Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b8b6fd36-589b-40c5-9288-1b40b3a97fad.roa
File:                     b8b6fd36-589b-40c5-9288-1b40b3a97fad.roa (raw, json)
Hash identifier:          qhBFmVF4It7aST1EJ2KHyC0P2/gnnYwlNmeRgxm7abM=
Subject key identifier:   2B:8A:F5:0C:6E:8E:7C:B0:0D:90:72:9C:9B:77:58:F0:70:EB:11:99
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       15733B91872D4F45859EA5F0E5FEFAB6C49B1F0D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b8b6fd36-589b-40c5-9288-1b40b3a97fad.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.204.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:73:3b:91:87:2d:4f:45:85:9e:a5:f0:e5:fe:fa:b6:c4:9b:1f:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a3:c5:16:b8:94:ae:b3:af:9a:37:87:b5:4a:
                    83:99:c3:41:db:f1:68:e8:58:53:82:e9:9b:a1:ce:
                    60:a7:a2:c4:cc:bc:40:2e:25:f1:9f:70:b5:72:02:
                    e9:a1:0f:3d:f2:7b:4a:25:b8:a8:69:cf:9d:c6:19:
                    30:d1:2b:54:eb:8c:a2:6d:77:8f:04:42:d6:59:54:
                    2c:0d:67:f6:d5:36:bb:13:01:bb:75:5b:33:e4:45:
                    01:82:d3:f0:50:1d:4a:51:23:e3:8a:5d:ee:82:22:
                    7b:7e:03:13:14:06:b6:d2:4f:fc:60:93:c4:21:bf:
                    df:ee:aa:d8:5e:6f:05:b7:da:15:70:92:fa:99:55:
                    5d:43:fc:98:93:36:a7:69:eb:4f:46:97:a5:16:ef:
                    30:41:01:55:39:58:0b:ab:ee:4d:bd:7f:22:b8:10:
                    78:24:1a:7a:8a:ad:7d:ab:d5:1e:b1:a2:37:74:be:
                    01:bc:4e:39:7f:a1:ab:25:36:28:26:c1:4e:e6:b6:
                    a0:02:3c:86:6f:42:7f:8b:00:be:2e:15:72:3e:87:
                    a8:87:ba:1c:74:0d:7a:90:8b:5c:e9:ee:45:dc:12:
                    c1:a2:5e:89:7b:fe:de:79:27:52:dd:ad:44:4d:51:
                    c3:a0:91:96:11:ef:a3:d9:b2:c4:7c:e6:39:32:ef:
                    5b:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:8A:F5:0C:6E:8E:7C:B0:0D:90:72:9C:9B:77:58:F0:70:EB:11:99
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b8b6fd36-589b-40c5-9288-1b40b3a97fad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:60:5a:ae:cb:6e:9e:fc:69:06:fb:f8:6f:bc:a3:0a:be:fd:
         12:bd:92:8b:27:19:b6:ed:ed:f7:54:7f:08:6d:cc:22:f8:d0:
         f9:b8:0a:48:44:ba:75:39:9a:92:e5:fd:23:c8:41:5f:8f:7a:
         d8:3b:ad:82:8d:16:04:8f:8f:13:18:25:75:bb:2c:2f:a7:c2:
         7a:04:cd:32:e3:95:62:aa:42:f4:1a:3d:8a:f1:36:aa:2d:c8:
         fd:09:84:9b:87:f6:0a:7e:91:86:96:33:7d:d3:50:1a:65:35:
         b3:6e:24:c3:70:79:e1:da:a3:1d:34:32:9f:64:bb:e2:e4:e5:
         1d:69:d6:13:f7:1e:21:08:f9:10:ac:a8:05:36:72:3f:39:50:
         11:76:c8:b0:57:9f:b6:d5:f9:d7:f1:41:e9:d9:35:aa:90:44:
         3b:a1:6a:7d:c4:7e:9d:32:0b:b9:a1:36:7a:c4:d5:0d:c7:16:
         67:58:4d:cb:33:2e:ac:fd:37:af:f5:a3:16:f8:3d:4e:5a:e1:
         f5:38:40:75:54:5b:b2:95:ba:f9:69:39:24:6c:b1:47:96:f6:
         aa:7b:e5:57:df:dd:00:54:33:70:4a:3e:af:7f:65:d6:7b:73:
         f6:73:79:07:61:98:37:27:6a:de:16:68:0a:5d:e2:37:ee:e9:
         33:c9:0f:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFXM7kYctT0WFnqXw5f76tsSbHw0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NGJjZjg3NmQ4ZDFkODAyNmRjNTYwNzEwNTMzNzVhMWQ5
Y2E5YTFiZmEzMTRmYTdlNTRmZGRiMzlkMTAwYWFjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCso8UWuJSus6+aN4e1SoOZw0Hb8WjoWFOC6ZuhzmCnosTM
vEAuJfGfcLVyAumhDz3ye0oluKhpz53GGTDRK1TrjKJtd48EQtZZVCwNZ/bVNrsT
Abt1WzPkRQGC0/BQHUpRI+OKXe6CInt+AxMUBrbST/xgk8Qhv9/uqthebwW32hVw
kvqZVV1D/JiTNqdp609Gl6UW7zBBAVU5WAur7k29fyK4EHgkGnqKrX2r1R6xojd0
vgG8Tjl/oaslNigmwU7mtqACPIZvQn+LAL4uFXI+h6iHuhx0DXqQi1zp7kXcEsGi
Xol7/t55J1LdrURNUcOgkZYR76PZssR85jky71vHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK4r1DG6OfLANkHKcm3dY8HDrEZkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I4YjZmZDM2LTU4OWItNDBjNS05Mjg4LTFiNDBiM2E5N2ZhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3swwDQYJKoZIhvcNAQELBQADggEBAJJgWq7Lbp78aQb7+G+8owq+/RK9
kosnGbbt7fdUfwhtzCL40Pm4CkhEunU5mpLl/SPIQV+Petg7rYKNFgSPjxMYJXW7
LC+nwnoEzTLjlWKqQvQaPYrxNqotyP0JhJuH9gp+kYaWM33TUBplNbNuJMNweeHa
ox00Mp9ku+Lk5R1p1hP3HiEI+RCsqAU2cj85UBF2yLBXn7bV+dfxQenZNaqQRDuh
an3Efp0yC7mhNnrE1Q3HFmdYTcszLqz9N6/1oxb4PU5a4fU4QHVUW7KVuvlpOSRs
sUeW9qp75Vff3QBUM3BKPq9/ZdZ7c/ZzeQdhmDcnat4WaApd4jfu6TPJD6M=
-----END CERTIFICATE-----