Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9e473a03-bff1-4027-969e-83657f2b7a4a.roa
File:                     9e473a03-bff1-4027-969e-83657f2b7a4a.roa (raw, json)
Hash identifier:          brGBJDDMN+mbdZYZHsedelIiTNlV072Egh/n20deIdA=
Subject key identifier:   DD:7D:FF:7D:45:41:66:27:75:D9:72:A0:77:B8:D9:4C:E4:BF:C4:0F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       42FE3680D3CF89B04700F72C286E850D96B84FAF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9e473a03-bff1-4027-969e-83657f2b7a4a.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.248.136.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:fe:36:80:d3:cf:89:b0:47:00:f7:2c:28:6e:85:0d:96:b8:4f:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a0:fd:bf:67:be:89:ed:b4:80:1b:bf:db:36:
                    ed:da:b5:65:23:85:c7:8b:3f:4f:1b:02:9f:36:78:
                    a5:96:73:10:17:c3:53:6f:73:f0:29:fa:05:b1:91:
                    d9:bf:80:38:45:e5:dd:9b:76:9f:48:1d:b5:8f:f8:
                    89:fc:a3:0a:6d:24:54:e8:c9:45:7b:4d:c2:4d:97:
                    c0:ec:53:6b:f4:c7:37:7c:12:7a:8a:89:8c:4b:60:
                    fd:fa:c0:c1:7a:e7:0e:3d:68:f9:b0:37:ad:ed:3a:
                    42:b9:a3:d9:9d:2c:fd:7d:95:7e:ae:58:ca:ed:42:
                    d1:45:b5:73:13:94:87:b4:48:ac:a8:e9:2c:0c:77:
                    5d:db:e8:b6:02:49:94:67:da:db:c5:77:0d:c9:3b:
                    13:35:a8:0b:67:d7:c2:f5:4d:28:a6:2f:2a:66:2b:
                    c9:f2:3a:41:c8:9b:58:ee:0e:56:ff:43:d5:3c:a8:
                    81:4b:6e:f4:f4:b7:11:b6:8e:34:0f:ed:6e:95:73:
                    a2:cc:16:3d:e9:55:f4:74:7e:38:43:90:c8:b5:6f:
                    5c:67:35:59:1d:9d:c4:1d:d0:85:c6:18:74:dd:0c:
                    8d:1a:db:d9:23:d0:50:87:76:97:ef:ff:ce:34:d4:
                    6e:22:97:5c:20:2d:80:9e:c7:fa:df:0b:6f:09:5c:
                    5d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:7D:FF:7D:45:41:66:27:75:D9:72:A0:77:B8:D9:4C:E4:BF:C4:0F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9e473a03-bff1-4027-969e-83657f2b7a4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.248.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:75:64:32:ca:fb:2e:34:25:de:d0:28:2e:92:c9:21:5d:6f:
         cf:4e:fc:6a:92:44:b7:1c:01:02:be:35:c4:a5:8d:a1:9b:c7:
         21:af:10:09:48:7a:15:94:58:c8:0e:ad:75:11:a2:6d:9d:87:
         b8:60:0e:b8:99:3b:46:ae:31:10:29:90:c4:12:34:6e:d5:a5:
         4e:dc:64:c2:42:b4:e3:90:84:e1:6f:13:42:4e:7e:ad:7f:c9:
         e0:75:fa:99:03:1e:28:98:68:0c:cb:4f:49:7d:bf:12:20:c3:
         13:fe:4b:fc:d5:57:0c:4e:e7:cf:7d:21:37:1e:34:6e:2e:05:
         5b:3d:94:ef:3f:81:6c:27:02:58:e6:b5:52:23:39:44:cd:77:
         53:6f:e1:5f:39:c6:1c:93:81:13:78:21:3a:c8:68:cd:e4:0c:
         af:ea:07:b3:72:78:2c:5a:e9:cb:95:de:2b:88:6a:40:08:83:
         45:03:9c:11:fe:ae:b4:73:95:aa:eb:fb:b4:84:4e:e3:67:0b:
         fd:f3:1d:d2:a0:68:89:6b:58:09:c3:92:ac:0e:f2:7d:01:14:
         2c:38:21:cf:e1:7a:0c:66:1f:67:b1:24:45:32:4d:ad:fc:e2:
         4a:03:dc:8c:e3:07:a0:38:9f:c1:01:40:89:71:bc:27:2d:df:
         29:b2:f5:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQv42gNPPibBHAPcsKG6FDZa4T68wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZDZkMDI2NzlmYmZiYmNkODQwZGMxMzVjZDk3M2I2NDcx
YWNjMDY0ZmQ5NjUzYzU5YmE5MDFkNTgwZTkzMWU0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgoP2/Z76J7bSAG7/bNu3atWUjhceLP08bAp82eKWWcxAX
w1Nvc/Ap+gWxkdm/gDhF5d2bdp9IHbWP+In8owptJFToyUV7TcJNl8DsU2v0xzd8
EnqKiYxLYP36wMF65w49aPmwN63tOkK5o9mdLP19lX6uWMrtQtFFtXMTlIe0SKyo
6SwMd13b6LYCSZRn2tvFdw3JOxM1qAtn18L1TSimLypmK8nyOkHIm1juDlb/Q9U8
qIFLbvT0txG2jjQP7W6Vc6LMFj3pVfR0fjhDkMi1b1xnNVkdncQd0IXGGHTdDI0a
29kj0FCHdpfv/8401G4il1wgLYCex/rfC28JXF0FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3X3/fUVBZid12XKgd7jZTOS/xA8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzllNDczYTAzLWJmZjEtNDAyNy05NjllLTgzNjU3ZjJiN2E0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP+IgwDQYJKoZIhvcNAQELBQADggEBADZ1ZDLK+y40Jd7QKC6SySFdb89O
/GqSRLccAQK+NcSljaGbxyGvEAlIehWUWMgOrXURom2dh7hgDriZO0auMRApkMQS
NG7VpU7cZMJCtOOQhOFvE0JOfq1/yeB1+pkDHiiYaAzLT0l9vxIgwxP+S/zVVwxO
5899ITceNG4uBVs9lO8/gWwnAljmtVIjOUTNd1Nv4V85xhyTgRN4ITrIaM3kDK/q
B7NyeCxa6cuV3iuIakAIg0UDnBH+rrRzlarr+7SETuNnC/3zHdKgaIlrWAnDkqwO
8n0BFCw4Ic/hegxmH2exJEUyTa384koD3IzjB6A4n8EBQIlxvCct3ymy9XI=
-----END CERTIFICATE-----