Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3be806a7-82a2-4c62-8131-7e4aa5de4a69.roa
File:                     3be806a7-82a2-4c62-8131-7e4aa5de4a69.roa (raw, json)
Hash identifier:          6w6SGUVH3jaDyRdTgtJcNviIIeh+eC9GIa8TDVViCNs=
Subject key identifier:   64:5B:67:E0:39:B8:C4:EC:B7:7C:C3:B0:7A:45:C4:57:BC:76:B1:77
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5D3E970F7AB86AFD5CCB3C30673901A5D927C2AF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3be806a7-82a2-4c62-8131-7e4aa5de4a69.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.230.43.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:3e:97:0f:7a:b8:6a:fd:5c:cb:3c:30:67:39:01:a5:d9:27:c2:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8b:d7:01:14:c7:0a:7f:98:66:1d:ad:19:a3:
                    18:15:85:c6:8c:8d:95:05:d2:3a:90:a3:da:57:c9:
                    32:ec:22:b0:b4:3d:6a:d1:91:70:57:fa:66:db:88:
                    e4:af:ef:5c:b7:28:e3:5f:ab:6b:0b:da:92:a9:16:
                    8a:87:5a:c2:4c:30:97:d6:9c:3a:a0:7f:84:33:83:
                    ac:3a:96:95:04:72:34:7e:fb:f7:e1:b7:3a:03:1f:
                    00:ac:e1:a8:fb:c4:42:86:4d:76:30:eb:19:d8:e8:
                    df:7d:7d:fd:f1:d4:8c:4c:c0:2e:3e:79:d3:90:c2:
                    bf:88:43:1a:18:e0:a6:6c:88:72:83:db:d2:6a:4d:
                    16:dd:48:93:d6:47:ee:9b:2c:5d:2d:42:82:d1:9c:
                    7d:6c:0c:35:29:05:3d:ef:24:65:cc:03:67:05:73:
                    59:f1:c9:f9:4f:02:2e:5e:2f:5d:f4:db:a1:fc:86:
                    15:65:1f:fb:0f:f0:04:be:9e:fb:69:34:1b:ab:2b:
                    e1:6a:af:01:50:ab:41:f8:ed:8b:63:43:27:5c:42:
                    04:7e:2b:0c:9e:aa:b4:35:5f:34:98:f3:c0:d7:24:
                    4a:ca:83:9e:de:9f:24:32:e0:47:73:cc:26:7f:c3:
                    e8:73:6e:10:62:51:2a:14:db:ba:0f:9e:50:35:88:
                    16:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:5B:67:E0:39:B8:C4:EC:B7:7C:C3:B0:7A:45:C4:57:BC:76:B1:77
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3be806a7-82a2-4c62-8131-7e4aa5de4a69.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:79:e3:48:79:78:ea:46:2b:d1:11:7a:9a:e5:c0:d9:5f:34:
         79:fb:de:b1:18:ca:7c:79:3c:ff:f0:05:d2:67:e4:e5:fa:ab:
         08:90:17:3a:5a:25:20:b3:89:d8:e7:cb:11:31:cf:45:93:c5:
         7b:38:06:54:bb:57:ff:64:6e:91:11:d0:7f:4f:0d:c5:f0:ff:
         b8:cb:5a:ff:26:a8:24:6e:77:17:26:bb:6d:2b:6a:c2:59:bb:
         f2:94:14:cb:52:46:16:62:00:a5:a6:15:7a:6e:ea:08:18:1b:
         48:ea:5d:2b:56:4c:c9:8d:ba:25:65:a1:4f:63:39:3c:1f:69:
         6e:2b:c2:da:9b:97:4e:ce:86:4a:a8:f8:7d:3f:0e:8f:1e:50:
         9a:3d:00:35:dc:7d:ee:99:ae:04:77:b2:09:a9:55:20:7b:fd:
         0c:c5:d5:fa:22:4a:35:fc:a5:92:c6:aa:6f:c3:62:39:40:9c:
         9f:c2:c9:1d:73:1d:15:0e:e5:8e:87:0e:48:49:60:ab:62:17:
         3b:95:92:50:4b:c1:8e:c1:fc:10:8b:7b:cd:c8:cc:69:0a:25:
         68:fe:01:84:a5:53:2e:8b:0c:01:18:33:e1:50:c7:26:21:39:
         ce:c0:47:5d:25:01:6c:51:30:7b:5e:5a:5f:cc:10:1c:f0:62:
         cd:c6:57:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXT6XD3q4av1cyzwwZzkBpdknwq8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMDYwMGE4YmQ5N2Q1Y2M4MTMwZTc2ZGZiOWFkYzhmNTgw
NWM1ODc2NjA4ZDFjOTVmZTEwZjIxNGJlMDc2ZTQxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvi9cBFMcKf5hmHa0ZoxgVhcaMjZUF0jqQo9pXyTLsIrC0
PWrRkXBX+mbbiOSv71y3KONfq2sL2pKpFoqHWsJMMJfWnDqgf4Qzg6w6lpUEcjR+
+/fhtzoDHwCs4aj7xEKGTXYw6xnY6N99ff3x1IxMwC4+edOQwr+IQxoY4KZsiHKD
29JqTRbdSJPWR+6bLF0tQoLRnH1sDDUpBT3vJGXMA2cFc1nxyflPAi5eL13026H8
hhVlH/sP8AS+nvtpNBurK+FqrwFQq0H47YtjQydcQgR+KwyeqrQ1XzSY88DXJErK
g57enyQy4EdzzCZ/w+hzbhBiUSoU27oPnlA1iBbjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZFtn4Dm4xOy3fMOwekXEV7x2sXcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiZTgwNmE3LTgyYTItNGM2Mi04MTMxLTdlNGFhNWRlNGE2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5iswDQYJKoZIhvcNAQELBQADggEBAIx540h5eOpGK9EReprlwNlfNHn7
3rEYynx5PP/wBdJn5OX6qwiQFzpaJSCzidjnyxExz0WTxXs4BlS7V/9kbpER0H9P
DcXw/7jLWv8mqCRudxcmu20rasJZu/KUFMtSRhZiAKWmFXpu6ggYG0jqXStWTMmN
uiVloU9jOTwfaW4rwtqbl07Ohkqo+H0/Do8eUJo9ADXcfe6ZrgR3sgmpVSB7/QzF
1foiSjX8pZLGqm/DYjlAnJ/CyR1zHRUO5Y6HDkhJYKtiFzuVklBLwY7B/BCLe83I
zGkKJWj+AYSlUy6LDAEYM+FQxyYhOc7AR10lAWxRMHteWl/MEBzwYs3GVwM=
-----END CERTIFICATE-----