Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/58e16aa5-88bf-46d4-912c-c7c87d3bc3d1.roa
File:                     58e16aa5-88bf-46d4-912c-c7c87d3bc3d1.roa (raw, json)
Hash identifier:          wNlKP/qKISOAHCVFLUxenHI6bZWcaEfRa946qXXd4O4=
Subject key identifier:   D4:97:86:C6:E5:F5:73:62:67:4A:FA:43:62:B9:50:5A:69:CC:65:41
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6EDCFC6F12786311E46F691C60C4016044816B05
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/58e16aa5-88bf-46d4-912c-c7c87d3bc3d1.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.192.0.0/10 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:dc:fc:6f:12:78:63:11:e4:6f:69:1c:60:c4:01:60:44:81:6b:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:fe:ad:41:78:a9:c4:8f:a3:76:da:10:b0:f0:
                    8f:93:4c:f4:fc:99:ae:55:74:11:83:bc:0e:03:be:
                    fd:6e:a3:95:bc:12:bb:09:15:75:97:ec:ef:a1:1c:
                    14:d1:e1:d3:6b:db:c0:5f:59:4c:fd:7d:45:4b:f0:
                    de:c5:dc:30:06:44:40:89:70:83:d0:1e:bf:3b:f4:
                    f3:cf:a5:e5:88:89:0e:37:7b:6b:8f:8a:3d:69:ec:
                    4c:25:07:fb:a8:30:04:40:ca:d8:bc:c5:ff:28:f3:
                    7b:3f:9d:cf:b7:27:0a:cb:8f:3a:6c:ea:6b:fa:97:
                    f9:36:6f:9d:47:e8:a9:91:b5:6f:6d:d8:76:ea:13:
                    3e:a2:9d:ff:27:80:4d:01:d1:a1:b3:46:f6:00:6e:
                    13:e8:32:92:50:b5:c3:f6:44:fe:25:a6:fa:d3:60:
                    66:73:7d:c5:fb:b0:79:21:72:c5:b8:ae:13:90:59:
                    b7:40:6c:76:01:53:eb:07:52:49:8b:4f:e8:7e:80:
                    c2:7b:52:b4:42:44:b9:62:13:0a:a6:63:c4:a0:88:
                    d6:6a:d9:33:fb:58:83:6d:73:56:d5:e3:52:e7:6a:
                    f5:11:72:25:9f:f9:4b:56:06:3d:58:83:5a:48:c7:
                    a9:ef:44:b1:c9:fb:ef:27:b2:21:1a:06:43:b5:ee:
                    cc:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:97:86:C6:E5:F5:73:62:67:4A:FA:43:62:B9:50:5A:69:CC:65:41
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/58e16aa5-88bf-46d4-912c-c7c87d3bc3d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.192.0.0/10

    Signature Algorithm: sha256WithRSAEncryption
         92:66:2e:51:3f:9b:53:76:98:70:bb:54:cc:38:c1:59:44:07:
         e9:da:b5:25:eb:4f:32:03:70:e9:4e:25:04:23:44:5a:4a:71:
         54:f9:d3:88:e6:e5:7e:df:db:cd:ed:03:ca:1d:5e:6e:f3:2e:
         d7:86:ad:d8:e0:63:c6:8d:d7:20:8b:f3:55:37:71:fb:dd:26:
         e1:e8:b2:8c:e3:4f:7e:91:0b:fb:4c:4d:1c:29:fd:c5:20:2b:
         8d:fe:3e:bc:3e:91:07:da:99:76:96:cb:3d:cc:88:69:05:b7:
         3c:88:15:4b:31:0c:d3:18:86:57:5a:54:86:bf:0d:71:bf:3e:
         54:cd:e0:2d:4e:25:8a:2b:93:75:8b:8a:33:c3:60:de:00:d5:
         11:10:3b:38:19:f3:6a:e3:8b:9c:9b:24:71:90:00:34:d3:d6:
         6c:cc:f8:67:8c:06:cb:23:96:de:76:13:7a:bc:72:5d:0d:94:
         44:86:90:6d:80:ad:99:55:fc:06:6e:a7:14:80:c6:01:af:9c:
         67:89:77:b5:b8:02:e6:87:91:81:85:75:68:b8:9e:73:37:f1:
         8f:b6:38:36:58:7d:c2:23:8f:b6:a1:7a:91:68:fb:84:97:42:
         ca:46:c9:87:e2:38:81:6f:ba:50:d0:e7:11:3e:cd:d3:ef:ac:
         95:4f:8f:db
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbtz8bxJ4YxHkb2kcYMQBYESBawUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEzMDAwMDAwWhcNMjUwMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTVhMTk3MzRhOTk3YTZkMWY3Yjg1NDE1MjFjODQ3MmNh
NmM2YTZmZGI4ZmM3N2UxM2EzNzRhNDdhNzM5YzhmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDt/q1BeKnEj6N22hCw8I+TTPT8ma5VdBGDvA4Dvv1uo5W8
ErsJFXWX7O+hHBTR4dNr28BfWUz9fUVL8N7F3DAGRECJcIPQHr879PPPpeWIiQ43
e2uPij1p7EwlB/uoMARAyti8xf8o83s/nc+3JwrLjzps6mv6l/k2b51H6KmRtW9t
2HbqEz6inf8ngE0B0aGzRvYAbhPoMpJQtcP2RP4lpvrTYGZzfcX7sHkhcsW4rhOQ
WbdAbHYBU+sHUkmLT+h+gMJ7UrRCRLliEwqmY8SgiNZq2TP7WINtc1bV41LnavUR
ciWf+UtWBj1Yg1pIx6nvRLHJ++8nsiEaBkO17swBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU1JeGxuX1c2JnSvpDYrlQWmnMZUEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU4ZTE2YWE1LTg4YmYtNDZkNC05MTJjLWM3Yzg3ZDNiYzNkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwYDwDANBgkqhkiG9w0BAQsFAAOCAQEAkmYuUT+bU3aYcLtUzDjBWUQH6dq1
JetPMgNw6U4lBCNEWkpxVPnTiOblft/bze0Dyh1ebvMu14at2OBjxo3XIIvzVTdx
+90m4eiyjONPfpEL+0xNHCn9xSArjf4+vD6RB9qZdpbLPcyIaQW3PIgVSzEM0xiG
V1pUhr8Ncb8+VM3gLU4liiuTdYuKM8Ng3gDVERA7OBnzauOLnJskcZAANNPWbMz4
Z4wGyyOW3nYTerxyXQ2URIaQbYCtmVX8Bm6nFIDGAa+cZ4l3tbgC5oeRgYV1aLie
czfxj7Y4Nlh9wiOPtqF6kWj7hJdCykbJh+I4gW+6UNDnET7N0++slU+P2w==
-----END CERTIFICATE-----