Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/4355f81e-8b7d-4823-952f-1eb1cce10086.roa
File:                     4355f81e-8b7d-4823-952f-1eb1cce10086.roa (raw, json)
Hash identifier:          8Gt5pgR5DxYSi5GoHrcAbZ61/rnjEm2+lL0RLLQzLgg=
Subject key identifier:   3F:D3:BC:1A:27:47:39:89:20:3A:A4:03:D9:00:A1:92:CE:E1:A6:67
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       639B566B1F41CACC3D5216C9581E238D3BB8D742
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/4355f81e-8b7d-4823-952f-1eb1cce10086.roa
Signing time:             Fri 06 Dec 2024 00:00:00 +0000
ROA not before:           Fri 06 Dec 2024 00:00:00 +0000
ROA not after:            Fri 10 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.249.210.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:9b:56:6b:1f:41:ca:cc:3d:52:16:c9:58:1e:23:8d:3b:b8:d7:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Dec  6 00:00:00 2024 GMT
            Not After : Jan 10 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:10:ec:8b:4e:ba:0a:f6:4c:b9:92:9b:f0:d0:
                    af:8e:7c:38:ca:46:ef:2a:67:6d:f6:30:4d:1c:2c:
                    7f:e0:5f:6b:f0:01:72:a0:df:53:19:75:cc:b9:24:
                    de:8f:c6:d2:10:7d:9f:6c:ec:17:04:0d:1d:cd:38:
                    71:c7:91:9d:50:ea:a3:b0:78:72:67:60:2f:bd:5d:
                    26:23:b7:99:3f:7b:03:02:96:e7:ad:23:76:79:30:
                    f3:0e:51:4f:db:4a:77:bc:f9:20:e8:aa:d6:57:01:
                    9c:d2:6b:d4:b6:49:ec:24:47:a3:f8:a9:a8:22:09:
                    88:60:29:92:60:3b:7c:c1:ec:4c:10:61:7a:bd:76:
                    e9:b1:d8:10:be:a9:27:83:bf:6d:3f:ba:e8:33:9b:
                    86:9f:e1:3a:77:5a:ca:a5:9b:18:08:d9:19:69:7b:
                    6b:83:75:7e:52:40:75:19:45:06:26:de:7a:5c:ee:
                    e5:33:56:b5:a2:16:fa:c2:3c:40:cf:a2:06:bd:dc:
                    3b:ce:be:e2:a6:8d:b1:6c:ab:38:c5:71:bd:ab:11:
                    69:23:50:e9:48:34:17:e0:2a:bd:a1:33:a5:71:c3:
                    7a:17:f9:aa:f8:c1:a7:f2:ce:75:8a:3e:bc:72:e8:
                    54:3e:03:36:48:23:4d:9a:3b:84:00:f9:e5:5d:a9:
                    e4:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D3:BC:1A:27:47:39:89:20:3A:A4:03:D9:00:A1:92:CE:E1:A6:67
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/4355f81e-8b7d-4823-952f-1eb1cce10086.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:87:45:f2:26:fb:cc:4e:13:b2:bd:0b:7d:87:8a:90:9a:ea:
         c5:bd:d6:0b:e0:18:2b:ba:35:16:21:23:df:73:63:29:48:9a:
         91:e6:4f:75:02:23:92:62:9a:d9:cd:0a:bd:bc:cd:de:d9:49:
         4a:7b:56:25:aa:3b:b3:07:6a:ee:31:c5:e7:ee:04:bc:88:3b:
         c7:ec:96:1d:09:55:80:c0:26:bf:5c:a8:b8:5e:28:86:0f:12:
         de:f5:30:b2:04:b0:01:98:a0:7e:c9:5a:eb:92:28:27:8a:ac:
         b6:8e:1d:1e:b3:58:96:9f:c3:55:3e:42:1f:c5:bc:02:1f:f2:
         5e:32:38:ae:18:98:d6:18:0b:68:51:a9:af:e7:36:76:f9:44:
         64:1d:d3:5e:50:43:78:7a:78:f0:aa:f8:f0:f7:78:58:28:60:
         78:ea:ca:0b:29:e4:cc:ea:c1:a3:28:89:a5:a6:88:35:d2:2b:
         f7:b3:82:2d:79:8d:0b:2a:61:24:aa:74:a2:ec:48:94:b7:34:
         50:41:36:d4:97:e8:f1:c9:ff:85:6d:1e:38:a1:b6:0b:39:96:
         79:19:09:54:e1:8b:42:cc:e2:5b:e0:be:08:d6:a6:26:71:27:
         09:61:47:ec:fb:5e:4e:88:55:aa:a4:32:5c:16:d7:63:ff:3a:
         60:69:7a:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY5tWax9Bysw9UhbJWB4jjTu410IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjQxMjA2MDAwMDAwWhcNMjUwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMjlmZDQ4MmMyMmUyOWRhYzY5NDJkNzFlZmI5ODdlMGE3
NzMyYjc2N2UwOWRiM2VhOWQ3MzYxZGY1NjNmNTIyMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmEOyLTroK9ky5kpvw0K+OfDjKRu8qZ232ME0cLH/gX2vw
AXKg31MZdcy5JN6PxtIQfZ9s7BcEDR3NOHHHkZ1Q6qOweHJnYC+9XSYjt5k/ewMC
luetI3Z5MPMOUU/bSne8+SDoqtZXAZzSa9S2SewkR6P4qagiCYhgKZJgO3zB7EwQ
YXq9dumx2BC+qSeDv20/uugzm4af4Tp3WsqlmxgI2Rlpe2uDdX5SQHUZRQYm3npc
7uUzVrWiFvrCPEDPoga93DvOvuKmjbFsqzjFcb2rEWkjUOlINBfgKr2hM6Vxw3oX
+ar4wafyznWKPrxy6FQ+AzZII02aO4QA+eVdqeSzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUP9O8GidHOYkgOqQD2QChks7hpmcwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzQzNTVmODFlLThiN2QtNDgyMy05NTJmLTFlYjFjY2UxMDA4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEX+dIwDQYJKoZIhvcNAQELBQADggEBAB+HRfIm+8xOE7K9C32HipCa6sW9
1gvgGCu6NRYhI99zYylImpHmT3UCI5JimtnNCr28zd7ZSUp7ViWqO7MHau4xxefu
BLyIO8fslh0JVYDAJr9cqLheKIYPEt71MLIEsAGYoH7JWuuSKCeKrLaOHR6zWJaf
w1U+Qh/FvAIf8l4yOK4YmNYYC2hRqa/nNnb5RGQd015QQ3h6ePCq+PD3eFgoYHjq
ygsp5MzqwaMoiaWmiDXSK/ezgi15jQsqYSSqdKLsSJS3NFBBNtSX6PHJ/4VtHjih
tgs5lnkZCVThi0LM4lvgvgjWpiZxJwlhR+z7Xk6IVaqkMlwW12P/OmBpeuM=
-----END CERTIFICATE-----