Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/337af18b-8ee4-44fb-9380-cbcb95454505.roa
File:                     337af18b-8ee4-44fb-9380-cbcb95454505.roa (raw, json)
Hash identifier:          07/XmKmor2sjZw2XPN+8MhXl7Q48uwE4otXY48ShtZY=
Subject key identifier:   51:64:EC:1E:55:B1:DA:E8:BB:FA:60:51:93:CB:86:67:4F:D3:01:4A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4F15FD1D74653802168F05B9FA0539BD7C42F2FD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/337af18b-8ee4-44fb-9380-cbcb95454505.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.164.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:15:fd:1d:74:65:38:02:16:8f:05:b9:fa:05:39:bd:7c:42:f2:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:4f:b6:75:36:f6:5b:f7:d0:ba:5e:a0:68:61:
                    00:49:b9:3b:45:aa:03:a8:f2:7d:8f:c1:db:fe:3f:
                    96:4d:94:12:d9:7a:d3:be:97:84:d0:b8:af:57:c9:
                    69:75:9a:d4:88:5f:e3:b5:39:3d:cd:e0:af:bf:98:
                    d4:71:4d:75:44:b2:3a:01:a7:f9:92:91:53:e4:00:
                    fd:a6:8d:57:96:0a:84:1b:b0:3d:1e:93:aa:ff:02:
                    90:b6:19:55:ef:5b:58:2d:74:b5:70:f9:31:9e:86:
                    e4:b0:aa:f0:7b:95:08:9d:4a:19:01:82:4b:47:9d:
                    b8:b8:bc:c9:bb:d6:81:b3:dc:77:0d:f1:57:06:01:
                    d5:6e:fb:e5:d8:56:e0:12:30:9d:da:52:29:ab:93:
                    a0:bc:90:52:23:4d:2d:12:26:f1:5a:0a:38:b2:03:
                    cb:09:19:7c:0f:af:0a:e9:b7:57:0f:5e:2b:41:57:
                    e3:70:b8:de:01:56:2a:4b:58:0c:7a:ef:64:0e:fb:
                    b7:40:3a:e8:4e:ad:1c:25:4f:ef:c2:d6:33:3b:43:
                    6d:d6:f7:d1:5b:0a:f5:8f:15:23:31:30:f7:73:4a:
                    f1:51:65:a2:7a:c3:fb:e2:10:0b:c2:02:49:0f:df:
                    28:5d:60:62:60:0f:1a:bd:2d:e5:0f:57:66:e9:24:
                    96:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:64:EC:1E:55:B1:DA:E8:BB:FA:60:51:93:CB:86:67:4F:D3:01:4A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/337af18b-8ee4-44fb-9380-cbcb95454505.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.164.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         42:ce:76:77:ef:72:eb:08:d0:d1:96:f2:06:98:ed:eb:da:71:
         5a:e1:64:6b:15:cd:06:61:8e:f1:02:fd:5b:15:33:8c:ec:06:
         bb:b6:bf:c4:1a:c3:31:8a:cb:97:7f:5c:1c:56:18:36:69:bd:
         6c:58:12:bc:22:fd:88:c1:c4:83:6a:00:a7:18:28:3e:27:b1:
         3b:1b:77:d0:a2:d6:75:89:4a:84:f5:8a:26:33:13:ec:2e:38:
         78:1e:e6:f7:4c:8c:88:aa:ab:65:5a:7b:a0:c0:cc:92:8e:41:
         34:85:d0:9c:19:ff:13:11:8b:3e:87:71:b5:ee:47:44:28:25:
         f8:21:12:a5:e4:82:91:14:be:26:29:62:40:ac:46:be:5b:93:
         59:8f:c5:ef:20:38:db:7b:e7:e8:60:57:f4:50:53:2c:d4:a8:
         67:0f:30:a6:0d:b5:b1:dc:c8:24:71:21:9c:f6:20:07:48:36:
         a2:cc:ee:8c:de:83:ab:91:34:3d:2d:96:fc:c6:00:80:95:03:
         d3:08:6a:e9:d8:47:d6:7e:b7:01:3d:9f:61:a7:d5:3b:21:45:
         7b:b7:cf:51:63:c3:f8:6e:f0:9a:34:f7:a9:07:e2:be:ec:8d:
         51:b9:b9:63:42:5d:4f:58:23:d0:db:d9:b5:1d:5a:36:30:9c:
         f4:00:9f:c1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTxX9HXRlOAIWjwW5+gU5vXxC8v0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZjBlMDUxYWNlOWQ0ZTFmNjJkNTliZDFmNGUxN2RlOWUx
YzYzMGM2MTRmMWExNmE5NDRjZTA3NTNkNzgwZTIyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGT7Z1NvZb99C6XqBoYQBJuTtFqgOo8n2Pwdv+P5ZNlBLZ
etO+l4TQuK9XyWl1mtSIX+O1OT3N4K+/mNRxTXVEsjoBp/mSkVPkAP2mjVeWCoQb
sD0ek6r/ApC2GVXvW1gtdLVw+TGehuSwqvB7lQidShkBgktHnbi4vMm71oGz3HcN
8VcGAdVu++XYVuASMJ3aUimrk6C8kFIjTS0SJvFaCjiyA8sJGXwPrwrpt1cPXitB
V+NwuN4BVipLWAx672QO+7dAOuhOrRwlT+/C1jM7Q23W99FbCvWPFSMxMPdzSvFR
ZaJ6w/viEAvCAkkP3yhdYGJgDxq9LeUPV2bpJJatAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUUWTsHlWx2ui7+mBRk8uGZ0/TAUowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMzN2FmMThiLThlZTQtNDRmYi05MzgwLWNiY2I5NTQ1NDUwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwISpDANBgkqhkiG9w0BAQsFAAOCAQEAQs52d+9y6wjQ0ZbyBpjt69pxWuFk
axXNBmGO8QL9WxUzjOwGu7a/xBrDMYrLl39cHFYYNmm9bFgSvCL9iMHEg2oApxgo
PiexOxt30KLWdYlKhPWKJjMT7C44eB7m90yMiKqrZVp7oMDMko5BNIXQnBn/ExGL
Podxte5HRCgl+CESpeSCkRS+JiliQKxGvluTWY/F7yA423vn6GBX9FBTLNSoZw8w
pg21sdzIJHEhnPYgB0g2oszujN6Dq5E0PS2W/MYAgJUD0whq6dhH1n63AT2fYafV
OyFFe7fPUWPD+G7wmjT3qQfivuyNUbm5Y0JdT1gj0NvZtR1aNjCc9ACfwQ==
-----END CERTIFICATE-----