Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2861b42-55fa-42a5-b652-eb26cbc5f2ea.roa
File:                     d2861b42-55fa-42a5-b652-eb26cbc5f2ea.roa (raw, json)
Hash identifier:          Z4CIeDLndbNuCi/DU5W1RuxELgP6dTZha/QAEQIa1wg=
Subject key identifier:   83:1E:DF:DC:45:94:5E:FF:7E:5F:2B:07:09:62:9A:52:42:EB:6F:9E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0911AA15B1D38324F511EDA67CFE70CA8A10B84D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2861b42-55fa-42a5-b652-eb26cbc5f2ea.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.230.210.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:11:aa:15:b1:d3:83:24:f5:11:ed:a6:7c:fe:70:ca:8a:10:b8:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:91:23:dd:51:d1:1f:ff:7a:34:92:99:a6:6d:
                    11:f0:65:92:39:0d:04:5a:73:45:ce:bd:4e:f5:34:
                    38:24:a7:c3:61:cc:1c:f4:e6:fb:a2:14:06:c0:97:
                    6f:a8:45:ac:58:da:76:a6:72:07:73:4a:c6:df:80:
                    25:46:79:9c:be:d0:71:9d:64:71:65:83:2f:84:61:
                    b0:64:f0:ca:e4:42:a1:9c:64:de:38:cd:42:b6:0a:
                    4e:60:cc:55:20:2a:e1:b2:b3:98:13:8a:f7:cb:6c:
                    1b:1e:b6:0f:ff:8f:51:6f:2a:0d:07:45:47:0f:e2:
                    aa:d9:a3:c6:19:28:6d:9f:cd:3d:6e:fe:ae:83:e0:
                    a0:93:f9:5d:db:06:87:df:e0:67:ed:d3:6b:6a:c3:
                    05:3c:15:24:69:18:09:d6:de:af:dd:af:e0:b7:a6:
                    89:c4:16:16:68:f0:f7:69:57:ba:84:f0:56:54:90:
                    53:65:14:11:e8:86:44:a2:7f:77:e6:a0:fe:f4:46:
                    13:d8:3c:5c:b9:82:fb:f8:de:2e:8a:9d:9f:2e:9b:
                    f3:75:72:fd:9d:a7:9d:71:cc:58:6e:04:2a:d5:36:
                    d1:a2:d3:46:d2:40:37:59:e4:18:ba:f6:b5:d2:69:
                    f9:ee:1e:db:55:d4:29:a0:be:83:c9:e3:10:b3:06:
                    3c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:1E:DF:DC:45:94:5E:FF:7E:5F:2B:07:09:62:9A:52:42:EB:6F:9E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2861b42-55fa-42a5-b652-eb26cbc5f2ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:bc:31:4b:79:ca:88:92:0e:5c:86:43:63:90:f2:46:6a:5d:
         b8:53:26:d6:8a:39:f0:0b:82:a1:9f:9f:c5:c7:ca:4a:c3:2c:
         38:4b:a4:12:41:d9:8d:dc:57:87:de:e4:04:b7:fd:c1:25:e2:
         2d:c4:c5:06:eb:51:1b:e4:df:08:f7:c9:9f:97:ee:76:57:2c:
         f9:73:e9:fc:d1:a1:0d:63:38:63:2e:ae:70:81:db:ff:5b:0a:
         98:81:49:8c:f1:d1:c1:b5:f7:e2:02:85:a4:da:47:57:5d:60:
         ad:8b:4d:65:23:38:80:06:2c:e3:49:2e:4f:3e:c3:37:d0:4f:
         67:d1:4b:2d:21:cd:63:9f:f3:a1:18:e5:ed:cb:8f:35:3b:bd:
         fa:f8:a8:cd:e2:e1:1c:76:7d:24:88:8d:5a:a7:70:e7:f0:b2:
         57:62:34:9a:9b:31:54:1d:ef:82:f5:50:a4:9a:14:02:60:1e:
         de:24:c4:d3:e1:9c:47:31:20:e6:9b:05:a7:dd:a9:84:93:74:
         ed:1c:f7:e9:7f:8b:ff:80:c7:06:82:9c:dd:76:55:7e:e2:91:
         ce:05:94:fc:3c:1b:e0:ef:4d:bf:3c:33:35:eb:47:4b:b1:1d:
         fc:61:5c:a5:87:4e:6d:54:21:fa:35:db:65:46:52:b2:cb:b1:
         7c:2f:49:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCRGqFbHTgyT1Ee2mfP5wyooQuE0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNzY4YWYzZDU5NGM5NWQzNDFiZGZiYmJhMTNlYmY3Y2Vk
NWIzZWY3MzkzOTUyNjNhMzAxYzg4MDM2MTJkYWE3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDokSPdUdEf/3o0kpmmbRHwZZI5DQRac0XOvU71NDgkp8Nh
zBz05vuiFAbAl2+oRaxY2namcgdzSsbfgCVGeZy+0HGdZHFlgy+EYbBk8MrkQqGc
ZN44zUK2Ck5gzFUgKuGys5gTivfLbBsetg//j1FvKg0HRUcP4qrZo8YZKG2fzT1u
/q6D4KCT+V3bBoff4Gft02tqwwU8FSRpGAnW3q/dr+C3ponEFhZo8PdpV7qE8FZU
kFNlFBHohkSif3fmoP70RhPYPFy5gvv43i6KnZ8um/N1cv2dp51xzFhuBCrVNtGi
00bSQDdZ5Bi69rXSafnuHttV1CmgvoPJ4xCzBjx/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgx7f3EWUXv9+XysHCWKaUkLrb54wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QyODYxYjQyLTU1ZmEtNDJhNS1iNjUyLWViMjZjYmM1ZjJlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEP5tIwDQYJKoZIhvcNAQELBQADggEBAC+8MUt5yoiSDlyGQ2OQ8kZqXbhT
JtaKOfALgqGfn8XHykrDLDhLpBJB2Y3cV4fe5AS3/cEl4i3ExQbrURvk3wj3yZ+X
7nZXLPlz6fzRoQ1jOGMurnCB2/9bCpiBSYzx0cG19+IChaTaR1ddYK2LTWUjOIAG
LONJLk8+wzfQT2fRSy0hzWOf86EY5e3LjzU7vfr4qM3i4Rx2fSSIjVqncOfwsldi
NJqbMVQd74L1UKSaFAJgHt4kxNPhnEcxIOabBafdqYSTdO0c9+l/i/+AxwaCnN12
VX7ikc4FlPw8G+DvTb88MzXrR0uxHfxhXKWHTm1UIfo122VGUrLLsXwvSd8=
-----END CERTIFICATE-----