Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/17b84f05-a846-484b-a8ae-927071a19664.roa
File:                     17b84f05-a846-484b-a8ae-927071a19664.roa (raw, json)
Hash identifier:          n59fMh9iyFu3pRApC65Q36b9ZpvhrDsvh9aJi0AJofk=
Subject key identifier:   BF:67:E5:86:7B:59:18:77:1B:34:26:83:93:A7:83:BE:F0:A8:C1:21
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7BD7FE01C3A7689EDB57519325F992931484281C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/17b84f05-a846-484b-a8ae-927071a19664.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.254.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:d7:fe:01:c3:a7:68:9e:db:57:51:93:25:f9:92:93:14:84:28:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:23:a7:39:ee:95:34:be:b1:97:cb:76:b1:5c:
                    dc:a1:8f:8c:68:3b:94:ce:db:33:e2:f9:65:89:09:
                    36:ce:7c:eb:89:a5:2b:55:11:02:d6:7e:79:a6:e1:
                    28:67:57:47:58:6b:ee:a4:0f:f8:1c:dd:95:0c:bf:
                    f2:d8:ca:2b:73:aa:eb:a8:b0:7b:9b:4b:30:d0:cd:
                    15:6d:b3:72:42:4b:f4:68:98:7c:f2:43:7e:2c:68:
                    08:74:3c:b0:41:6b:fc:a7:95:10:3f:e0:e3:36:75:
                    6b:ec:09:6f:44:51:af:8d:88:74:cf:af:69:e1:38:
                    11:89:75:8d:fc:5f:1e:1b:57:b1:c8:72:77:88:48:
                    25:59:01:26:d2:89:0f:29:c5:7b:63:3c:b5:db:f1:
                    03:de:dd:fc:4c:2e:b3:fa:d0:b9:57:a4:06:ec:3a:
                    54:31:57:f0:a0:64:82:bd:d0:08:7a:f6:d9:d6:5a:
                    a1:9b:3a:0f:93:63:43:b4:17:89:06:6a:48:6c:97:
                    54:89:b9:b7:51:93:04:c0:f4:93:dd:fc:d7:66:8e:
                    03:77:43:01:31:3e:8a:60:9a:04:05:ca:71:4c:6a:
                    b0:82:3b:53:43:1e:8d:36:5f:1f:a8:93:d5:fc:1c:
                    6b:ae:aa:78:2f:17:9f:d2:79:fa:0e:c3:a3:83:4a:
                    2b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:67:E5:86:7B:59:18:77:1B:34:26:83:93:A7:83:BE:F0:A8:C1:21
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/17b84f05-a846-484b-a8ae-927071a19664.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.254.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         54:16:6f:22:b5:99:81:3f:d1:60:64:ed:f8:fc:b7:50:d7:d7:
         7b:6b:33:4c:c2:b5:89:0d:e1:08:64:a8:1e:de:ce:c6:3c:d5:
         5d:74:e1:a4:d4:cc:a3:60:80:b5:ad:18:aa:7a:47:31:3c:36:
         b3:56:de:94:df:67:d8:1e:e2:68:5d:ad:58:5f:ba:2d:1e:2b:
         6b:4c:20:e1:1b:f8:f3:1a:e3:6b:1a:6e:7f:38:02:59:e0:bf:
         34:41:0a:e2:12:3f:69:de:dd:94:69:bc:7a:75:e3:e7:23:48:
         1d:3d:56:50:3b:86:a8:c4:cf:62:a0:14:86:c3:5b:7e:c2:8f:
         fc:bd:0d:52:95:8f:51:39:99:2a:dd:ac:dd:a1:ae:0e:52:e4:
         2f:47:60:ed:cb:7f:68:ec:a3:ad:66:66:5c:52:0f:cc:36:ba:
         8a:3c:91:82:1b:b5:56:bd:14:d7:ab:17:96:29:b3:ef:96:7c:
         c9:f3:34:d9:99:b3:ec:7a:39:77:a8:90:c5:53:78:2c:f0:8a:
         63:76:80:7c:56:50:66:f3:fc:eb:a7:90:8e:e5:62:80:75:cf:
         b1:36:c9:0c:ca:88:e4:ff:c6:f2:f4:7f:bd:f1:d9:b3:40:cb:
         b3:97:02:c3:d2:ea:4f:a1:88:26:66:7c:08:f7:58:ea:15:fc:
         d3:d2:67:38
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUe9f+AcOnaJ7bV1GTJfmSkxSEKBwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEzMDAwMDAwWhcNMjUwMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMmE0YzE2OGNmZmQ4NDBkNGJjZDVjM2QzN2NmOTUxMmQ2
NWY3MjgzNzFmM2FiMzJlOTdhYmVmYTFmZjg4NDVlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQI6c57pU0vrGXy3axXNyhj4xoO5TO2zPi+WWJCTbOfOuJ
pStVEQLWfnmm4ShnV0dYa+6kD/gc3ZUMv/LYyitzquuosHubSzDQzRVts3JCS/Ro
mHzyQ34saAh0PLBBa/ynlRA/4OM2dWvsCW9EUa+NiHTPr2nhOBGJdY38Xx4bV7HI
cneISCVZASbSiQ8pxXtjPLXb8QPe3fxMLrP60LlXpAbsOlQxV/CgZIK90Ah69tnW
WqGbOg+TY0O0F4kGakhsl1SJubdRkwTA9JPd/NdmjgN3QwExPopgmgQFynFMarCC
O1NDHo02Xx+ok9X8HGuuqngvF5/SefoOw6ODSivFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUv2flhntZGHcbNCaDk6eDvvCowSEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE3Yjg0ZjA1LWE4NDYtNDg0Yi1hOGFlLTkyNzA3MWExOTY2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAS/jANBgkqhkiG9w0BAQsFAAOCAQEAVBZvIrWZgT/RYGTt+Py3UNfXe2sz
TMK1iQ3hCGSoHt7OxjzVXXThpNTMo2CAta0YqnpHMTw2s1belN9n2B7iaF2tWF+6
LR4ra0wg4Rv48xrjaxpufzgCWeC/NEEK4hI/ad7dlGm8enXj5yNIHT1WUDuGqMTP
YqAUhsNbfsKP/L0NUpWPUTmZKt2s3aGuDlLkL0dg7ct/aOyjrWZmXFIPzDa6ijyR
ghu1Vr0U16sXlimz75Z8yfM02Zmz7Ho5d6iQxVN4LPCKY3aAfFZQZvP866eQjuVi
gHXPsTbJDMqI5P/G8vR/vfHZs0DLs5cCw9LqT6GIJmZ8CPdY6hX809JnOA==
-----END CERTIFICATE-----