Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/071b4428-4363-4b2b-b1f3-73120e26d977.roa
File:                     071b4428-4363-4b2b-b1f3-73120e26d977.roa (raw, json)
Hash identifier:          K+JXe/NgKGMqkQLSPYfIRvIdIMs6lZWWzrK4NaIqz1g=
Subject key identifier:   70:37:E1:72:65:73:4C:41:69:BE:14:3F:BA:D1:1C:6B:DC:B0:49:0D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       72BAF10070DDB89718F1ADFBC95987018E50B197
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/071b4428-4363-4b2b-b1f3-73120e26d977.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.44.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:ba:f1:00:70:dd:b8:97:18:f1:ad:fb:c9:59:87:01:8e:50:b1:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a0:0e:f0:3b:ae:71:91:28:66:3a:93:aa:42:
                    0c:51:3d:ac:41:4c:21:ab:0e:93:5c:56:3e:1a:af:
                    79:3b:99:aa:fe:43:14:d7:56:e6:a2:f5:69:62:f5:
                    55:52:1a:61:82:8a:d1:a4:46:17:c8:ea:a6:a8:65:
                    3f:71:a1:ee:59:51:9a:0a:25:18:a1:05:7f:b5:93:
                    ff:a4:c2:2c:66:77:df:f2:e8:92:c8:06:0b:d8:20:
                    93:bb:d8:a9:63:b8:33:30:9a:ca:5b:53:f0:a7:d1:
                    46:16:68:ea:ab:36:43:10:84:ae:d5:7f:26:69:0c:
                    8d:85:7d:6a:27:b1:e2:cb:03:74:53:04:41:57:1e:
                    0b:08:60:10:76:7c:65:e5:7d:97:62:6d:f7:f0:73:
                    81:be:1d:c7:32:cf:4e:93:33:b6:c1:f2:ec:4f:84:
                    29:58:59:c3:e8:ee:62:04:f5:d3:c9:81:70:11:55:
                    df:cd:cf:d8:bc:bb:0c:f5:5d:7d:1d:05:c2:43:1e:
                    91:21:87:5f:e6:33:25:af:48:6f:bd:c5:1c:cb:59:
                    c3:9b:89:34:5a:1e:b4:68:cd:1e:ff:03:fb:ae:22:
                    b2:6a:23:97:dc:eb:0b:45:a5:ba:67:46:86:8a:bf:
                    e7:fd:69:ea:9f:26:1d:26:5b:b0:a8:5a:c7:61:87:
                    a3:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:37:E1:72:65:73:4C:41:69:BE:14:3F:BA:D1:1C:6B:DC:B0:49:0D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/071b4428-4363-4b2b-b1f3-73120e26d977.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.44.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4a:2c:68:50:22:03:1c:d5:9e:b1:08:48:00:73:11:1d:d6:64:
         ff:11:a5:81:76:7d:ca:96:94:fd:19:5a:fb:8e:a3:e0:19:e3:
         df:cd:1c:6e:4e:d4:1d:cf:97:5b:90:aa:d5:80:3e:b2:88:76:
         01:5c:73:a1:75:bf:ec:a3:14:94:2a:51:49:d1:79:84:4b:37:
         89:0a:d5:cf:91:8c:6c:9e:da:f9:51:f8:62:96:88:5f:16:f4:
         90:44:16:2f:8d:8e:2d:23:bc:bc:70:16:da:12:02:74:45:59:
         d0:76:f5:b9:c2:78:66:67:20:03:8b:83:70:05:78:16:b0:9b:
         45:b2:b8:83:0f:c4:5c:17:62:11:04:9a:cb:5e:29:e4:f1:f5:
         c3:0c:fc:16:38:1c:00:83:ab:8e:51:38:7d:a2:19:45:4e:9d:
         47:61:b2:ef:db:2b:a1:4d:cd:4c:8e:4c:90:2b:6d:50:0b:e5:
         a2:02:4e:35:43:d7:25:65:3a:24:30:d0:d0:a3:41:96:90:5c:
         91:7e:82:a4:7e:c9:0f:87:68:05:a1:ba:a9:92:28:81:64:86:
         d9:36:f4:06:09:87:66:d0:0e:70:9c:2f:31:b4:03:e2:71:11:
         b9:c2:4e:e6:8f:3a:ab:cf:7f:f4:ce:b6:42:09:bd:21:dc:83:
         52:44:fb:d5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcrrxAHDduJcY8a37yVmHAY5QsZcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNmVhNDJhYmMzM2M3NDI4OGM0NjlkODgzY2ViNGY5M2Jk
NjU5MmZhZTZhNWIzOTc5MzA1NGJiOTYzN2I4ODcyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCToA7wO65xkShmOpOqQgxRPaxBTCGrDpNcVj4ar3k7mar+
QxTXVuai9Wli9VVSGmGCitGkRhfI6qaoZT9xoe5ZUZoKJRihBX+1k/+kwixmd9/y
6JLIBgvYIJO72KljuDMwmspbU/Cn0UYWaOqrNkMQhK7VfyZpDI2FfWonseLLA3RT
BEFXHgsIYBB2fGXlfZdibffwc4G+Hccyz06TM7bB8uxPhClYWcPo7mIE9dPJgXAR
Vd/Nz9i8uwz1XX0dBcJDHpEhh1/mMyWvSG+9xRzLWcObiTRaHrRozR7/A/uuIrJq
I5fc6wtFpbpnRoaKv+f9aeqfJh0mW7CoWsdhh6PnAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcDfhcmVzTEFpvhQ/utEca9ywSQ0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA3MWI0NDI4LTQzNjMtNGIyYi1iMWYzLTczMTIwZTI2ZDk3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASLDANBgkqhkiG9w0BAQsFAAOCAQEASixoUCIDHNWesQhIAHMRHdZk/xGl
gXZ9ypaU/Rla+46j4Bnj380cbk7UHc+XW5Cq1YA+soh2AVxzoXW/7KMUlCpRSdF5
hEs3iQrVz5GMbJ7a+VH4YpaIXxb0kEQWL42OLSO8vHAW2hICdEVZ0Hb1ucJ4Zmcg
A4uDcAV4FrCbRbK4gw/EXBdiEQSay14p5PH1wwz8FjgcAIOrjlE4faIZRU6dR2Gy
79sroU3NTI5MkCttUAvlogJONUPXJWU6JDDQ0KNBlpBckX6CpH7JD4doBaG6qZIo
gWSG2Tb0BgmHZtAOcJwvMbQD4nERucJO5o86q89/9M62Qgm9IdyDUkT71Q==
-----END CERTIFICATE-----