Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5188dfca-931c-4ccc-b163-71c13508556d.roa
File:                     5188dfca-931c-4ccc-b163-71c13508556d.roa (raw, json)
Hash identifier:          pG9lBE+9uhiTVGd1L7yhs9LnpqFLp8h1ORv6L1i1et8=
Subject key identifier:   45:AF:30:D1:BA:03:E2:1C:B9:8D:B2:DD:3B:2A:6C:0A:DA:4E:03:F9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5345A11905D8FBBCC0FD47A8A3E2742D6ADBE0F7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5188dfca-931c-4ccc-b163-71c13508556d.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.114.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:45:a1:19:05:d8:fb:bc:c0:fd:47:a8:a3:e2:74:2d:6a:db:e0:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b6:4c:90:50:d5:17:90:b0:55:f6:a2:9e:36:
                    66:41:0b:e4:35:2e:55:91:92:7b:32:7d:86:95:77:
                    b1:cb:a1:ae:8d:79:a2:61:2c:0b:38:b9:6c:7a:ac:
                    be:8d:b3:2c:70:2d:bd:d0:a2:86:e0:b3:78:ca:9c:
                    c7:6a:27:92:4e:70:1e:d2:a0:73:a6:6b:25:85:18:
                    a5:73:b9:c7:07:c3:35:f7:10:05:9e:38:eb:7e:f1:
                    79:be:8d:ac:e3:9f:9e:c8:99:6d:cb:0f:65:ba:24:
                    5a:f1:8e:72:81:09:7a:7f:61:f0:10:08:0c:67:60:
                    c2:36:d1:93:31:a2:cf:3f:72:2a:80:4e:5e:f2:84:
                    83:5e:d8:db:e1:ae:c0:d3:57:a7:89:d3:0b:c1:c6:
                    bf:2a:03:56:53:08:0d:73:e1:e2:0e:53:db:6a:06:
                    57:6d:be:db:9a:6a:48:97:f8:37:ae:35:92:c4:c8:
                    87:8c:8d:fc:44:48:45:e4:8b:44:f1:c1:87:59:fe:
                    20:eb:fa:92:97:36:9c:d6:69:29:ab:bf:57:f9:df:
                    1b:6d:53:6a:ac:4a:6e:2d:e7:0f:cd:c1:5d:e8:9c:
                    e0:99:68:f9:36:28:ef:d6:81:59:cb:93:e9:1a:f1:
                    0d:4a:9f:c5:f6:54:2b:72:53:16:fc:f8:46:a5:96:
                    b9:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:AF:30:D1:BA:03:E2:1C:B9:8D:B2:DD:3B:2A:6C:0A:DA:4E:03:F9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5188dfca-931c-4ccc-b163-71c13508556d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:18:04:3e:99:d8:96:0d:31:56:4b:2b:ac:0d:b1:6b:d9:04:
         a2:80:2a:12:61:a6:1a:82:32:32:72:c7:3f:2c:dd:2a:a4:a0:
         8f:8f:d1:c8:cc:d2:7b:35:c1:0b:3f:1f:67:6a:91:cf:bf:d8:
         44:1a:ae:69:bb:f0:3e:cd:7e:94:69:5f:62:05:f4:89:12:67:
         e6:18:19:30:78:18:a4:c8:ab:38:b5:0f:16:25:a3:6c:d8:2f:
         e4:00:22:44:9d:7c:82:50:21:2f:63:46:af:6b:f9:2c:ad:78:
         79:04:a4:2d:8f:d7:ac:b6:ce:b3:6c:4a:a6:e1:c6:0c:4c:94:
         d4:6c:5a:13:f0:4b:95:e2:62:27:13:89:dd:cc:19:6f:c4:2b:
         38:7a:d4:f3:d0:18:7f:52:c7:44:b6:f6:d5:e8:fc:9a:27:c6:
         68:48:53:c2:29:93:53:74:bd:a7:69:ca:c1:53:aa:27:cf:58:
         d1:5f:54:8c:b1:49:66:03:40:62:8c:0f:27:74:bd:0e:77:ac:
         1c:db:ee:61:bd:56:9f:b9:d5:39:5d:f1:9d:3e:7c:64:64:16:
         d2:3b:e5:f8:3a:07:98:f4:06:c8:c1:65:bc:35:37:f0:7c:f7:
         50:60:3b:e7:24:4d:f0:60:7a:a1:a9:75:25:67:3f:a4:21:e2:
         19:5a:89:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU0WhGQXY+7zA/Ueoo+J0LWrb4PcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NDZlZWIxZjgyNTA5ZmI1MzZlYWU2NTU1MjU2NWZiMTU5
NThiYTg2ZTVkMzc2OGFjZDU5ZjViZTE2ZDZkODAwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCutkyQUNUXkLBV9qKeNmZBC+Q1LlWRknsyfYaVd7HLoa6N
eaJhLAs4uWx6rL6NsyxwLb3Qoobgs3jKnMdqJ5JOcB7SoHOmayWFGKVzuccHwzX3
EAWeOOt+8Xm+jazjn57ImW3LD2W6JFrxjnKBCXp/YfAQCAxnYMI20ZMxos8/ciqA
Tl7yhINe2NvhrsDTV6eJ0wvBxr8qA1ZTCA1z4eIOU9tqBldtvtuaakiX+DeuNZLE
yIeMjfxESEXki0TxwYdZ/iDr+pKXNpzWaSmrv1f53xttU2qsSm4t5w/NwV3onOCZ
aPk2KO/WgVnLk+ka8Q1Kn8X2VCtyUxb8+EallrlxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURa8w0boD4hy5jbLdOypsCtpOA/kwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUxODhkZmNhLTkzMWMtNGNjYy1iMTYzLTcxYzEzNTA4NTU2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3nIwDQYJKoZIhvcNAQELBQADggEBAKsYBD6Z2JYNMVZLK6wNsWvZBKKA
KhJhphqCMjJyxz8s3SqkoI+P0cjM0ns1wQs/H2dqkc+/2EQarmm78D7NfpRpX2IF
9IkSZ+YYGTB4GKTIqzi1DxYlo2zYL+QAIkSdfIJQIS9jRq9r+SyteHkEpC2P16y2
zrNsSqbhxgxMlNRsWhPwS5XiYicTid3MGW/EKzh61PPQGH9Sx0S29tXo/JonxmhI
U8Ipk1N0vadpysFTqifPWNFfVIyxSWYDQGKMDyd0vQ53rBzb7mG9Vp+51Tld8Z0+
fGRkFtI75fg6B5j0BsjBZbw1N/B891BgO+ckTfBgeqGpdSVnP6Qh4hlaiX8=
-----END CERTIFICATE-----