Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/919ab95f-1186-44b0-9436-91417ca52dfe.roa
File:                     919ab95f-1186-44b0-9436-91417ca52dfe.roa (raw, json)
Hash identifier:          62tA+s/Gn4cOa9PtKLSU0lPRckAfuiKwlw5lPDplJUo=
Subject key identifier:   2F:AA:60:E9:5C:26:3D:69:C1:04:94:80:79:21:61:44:65:1C:CC:B7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4A104BAE952CB3A17501C03953CCBF6DED10E9E6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/919ab95f-1186-44b0-9436-91417ca52dfe.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.133.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:10:4b:ae:95:2c:b3:a1:75:01:c0:39:53:cc:bf:6d:ed:10:e9:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d8:bf:21:a4:12:db:a0:b0:8f:07:74:f6:96:
                    69:6a:0d:f8:76:c7:4c:17:78:7e:3c:0d:13:b0:c6:
                    61:a4:cf:24:2b:e6:91:00:9a:a2:59:58:30:ff:73:
                    81:0e:df:a8:42:41:e1:81:9e:68:2c:0b:1b:a1:64:
                    64:3e:71:23:1a:df:60:b0:30:a2:41:e1:8a:14:f8:
                    14:17:5c:b9:40:88:40:0a:2f:e2:76:56:16:cb:5e:
                    6b:bd:63:19:72:55:be:75:59:f3:40:dd:10:2b:7e:
                    84:7a:f2:93:c9:cd:c8:c2:74:57:73:da:c1:14:b2:
                    9d:cf:39:4e:25:33:62:0f:08:b2:41:61:ee:b8:14:
                    97:4e:01:24:e2:a7:03:b9:fc:74:8f:ae:c7:0e:33:
                    d3:db:c9:e8:9d:99:cf:95:ae:b5:db:a4:9d:d0:07:
                    50:31:02:95:62:92:ae:02:c2:cf:9c:d6:4e:da:1b:
                    20:ea:2d:6d:17:0d:d4:f0:6a:2d:2c:6c:20:5b:1b:
                    e7:b1:20:aa:27:fc:e2:e5:24:f8:46:53:32:ee:5f:
                    a3:cb:2d:2b:25:20:cc:f2:af:6a:43:4d:5c:d0:76:
                    22:f5:22:6b:29:7e:59:49:f7:8d:b0:4a:3d:28:60:
                    d4:59:51:d1:05:1c:57:55:c3:3c:a0:ad:15:bd:8e:
                    62:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:AA:60:E9:5C:26:3D:69:C1:04:94:80:79:21:61:44:65:1C:CC:B7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/919ab95f-1186-44b0-9436-91417ca52dfe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:4e:57:6f:f5:e7:3e:47:b9:e2:71:08:58:8a:66:9f:fc:db:
         ba:95:61:55:66:2f:fc:0b:3b:76:f3:00:0f:b5:c4:2c:9c:b8:
         1d:4f:e4:4e:84:80:67:e2:3a:de:20:21:2e:34:e5:36:df:3c:
         f5:86:89:b3:38:ba:56:f6:8d:ac:a9:f2:56:d9:9e:39:8f:66:
         6d:12:76:a2:3b:1f:de:f6:63:ea:f4:bf:7e:88:2c:5b:a3:66:
         16:b7:88:a3:e0:0b:fb:10:b7:78:2c:42:66:6c:28:e4:50:a6:
         3f:14:16:7a:97:53:24:72:b8:55:9c:3d:48:6a:e9:c4:52:ea:
         96:16:1c:f5:02:21:32:be:33:a8:80:eb:fa:65:c3:58:9e:91:
         ae:cd:99:b6:86:0e:e5:a6:09:7d:3b:29:15:06:da:d2:02:f7:
         94:64:a1:75:de:75:ba:3b:7b:60:2e:2c:9b:16:22:10:69:27:
         6f:76:a4:d1:03:21:35:5f:fc:86:c7:4c:82:0f:ab:e1:6c:dd:
         5a:f5:4f:f8:35:31:83:e9:6d:58:45:98:3f:ed:a6:5d:fb:cd:
         29:7a:d8:86:bb:15:d2:07:27:08:02:fb:75:04:ac:1f:69:14:
         75:f8:68:25:b0:40:fc:48:d9:9b:e0:31:12:17:ef:64:2d:c0:
         a7:54:7c:d2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUShBLrpUss6F1AcA5U8y/be0Q6eYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YjYzNzZiZTYxY2ZjMDNhNzE4MmQxZGU1MzQ3NzY0MWE3
YjQwMmQ2ZGY2YWIzYWJmZWFiODYxNDQ3ZTM0M2E3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDG2L8hpBLboLCPB3T2lmlqDfh2x0wXeH48DROwxmGkzyQr
5pEAmqJZWDD/c4EO36hCQeGBnmgsCxuhZGQ+cSMa32CwMKJB4YoU+BQXXLlAiEAK
L+J2VhbLXmu9YxlyVb51WfNA3RArfoR68pPJzcjCdFdz2sEUsp3POU4lM2IPCLJB
Ye64FJdOASTipwO5/HSPrscOM9Pbyeidmc+VrrXbpJ3QB1AxApVikq4Cws+c1k7a
GyDqLW0XDdTwai0sbCBbG+exIKon/OLlJPhGUzLuX6PLLSslIMzyr2pDTVzQdiL1
ImspfllJ942wSj0oYNRZUdEFHFdVwzygrRW9jmI9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUL6pg6VwmPWnBBJSAeSFhRGUczLcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkxOWFiOTVmLTExODYtNDRiMC05NDM2LTkxNDE3Y2E1MmRmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3oUwDQYJKoZIhvcNAQELBQADggEBAElOV2/15z5HueJxCFiKZp/827qV
YVVmL/wLO3bzAA+1xCycuB1P5E6EgGfiOt4gIS405TbfPPWGibM4ulb2jayp8lbZ
njmPZm0SdqI7H972Y+r0v36ILFujZha3iKPgC/sQt3gsQmZsKORQpj8UFnqXUyRy
uFWcPUhq6cRS6pYWHPUCITK+M6iA6/plw1ieka7NmbaGDuWmCX07KRUG2tIC95Rk
oXXedbo7e2AuLJsWIhBpJ292pNEDITVf/IbHTIIPq+Fs3Vr1T/g1MYPpbVhFmD/t
pl37zSl62Ia7FdIHJwgC+3UErB9pFHX4aCWwQPxI2ZvgMRIX72QtwKdUfNI=
-----END CERTIFICATE-----