Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3bb406b3-e172-4230-a61e-612b72b33adf.roa
File:                     3bb406b3-e172-4230-a61e-612b72b33adf.roa (raw, json)
Hash identifier:          tKja3i4wnBN3ixv4cTNaImQl/tSyw21QQ33b9z/vg90=
Subject key identifier:   EC:A6:D8:45:0C:A9:CB:9E:40:5B:7F:1B:9A:7F:CE:CB:55:58:75:57
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2E6A6A54C4143C84567F3835BBEBF9BC3172D994
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3bb406b3-e172-4230-a61e-612b72b33adf.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.155.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:6a:6a:54:c4:14:3c:84:56:7f:38:35:bb:eb:f9:bc:31:72:d9:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fa:f5:dd:db:2e:ba:6e:1a:83:8f:0e:f4:32:
                    73:28:43:a1:6d:cc:c9:62:4e:83:04:a1:c3:9c:5e:
                    2e:4b:fb:35:ca:1b:b4:1a:17:2c:4f:95:3d:74:01:
                    c6:c9:bf:17:4b:78:25:0f:9d:a5:e7:2e:87:07:da:
                    8e:db:de:c4:3f:cc:68:00:ae:f5:db:33:95:c8:f0:
                    ab:ff:94:03:91:4b:2b:b1:b1:c8:69:06:90:99:a0:
                    21:7f:c1:42:3c:78:52:45:36:c3:4e:03:ff:16:4e:
                    88:1a:f4:23:f3:c4:99:7b:65:bc:5e:b2:09:1d:57:
                    46:11:53:76:49:e9:7f:8d:73:cc:a7:42:f9:de:ab:
                    36:f5:e3:3b:85:de:ab:98:0d:ad:d1:b4:3e:6c:9d:
                    46:a4:ab:19:cf:49:e7:e0:e1:ff:9c:9e:b1:dd:58:
                    db:e5:45:df:23:dd:25:af:1b:97:ea:ff:81:0f:ac:
                    02:76:94:52:0d:e6:03:bd:18:6b:9c:71:b3:25:ce:
                    4c:f5:b5:06:06:26:58:d8:06:27:05:e1:0f:5e:b2:
                    f9:28:5f:14:f7:b7:6c:4a:1f:35:96:59:35:73:8e:
                    d0:c8:c3:b6:7f:b1:bd:3a:b8:93:7b:b1:70:eb:c0:
                    6a:4c:c5:bd:b9:9b:83:a7:86:92:b8:2c:a0:27:b0:
                    3d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:A6:D8:45:0C:A9:CB:9E:40:5B:7F:1B:9A:7F:CE:CB:55:58:75:57
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3bb406b3-e172-4230-a61e-612b72b33adf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.155.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5a:1b:1e:75:2f:85:19:3b:00:4b:e2:ad:fa:ba:16:d6:b9:c8:
         9e:08:ed:ae:a8:e0:8c:fa:f9:9b:c9:65:2f:5f:52:68:39:ff:
         df:84:0e:c7:a9:51:12:fe:a2:91:80:11:31:4a:cb:70:db:39:
         78:1e:e9:92:5b:eb:92:cf:1e:ca:f4:ce:3a:4d:ec:e3:b2:57:
         38:5d:43:d5:66:53:7c:85:1f:61:0f:61:46:74:78:2b:f7:45:
         3a:75:68:82:0f:f5:be:c6:1a:06:de:74:1c:99:2d:ce:6c:b9:
         1f:45:d8:fb:45:1e:e9:44:2b:63:a0:85:bd:29:45:65:d1:cd:
         26:19:75:0a:0a:7a:21:ac:9d:31:fb:66:47:2d:82:df:f7:fb:
         08:44:46:02:ce:19:c0:72:be:81:cf:e0:3b:4d:70:e0:d5:9f:
         85:09:d0:be:4d:55:53:bd:d3:5b:4c:bc:43:d9:c9:88:c0:91:
         cd:15:ad:cd:1e:31:1d:39:de:52:e9:f9:2c:4f:73:31:11:3f:
         7c:8f:46:2d:b8:6f:7f:17:5d:e2:5f:7e:eb:cb:4e:94:04:a2:
         83:a8:7d:53:26:14:83:86:a3:68:aa:6d:4d:53:95:38:d7:20:
         c5:95:4b:09:0d:b3:be:21:b4:fa:dd:db:ad:8a:16:34:44:e7:
         f5:6f:d6:87
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULmpqVMQUPIRWfzg1u+v5vDFy2ZQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMThhODRmNDBiNmUwMzIyNTg2ZGJiOWVkNmEwOWIzMGUy
NTU5Zjk1OTJiNmNlYTZlNDRiMWRhMmI5YjEwMTY4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDG+vXd2y66bhqDjw70MnMoQ6FtzMliToMEocOcXi5L+zXK
G7QaFyxPlT10AcbJvxdLeCUPnaXnLocH2o7b3sQ/zGgArvXbM5XI8Kv/lAORSyux
schpBpCZoCF/wUI8eFJFNsNOA/8WToga9CPzxJl7ZbxesgkdV0YRU3ZJ6X+Nc8yn
Qvneqzb14zuF3quYDa3RtD5snUakqxnPSefg4f+cnrHdWNvlRd8j3SWvG5fq/4EP
rAJ2lFIN5gO9GGuccbMlzkz1tQYGJljYBicF4Q9esvkoXxT3t2xKHzWWWTVzjtDI
w7Z/sb06uJN7sXDrwGpMxb25m4OnhpK4LKAnsD3bAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7KbYRQypy55AW38bmn/Oy1VYdVcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiYjQwNmIzLWUxNzItNDIzMC1hNjFlLTYxMmI3MmIzM2FkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPmzANBgkqhkiG9w0BAQsFAAOCAQEAWhsedS+FGTsAS+Kt+roW1rnIngjt
rqjgjPr5m8llL19SaDn/34QOx6lREv6ikYARMUrLcNs5eB7pklvrks8eyvTOOk3s
47JXOF1D1WZTfIUfYQ9hRnR4K/dFOnVogg/1vsYaBt50HJktzmy5H0XY+0Ue6UQr
Y6CFvSlFZdHNJhl1Cgp6IaydMftmRy2C3/f7CERGAs4ZwHK+gc/gO01w4NWfhQnQ
vk1VU73TW0y8Q9nJiMCRzRWtzR4xHTneUun5LE9zMRE/fI9GLbhvfxdd4l9+68tO
lASig6h9UyYUg4ajaKptTVOVONcgxZVLCQ2zviG0+t3brYoWNETn9W/Whw==
-----END CERTIFICATE-----