Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b68e9d41-8479-41c3-9a85-f25dc7162702.roa
File:                     b68e9d41-8479-41c3-9a85-f25dc7162702.roa (raw, json)
Hash identifier:          EilaIEFxiCy6Q0BLLhmd5+nBONactHHAy3xnAEZgN/I=
Subject key identifier:   82:1C:39:EE:CE:23:C3:E8:FD:7A:0C:C5:7F:76:C7:2B:23:C7:26:80
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2EB54067AC582B3CCD66030B264D65418B3E2DFB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b68e9d41-8479-41c3-9a85-f25dc7162702.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.230.42.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:b5:40:67:ac:58:2b:3c:cd:66:03:0b:26:4d:65:41:8b:3e:2d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:74:6a:cf:5e:60:15:e8:6d:60:4f:fb:6c:b2:
                    23:66:a4:b4:f5:4e:7c:df:2c:7e:e4:f8:76:54:a8:
                    64:13:12:5a:bf:d6:d2:23:c9:cd:87:0c:79:dd:99:
                    05:28:7d:a2:c2:f3:6a:7a:70:25:41:c9:15:10:5c:
                    cc:80:e1:a7:2e:88:a1:e8:b8:b2:ea:ef:93:f4:15:
                    52:f7:58:cf:c3:17:ef:6a:b2:aa:86:03:89:9a:75:
                    4c:68:91:03:15:e8:dc:eb:46:f8:a0:ed:b1:76:af:
                    1a:2d:0d:bd:e4:a1:c1:92:96:e8:2a:f3:bf:7c:b2:
                    ec:6e:68:7b:2e:3e:ad:a7:f1:c8:23:1d:bd:ee:e1:
                    c0:27:9e:1c:32:e6:4f:d3:ba:fc:a2:95:00:3f:21:
                    63:6b:ed:c4:57:f5:33:f9:42:2c:9f:fd:95:20:8f:
                    24:c7:33:c5:11:cd:45:68:bb:b5:fe:d2:90:b2:12:
                    12:ad:a5:9e:ac:c8:27:d4:04:b7:4f:a3:1f:5d:fe:
                    a2:ae:94:93:14:a3:2b:db:8c:ed:6e:f1:3d:80:28:
                    47:ca:a0:56:8d:f4:2b:c6:10:fa:d6:95:8e:11:4c:
                    ec:0b:b7:18:44:58:16:e0:1c:45:12:e6:07:45:b0:
                    44:83:b6:d4:39:60:9a:dd:a3:b9:00:62:80:f8:f8:
                    1f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:1C:39:EE:CE:23:C3:E8:FD:7A:0C:C5:7F:76:C7:2B:23:C7:26:80
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b68e9d41-8479-41c3-9a85-f25dc7162702.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:62:3a:30:9d:82:73:0d:e6:98:b1:90:7f:b1:62:0c:7f:26:
         d9:74:5e:fa:57:f5:db:f9:d3:ee:de:71:5c:aa:69:dc:6e:31:
         91:28:12:37:e1:37:34:b9:07:9a:f8:89:12:c3:23:c5:a5:32:
         b1:b1:52:12:c7:48:39:32:05:dd:e1:96:0d:99:5e:38:67:0b:
         b9:dd:a7:ae:4e:f9:6d:0b:13:04:15:28:73:5b:35:f6:ab:67:
         e1:d4:fd:a1:16:fa:78:d1:b1:24:8b:99:4e:85:31:42:f9:ad:
         94:53:fd:07:a6:03:a8:2a:40:d2:e8:bc:48:3d:41:14:2e:47:
         8a:89:2f:2a:79:b2:c9:73:50:0e:8b:a7:64:92:44:dc:a3:64:
         8d:2e:e2:65:0c:4e:46:2f:2d:1f:12:fc:39:eb:78:38:0a:dd:
         35:20:da:dc:f1:70:1a:bc:98:a6:fa:16:66:ad:cb:9d:d8:41:
         1c:11:9d:21:9f:75:4e:84:b2:c6:a4:d9:52:ef:0c:64:95:55:
         1c:11:eb:d8:84:da:a4:85:c3:7d:ca:89:3b:08:30:b2:1b:cc:
         f8:cb:2a:43:61:0c:a6:25:bc:3e:10:f2:0c:3d:c2:69:4c:0b:
         0f:80:d4:7f:a9:db:f8:a3:6c:65:85:ec:0b:6f:4c:8c:f3:26:
         01:5d:7b:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULrVAZ6xYKzzNZgMLJk1lQYs+LfswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MWMyYmM1ZWUyMDY5NGIzNGE2N2RiOTMxYTZjOWZhMzkw
YTU0YWM3NGJmZDcwNjY2YWYyZTY5ZjZmY2VjMGUzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVdGrPXmAV6G1gT/tssiNmpLT1TnzfLH7k+HZUqGQTElq/
1tIjyc2HDHndmQUofaLC82p6cCVByRUQXMyA4acuiKHouLLq75P0FVL3WM/DF+9q
sqqGA4madUxokQMV6NzrRvig7bF2rxotDb3kocGSlugq8798suxuaHsuPq2n8cgj
Hb3u4cAnnhwy5k/TuvyilQA/IWNr7cRX9TP5Qiyf/ZUgjyTHM8URzUVou7X+0pCy
EhKtpZ6syCfUBLdPox9d/qKulJMUoyvbjO1u8T2AKEfKoFaN9CvGEPrWlY4RTOwL
txhEWBbgHEUS5gdFsESDttQ5YJrdo7kAYoD4+B/PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUghw57s4jw+j9egzFf3bHKyPHJoAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I2OGU5ZDQxLTg0NzktNDFjMy05YTg1LWYyNWRjNzE2MjcwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5iowDQYJKoZIhvcNAQELBQADggEBAGpiOjCdgnMN5pixkH+xYgx/Jtl0
XvpX9dv50+7ecVyqadxuMZEoEjfhNzS5B5r4iRLDI8WlMrGxUhLHSDkyBd3hlg2Z
XjhnC7ndp65O+W0LEwQVKHNbNfarZ+HU/aEW+njRsSSLmU6FMUL5rZRT/QemA6gq
QNLovEg9QRQuR4qJLyp5sslzUA6Lp2SSRNyjZI0u4mUMTkYvLR8S/DnreDgK3TUg
2tzxcBq8mKb6Fmaty53YQRwRnSGfdU6Essak2VLvDGSVVRwR69iE2qSFw33KiTsI
MLIbzPjLKkNhDKYlvD4Q8gw9wmlMCw+A1H+p2/ijbGWF7AtvTIzzJgFde2Y=
-----END CERTIFICATE-----