Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1350873f-1059-47ea-b640-795243f68df1.roa
File:                     1350873f-1059-47ea-b640-795243f68df1.roa (raw, json)
Hash identifier:          1pACSHUqELMl6mDWdbbw0GQvgqE9Tk8Hq+Xvyxy4qdU=
Subject key identifier:   58:A7:28:31:3C:65:59:D7:4D:CC:26:3E:4D:D0:21:50:5C:80:92:C6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4EE862B9964C7240B69A7EB5D71F6582E19A831B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1350873f-1059-47ea-b640-795243f68df1.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.88.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:e8:62:b9:96:4c:72:40:b6:9a:7e:b5:d7:1f:65:82:e1:9a:83:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1c:19:d3:25:c9:65:f8:18:a4:38:02:3d:70:
                    1b:e9:7d:49:45:d7:07:11:be:8d:b8:a1:96:41:03:
                    62:1c:c3:d0:8a:2a:96:fb:62:76:31:71:a0:21:90:
                    50:d6:c9:f9:ab:1f:f2:84:6f:92:55:3d:cd:e0:07:
                    2d:77:63:da:c9:db:eb:5a:37:26:91:7e:26:f6:5c:
                    eb:74:19:be:f2:17:3f:fc:f4:07:e8:b1:f5:df:5e:
                    2e:bd:1e:1b:ca:94:b7:a9:8b:21:79:d1:d7:9c:61:
                    49:de:5f:36:8e:02:f3:98:66:00:e5:fa:79:60:51:
                    22:52:26:fc:3d:2a:49:35:df:09:b5:5c:71:3b:ab:
                    91:89:9f:1e:b0:0b:d4:13:a1:8d:30:cc:cc:46:f2:
                    aa:5b:02:90:97:a9:e2:a0:78:c7:1f:6a:fe:71:ac:
                    f7:45:8e:82:79:f6:e9:45:83:8c:d1:45:41:7f:f5:
                    88:47:5c:6f:16:bc:34:47:0b:ed:7c:0d:79:70:6a:
                    c9:1c:29:5f:74:d2:82:96:f3:80:dc:1f:bf:70:e9:
                    55:72:bf:af:e5:56:ce:6e:dd:c7:65:d4:88:47:ac:
                    7d:27:c5:99:5a:a7:cb:4b:93:d8:74:d1:19:85:79:
                    c6:a3:02:46:f5:c8:a2:9b:38:bc:f7:d6:bb:ea:e6:
                    d9:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A7:28:31:3C:65:59:D7:4D:CC:26:3E:4D:D0:21:50:5C:80:92:C6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1350873f-1059-47ea-b640-795243f68df1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.88.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         3e:55:bf:86:ec:3b:d1:0e:1b:78:db:0f:d6:6f:8e:58:0f:85:
         28:56:0f:5b:67:66:95:ea:a5:d9:37:92:22:04:7b:c0:14:fd:
         c8:70:10:44:b7:ec:81:a3:f8:a8:fd:88:68:3e:30:f5:72:a9:
         e1:6b:58:5c:39:ea:0d:a2:a2:5b:1d:86:54:8b:75:e0:9f:09:
         74:f3:3c:14:3b:34:0a:de:eb:df:d2:63:1a:fa:df:12:70:8a:
         9d:53:bb:43:ef:75:cb:a8:49:25:1f:0a:ac:86:b7:11:c5:f3:
         19:d4:d5:af:57:c3:ea:60:41:3c:64:9f:7e:7e:36:48:de:ec:
         44:ff:0f:b2:bc:bb:57:db:30:c4:07:19:2a:29:09:b9:94:6e:
         89:bd:30:29:e9:74:ff:dd:0b:a1:b4:71:64:71:ee:80:8c:21:
         c9:11:b7:a2:72:83:c0:ac:d7:fe:6c:51:b0:04:60:67:b7:be:
         92:12:1b:a6:2b:7e:10:6b:b6:0f:d6:26:db:ee:53:dc:7f:ae:
         0c:a2:fa:bf:42:ef:4f:1f:e1:e6:ea:01:34:13:3a:d4:6a:11:
         1a:fa:48:4d:2a:fb:67:49:57:2a:aa:5f:20:b9:5d:43:91:7a:
         43:20:b4:37:a3:01:48:96:71:39:81:aa:0f:32:e4:b9:3b:fe:
         c3:3d:90:c0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTuhiuZZMckC2mn611x9lguGagxswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzUxZGE4ZjVlZGNiYzgzNzI1MDc4MGE1ZWI2MTlmNWZk
ZDI3NWFiNGVlNjgwYzg1NjYwNmRlNmNkMTA0NDdkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiHBnTJcll+BikOAI9cBvpfUlF1wcRvo24oZZBA2Icw9CK
Kpb7YnYxcaAhkFDWyfmrH/KEb5JVPc3gBy13Y9rJ2+taNyaRfib2XOt0Gb7yFz/8
9AfosfXfXi69HhvKlLepiyF50decYUneXzaOAvOYZgDl+nlgUSJSJvw9Kkk13wm1
XHE7q5GJnx6wC9QToY0wzMxG8qpbApCXqeKgeMcfav5xrPdFjoJ59ulFg4zRRUF/
9YhHXG8WvDRHC+18DXlwaskcKV900oKW84DcH79w6VVyv6/lVs5u3cdl1IhHrH0n
xZlap8tLk9h00RmFecajAkb1yKKbOLz31rvq5tnTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUWKcoMTxlWddNzCY+TdAhUFyAksYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzEzNTA4NzNmLTEwNTktNDdlYS1iNjQwLTc5NTI0M2Y2OGRmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESWDANBgkqhkiG9w0BAQsFAAOCAQEAPlW/huw70Q4beNsP1m+OWA+FKFYP
W2dmleql2TeSIgR7wBT9yHAQRLfsgaP4qP2IaD4w9XKp4WtYXDnqDaKiWx2GVIt1
4J8JdPM8FDs0Ct7r39JjGvrfEnCKnVO7Q+91y6hJJR8KrIa3EcXzGdTVr1fD6mBB
PGSffn42SN7sRP8Psry7V9swxAcZKikJuZRuib0wKel0/90LobRxZHHugIwhyRG3
onKDwKzX/mxRsARgZ7e+khIbpit+EGu2D9Ym2+5T3H+uDKL6v0LvTx/h5uoBNBM6
1GoRGvpITSr7Z0lXKqpfILldQ5F6QyC0N6MBSJZxOYGqDzLkuTv+wz2QwA==
-----END CERTIFICATE-----