Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/de4b3d5c-c785-4830-884f-797006c4fc0a.roa
File:                     de4b3d5c-c785-4830-884f-797006c4fc0a.roa (raw, json)
Hash identifier:          kpgKPW9TyazfMONIW6vJ6osac3N1nktibGsTREfoVd0=
Subject key identifier:   7E:ED:8A:23:34:35:04:4D:8F:67:30:17:02:04:28:AC:53:C4:73:6A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       74A2F410BC111E092CF756C549604F31DF6C8151
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/de4b3d5c-c785-4830-884f-797006c4fc0a.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        146.78.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:a2:f4:10:bc:11:1e:09:2c:f7:56:c5:49:60:4f:31:df:6c:81:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:07:bf:02:78:11:cd:44:41:89:a4:2c:99:fe:
                    a0:9e:22:a1:ef:a4:67:48:12:40:a8:b9:f9:f8:67:
                    02:97:25:27:21:ca:e4:35:51:31:2f:17:fc:bc:02:
                    c9:71:31:b0:de:8d:2a:53:83:67:d9:1d:b9:11:33:
                    43:a9:f7:26:79:b2:fc:c8:54:cd:af:3c:25:16:0a:
                    a8:51:cd:c9:78:cc:1a:3c:ca:1c:0e:02:34:a3:cc:
                    36:b5:23:db:2b:36:c1:2b:fb:86:96:53:e6:e6:60:
                    8b:54:5e:03:53:ef:ec:fe:07:d2:1a:09:36:10:d9:
                    fb:38:4f:ca:85:76:45:ab:d1:95:9c:5e:23:9a:e8:
                    a6:33:25:46:7c:52:b5:a5:0d:72:75:4a:f2:9c:5f:
                    56:d6:5e:a7:15:ff:d3:36:b2:02:b0:b7:3a:07:95:
                    58:e9:24:65:24:7f:11:2b:06:1a:32:5a:3b:86:9f:
                    05:90:ec:15:f4:52:2a:ca:ce:b5:19:2e:ba:ea:a1:
                    62:da:11:d7:18:c2:f2:ec:51:b4:75:21:d0:df:2c:
                    ec:75:8b:fd:e7:7b:fc:12:e0:08:f4:5b:8d:1d:27:
                    24:2c:4d:b0:fe:a6:65:02:96:b4:7a:f2:ea:7e:04:
                    b8:79:db:f3:bd:39:f9:3c:c0:e0:a3:0c:0f:df:b1:
                    5e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:ED:8A:23:34:35:04:4D:8F:67:30:17:02:04:28:AC:53:C4:73:6A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/de4b3d5c-c785-4830-884f-797006c4fc0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.78.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b3:34:d3:dd:e1:47:39:47:5e:5b:13:7e:e4:b4:73:5a:1a:db:
         17:a4:14:c0:4d:f1:ac:6b:07:3d:b3:de:5c:65:32:f9:82:07:
         99:47:26:cc:f6:a0:77:cd:60:98:b1:25:5b:7c:6b:d8:1b:17:
         34:7a:ea:9c:90:54:df:2a:30:08:ec:60:88:7c:09:fc:f7:18:
         db:e7:df:13:e4:ad:a0:9e:10:9c:f9:63:6c:4b:7d:f1:7e:89:
         1e:37:c8:bc:d3:ca:2a:cf:ca:d6:24:d2:76:5d:0b:1a:11:35:
         9d:18:07:14:3c:8b:e1:06:a4:99:2c:a5:f9:5f:00:60:db:36:
         4b:a7:4a:91:ae:38:b1:15:55:a3:16:df:77:37:2f:08:48:5e:
         28:8b:c7:c5:ea:2e:f9:62:e0:3b:e8:6b:df:ab:cd:0a:a5:fa:
         a8:06:f0:12:5a:94:96:6d:7f:d8:55:f6:97:6c:97:2b:5a:a5:
         20:2e:17:2e:d6:f2:51:82:03:89:54:f6:33:c3:49:f6:83:c0:
         7c:56:d6:aa:41:93:2f:63:93:7f:25:26:f5:1b:d0:b6:e0:a8:
         5a:ca:6e:fd:5f:aa:3c:3c:a8:b9:e9:9d:94:28:c9:6e:8d:c1:
         d9:8f:ed:d1:b5:cf:db:f8:53:f7:84:de:e5:fe:99:43:5f:59:
         12:55:59:ed
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdKL0ELwRHgks91bFSWBPMd9sgVEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMWNiNDU2MzcyOTc5YTBiMGQ0ZTBiMzdhM2Q0M2EzMDMx
OGM1NWJhYjg4MWI3MjdjNDQ5ODFmZTY4NzcxZWYyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXB78CeBHNREGJpCyZ/qCeIqHvpGdIEkCoufn4ZwKXJSch
yuQ1UTEvF/y8AslxMbDejSpTg2fZHbkRM0Op9yZ5svzIVM2vPCUWCqhRzcl4zBo8
yhwOAjSjzDa1I9srNsEr+4aWU+bmYItUXgNT7+z+B9IaCTYQ2fs4T8qFdkWr0ZWc
XiOa6KYzJUZ8UrWlDXJ1SvKcX1bWXqcV/9M2sgKwtzoHlVjpJGUkfxErBhoyWjuG
nwWQ7BX0UirKzrUZLrrqoWLaEdcYwvLsUbR1IdDfLOx1i/3ne/wS4Aj0W40dJyQs
TbD+pmUClrR68up+BLh52/O9Ofk8wOCjDA/fsV63AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUfu2KIzQ1BE2PZzAXAgQorFPEc2owHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RlNGIzZDVjLWM3ODUtNDgzMC04ODRmLTc5NzAwNmM0ZmMwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCSTjANBgkqhkiG9w0BAQsFAAOCAQEAszTT3eFHOUdeWxN+5LRzWhrbF6QU
wE3xrGsHPbPeXGUy+YIHmUcmzPagd81gmLElW3xr2BsXNHrqnJBU3yowCOxgiHwJ
/PcY2+ffE+StoJ4QnPljbEt98X6JHjfIvNPKKs/K1iTSdl0LGhE1nRgHFDyL4Qak
mSyl+V8AYNs2S6dKka44sRVVoxbfdzcvCEheKIvHxeou+WLgO+hr36vNCqX6qAbw
ElqUlm1/2FX2l2yXK1qlIC4XLtbyUYIDiVT2M8NJ9oPAfFbWqkGTL2OTfyUm9RvQ
tuCoWspu/V+qPDyouemdlCjJbo3B2Y/t0bXP2/hT94Te5f6ZQ19ZElVZ7Q==
-----END CERTIFICATE-----