Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6cf966aa-eaac-4b5f-98ef-4fc962fa8d72.roa
File:                     6cf966aa-eaac-4b5f-98ef-4fc962fa8d72.roa (raw, json)
Hash identifier:          uI2Cr2rXOLdMFEHjFZsg6ui6PI+XwLs/SFM+muZUCKs=
Subject key identifier:   79:B3:E2:36:99:9F:FF:66:85:96:58:4E:65:00:BD:3B:CA:03:49:61
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1A4067301845B513320B8B3C303D2232080FA024
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6cf966aa-eaac-4b5f-98ef-4fc962fa8d72.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.190.96.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:40:67:30:18:45:b5:13:32:0b:8b:3c:30:3d:22:32:08:0f:a0:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e1:8f:7c:88:24:dc:45:67:1d:43:3d:ce:92:
                    2a:c8:33:ea:03:26:c9:ce:f7:43:26:50:ca:96:de:
                    46:fa:2d:76:0f:aa:7d:8f:80:9c:11:5b:fe:0d:d1:
                    ea:f2:9f:6c:ea:96:6c:93:4a:b2:00:63:5b:1f:fc:
                    5e:d5:1e:d7:c0:69:e4:e8:ed:ee:87:aa:24:1a:b6:
                    de:ad:b4:5d:7b:d5:a8:ff:f0:d2:2d:89:5e:3d:66:
                    c6:74:e1:0b:06:51:df:18:7a:ff:e4:08:fc:35:00:
                    40:2c:87:bc:27:ea:22:f1:a3:9d:e1:45:c4:bc:aa:
                    0f:49:73:64:b3:72:18:e7:d5:bc:55:2e:ba:ff:4e:
                    0b:23:cf:f5:8d:47:00:29:06:99:99:75:1b:2c:ac:
                    fa:87:4c:d2:e2:e6:4b:46:0d:33:45:65:ef:16:67:
                    3c:ba:9f:62:0d:0f:b5:ba:2f:d7:5c:7d:56:51:20:
                    04:55:ee:70:5e:24:5a:95:d1:56:75:49:13:28:c6:
                    75:b0:83:77:48:50:9f:ca:0d:21:2a:a1:b6:74:4f:
                    5c:ca:0d:7d:07:f8:09:5f:ac:33:3e:da:0e:f0:d0:
                    49:58:f3:95:9e:37:08:54:7e:08:40:57:7b:f0:21:
                    f5:86:92:a4:5d:73:c6:cd:3a:31:c6:82:06:48:31:
                    4c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:B3:E2:36:99:9F:FF:66:85:96:58:4E:65:00:BD:3B:CA:03:49:61
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6cf966aa-eaac-4b5f-98ef-4fc962fa8d72.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.190.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         48:6b:d7:62:0e:29:be:5a:47:2b:95:90:23:92:d7:70:4b:35:
         e7:20:98:b9:83:77:cb:41:81:c7:06:f7:5f:c7:64:0e:8b:fe:
         31:4d:46:16:4b:2a:51:80:db:2e:8e:89:7a:8d:90:dc:a1:96:
         58:5d:e8:d5:83:97:42:e7:7d:44:55:53:8b:50:50:97:23:86:
         d6:21:9b:81:53:c3:c0:f9:1c:7a:ba:f3:5b:42:b0:d3:21:ad:
         b0:da:44:e1:b7:77:25:2a:83:42:b3:ac:d4:b4:4b:9e:8f:0a:
         bb:fb:ae:a9:a6:58:8d:53:58:cd:50:6c:35:da:25:c4:26:43:
         be:02:de:48:66:3a:d1:b7:32:a0:96:41:78:3d:50:cf:a9:39:
         30:ed:7a:c9:8f:a3:dc:f6:7e:f7:15:a0:90:d9:a9:3c:58:97:
         3f:13:33:16:45:e7:65:7f:5d:1b:f7:0f:fc:c0:1f:c6:77:80:
         1b:a5:80:0a:11:c5:cd:86:6d:2d:db:3f:55:e9:93:33:92:1c:
         55:de:3c:fc:8a:28:ed:5f:10:20:3c:7f:dc:08:a8:76:25:9c:
         5f:9d:6d:eb:51:10:34:12:08:eb:2d:68:f1:00:eb:65:6a:d9:
         f9:95:85:cc:c9:94:48:a0:e4:80:88:a1:f7:7a:57:6d:80:f2:
         54:ba:a2:5e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGkBnMBhFtRMyC4s8MD0iMggPoCQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZGU2ZDcxZTQ1NTE4OWM5MGUxN2VlN2U0MTBkNDVkZGQ4
OWQ0NzllOWFjOWIyZGY2NWI4YTdhOWIzMmE3OWYxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDg4Y98iCTcRWcdQz3OkirIM+oDJsnO90MmUMqW3kb6LXYP
qn2PgJwRW/4N0eryn2zqlmyTSrIAY1sf/F7VHtfAaeTo7e6HqiQatt6ttF171aj/
8NItiV49ZsZ04QsGUd8Yev/kCPw1AEAsh7wn6iLxo53hRcS8qg9Jc2Szchjn1bxV
Lrr/Tgsjz/WNRwApBpmZdRssrPqHTNLi5ktGDTNFZe8WZzy6n2IND7W6L9dcfVZR
IARV7nBeJFqV0VZ1SRMoxnWwg3dIUJ/KDSEqobZ0T1zKDX0H+AlfrDM+2g7w0ElY
85WeNwhUfghAV3vwIfWGkqRdc8bNOjHGggZIMUyVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUebPiNpmf/2aFllhOZQC9O8oDSWEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZjZjk2NmFhLWVhYWMtNGI1Zi05OGVmLTRmYzk2MmZhOGQ3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQPvmAwDQYJKoZIhvcNAQELBQADggEBAEhr12IOKb5aRyuVkCOS13BLNecg
mLmDd8tBgccG91/HZA6L/jFNRhZLKlGA2y6OiXqNkNyhllhd6NWDl0LnfURVU4tQ
UJcjhtYhm4FTw8D5HHq681tCsNMhrbDaROG3dyUqg0KzrNS0S56PCrv7rqmmWI1T
WM1QbDXaJcQmQ74C3khmOtG3MqCWQXg9UM+pOTDtesmPo9z2fvcVoJDZqTxYlz8T
MxZF52V/XRv3D/zAH8Z3gBulgAoRxc2GbS3bP1XpkzOSHFXePPyKKO1fECA8f9wI
qHYlnF+dbetREDQSCOstaPEA62Vq2fmVhczJlEig5ICIofd6V22A8lS6ol4=
-----END CERTIFICATE-----