Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ed541a1e-a215-4224-9846-47f0a834b8db.roa
File:                     ed541a1e-a215-4224-9846-47f0a834b8db.roa (raw, json)
Hash identifier:          4cQ1haJ+7dK+kbzVJQZFDnOUBYbWoNbin/2CgWqi7Us=
Subject key identifier:   8C:88:04:AC:35:A8:1C:07:C5:FB:46:5B:2A:3F:1F:4D:77:76:11:FA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       71CA68985FC4DCA9EE0142C7F2A469EC1EA5233B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ed541a1e-a215-4224-9846-47f0a834b8db.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.34.64.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:ca:68:98:5f:c4:dc:a9:ee:01:42:c7:f2:a4:69:ec:1e:a5:23:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:45:48:ee:41:97:16:c5:e6:57:53:e0:ae:55:
                    44:3b:52:89:4e:f1:db:12:c0:4b:78:c7:0c:7e:33:
                    c1:ed:ac:1f:32:05:c5:94:fa:f6:b2:24:5a:b3:d3:
                    83:fd:2b:47:1b:26:9a:fc:b3:ed:94:e4:18:bf:21:
                    79:d0:56:03:8f:32:49:a2:8d:e6:08:07:7a:9b:81:
                    85:b1:6f:4f:50:d1:5e:9b:8d:7d:fe:24:08:20:8e:
                    96:61:fd:31:98:aa:52:96:1e:99:fd:3d:48:90:75:
                    bf:c8:a9:3f:35:83:c9:95:90:ed:e7:df:a9:ef:77:
                    d6:16:dd:7f:94:90:7e:93:ff:dd:a1:a5:d7:63:94:
                    a9:40:6a:25:11:8e:a2:6e:ab:cd:55:73:81:83:2e:
                    43:25:1b:9b:21:a7:b8:46:57:f6:e8:14:50:0c:d8:
                    56:42:fe:f0:f4:a5:9c:36:64:10:8e:cb:15:36:53:
                    ae:d3:e5:0f:16:12:94:bb:94:3c:72:45:54:45:e7:
                    61:97:5f:92:bb:87:f9:5c:cb:d7:a1:77:1e:36:55:
                    71:09:e5:cc:5b:68:e0:b9:aa:cc:e7:c4:e1:1d:42:
                    60:8e:e4:57:5b:73:59:0e:3c:f7:48:44:11:d0:e4:
                    52:ee:13:d4:e9:f4:8e:31:c4:30:ad:27:09:88:18:
                    e5:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:88:04:AC:35:A8:1C:07:C5:FB:46:5B:2A:3F:1F:4D:77:76:11:FA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ed541a1e-a215-4224-9846-47f0a834b8db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.34.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1f:0f:21:dc:06:a7:27:fb:08:7f:dc:c4:4f:f4:bc:ea:66:f4:
         4d:a4:a8:cf:0d:ee:de:b2:d8:6d:67:ca:5e:96:7a:0a:57:d1:
         f4:7d:a8:a8:ef:4b:59:73:8b:e7:1d:60:ea:f8:87:30:57:f9:
         8d:67:2a:50:b4:05:e5:f9:03:dd:39:3e:32:90:43:5c:8a:c5:
         db:10:58:7e:7e:d7:35:ea:f3:3b:30:ab:93:a6:ee:63:8e:a7:
         37:11:28:d4:e1:c3:ce:b3:2a:7c:d4:5c:b4:04:e3:94:04:94:
         a8:e3:d4:15:99:30:33:a5:12:b9:7b:3f:af:b8:33:1d:52:2c:
         2d:ff:69:d1:80:4d:af:f1:ef:42:bb:ed:eb:97:ec:ab:63:69:
         2d:6a:c6:b1:e4:68:a1:d3:c5:cd:fd:a6:df:c9:65:31:24:77:
         9d:89:1c:20:c6:1d:61:68:a9:ad:41:6f:2b:be:7f:5c:c8:69:
         6b:c0:0d:65:89:6f:7a:43:78:f0:01:0e:d3:9b:1d:8b:c5:c0:
         ab:b9:38:dd:df:72:54:0b:35:2e:76:f5:79:27:8c:93:37:e6:
         4f:f2:fd:30:85:e1:f0:e7:11:95:da:85:32:85:19:85:5d:0a:
         d7:0d:e0:51:89:43:aa:2a:0f:e7:c8:28:5d:66:53:d5:09:dc:
         0f:ec:02:fa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUccpomF/E3KnuAULH8qRp7B6lIzswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ODBkMTZmM2RkNTQyNTdlNjdlNTYyOGE3OGQzNjcyNDBm
MThkN2QwNmFhZTBjNDRjZWM4YTU5YzJjZTIzYzkzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVRUjuQZcWxeZXU+CuVUQ7UolO8dsSwEt4xwx+M8HtrB8y
BcWU+vayJFqz04P9K0cbJpr8s+2U5Bi/IXnQVgOPMkmijeYIB3qbgYWxb09Q0V6b
jX3+JAggjpZh/TGYqlKWHpn9PUiQdb/IqT81g8mVkO3n36nvd9YW3X+UkH6T/92h
pddjlKlAaiURjqJuq81Vc4GDLkMlG5shp7hGV/boFFAM2FZC/vD0pZw2ZBCOyxU2
U67T5Q8WEpS7lDxyRVRF52GXX5K7h/lcy9ehdx42VXEJ5cxbaOC5qsznxOEdQmCO
5Fdbc1kOPPdIRBHQ5FLuE9Tp9I4xxDCtJwmIGOW9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjIgErDWoHAfF+0ZbKj8fTXd2EfowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VkNTQxYTFlLWEyMTUtNDIyNC05ODQ2LTQ3ZjBhODM0YjhkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSIkAwDQYJKoZIhvcNAQELBQADggEBAB8PIdwGpyf7CH/cxE/0vOpm9E2k
qM8N7t6y2G1nyl6WegpX0fR9qKjvS1lzi+cdYOr4hzBX+Y1nKlC0BeX5A905PjKQ
Q1yKxdsQWH5+1zXq8zswq5Om7mOOpzcRKNThw86zKnzUXLQE45QElKjj1BWZMDOl
Erl7P6+4Mx1SLC3/adGATa/x70K77euX7KtjaS1qxrHkaKHTxc39pt/JZTEkd52J
HCDGHWFoqa1Bbyu+f1zIaWvADWWJb3pDePABDtObHYvFwKu5ON3fclQLNS529Xkn
jJM35k/y/TCF4fDnEZXahTKFGYVdCtcN4FGJQ6oqD+fIKF1mU9UJ3A/sAvo=
-----END CERTIFICATE-----