZDYzYmI5NzY3NmI3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFmZDZQ2tCK+MZidhwXDgl5oaIlKy3sgNwsjqlwV8UXl3e
iA9V6mJQ4F/FF8/bBRMqfCmHpt4UEuurE8Ox6ZBlQ4Mm8fvSoq/W2ZmVpFE8rH1/
LZouAvSx+6KTo13nebut7ytsrD67XFtOyDQypBZc01snQLHMCV+VRrRu76Y1uMxz
5b3LBEhLiRdjmvNQPOyst5KXbd+ZlPX8xfczyI73dEfnEdIRch5eKhrlUr8C0ig0
h9Dz5kkMBWDOyQHVy5weIJ6WBxCJOhgVieW5Aq+ZZW5tt+dbxwTGatEIPHd97aZc
1dEPfDDUp+5aQwkheyMNF6HKZRSe0UPTas8m7clJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUGnfSvPLFr9lZl/3CKH9uwXCFewMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I1MjRiMzRkLTkzNWItNDZjZC1hNzY3LTkxNTBjY2VmNWMyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASKzANBgkqhkiG9w0BAQsFAAOCAQEAGmelgQhYahF59vHZuMwew5YHtL93
zEV/QglXv1qemqGgLIshISVic3lqzPhA8A6BaCN4hKbn+8PFobA0Xd8KTeVAfsXz
oSoMEKqw1zG3iGsMsnhLLxS0NLxcX86CJlnTriu6Te565ZXAnL0rpdA8seGj/mqZ
Z9dBET4gghzoMJVwVj/mm+xITFbSc8DawhHiwTAub15rPy6/NV4n8fBkheiYVXqm
jd2xuqu/Yqc3Mfzyh89Dkx9guKsatdhsga82g0ZgpGeKK1DLBVDFjgqF7UxdRamb
DjGJTyPhGiEP7E6l22P8lUBjemsBSQnyhbB5EWWkdOmM2SNB4pLKgcdjDg==
-----END CERTIFICATE-----