Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a38622f8-5fb2-4f4a-95ef-57202780478d.roa
File:                     a38622f8-5fb2-4f4a-95ef-57202780478d.roa (raw, json)
Hash identifier:          NkJJ7ZxTmAaIiABUi9123iMoA0k256O8tugsPzlJ5DI=
Subject key identifier:   F4:A7:27:72:5A:8A:D9:E7:D7:11:FA:D3:91:E1:B3:80:26:CB:89:60
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0146F4DF02CC8ABBCC7DEB9B040396B1100FDD31
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a38622f8-5fb2-4f4a-95ef-57202780478d.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.170.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:46:f4:df:02:cc:8a:bb:cc:7d:eb:9b:04:03:96:b1:10:0f:dd:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:55:e9:78:3d:73:d6:65:8d:55:57:ef:69:50:
                    b8:e5:37:0e:02:6c:22:30:16:85:cc:30:9d:db:f2:
                    89:12:e6:c7:0c:88:55:7e:b6:36:72:db:c8:d9:12:
                    49:02:fc:ec:07:6b:89:0d:a6:ee:eb:b0:3e:a7:83:
                    ab:da:60:6d:33:f2:67:fb:bc:55:53:5a:14:e0:92:
                    b2:c1:59:6e:02:ea:d7:f7:4d:ca:3c:41:d0:26:04:
                    af:02:ff:32:6b:fd:35:ea:c4:e1:e4:c5:8b:19:15:
                    bc:f6:f8:2d:e9:36:b2:9c:08:d9:9e:4e:1d:e5:26:
                    75:3d:87:bb:00:d6:c4:60:eb:d4:8a:1b:60:96:6a:
                    34:d0:3a:e7:56:ab:a1:26:ad:3e:02:21:d5:4b:f5:
                    11:89:07:7f:d0:66:d5:78:74:ba:da:dc:28:cf:0f:
                    40:92:50:fd:77:00:db:5b:7d:45:e1:1e:d0:19:c9:
                    67:5d:71:7f:39:96:a6:66:5e:55:d9:6b:d3:6a:b1:
                    a7:a7:ee:05:cd:f7:99:fb:46:fb:05:67:c6:13:7f:
                    b2:64:da:95:91:e8:a7:d9:e4:07:04:5a:65:59:3f:
                    cf:4b:a4:6e:64:10:31:75:31:c4:34:7f:f1:90:03:
                    f6:1b:44:54:7d:93:a5:f0:8c:06:41:df:04:77:76:
                    ea:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:A7:27:72:5A:8A:D9:E7:D7:11:FA:D3:91:E1:B3:80:26:CB:89:60
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a38622f8-5fb2-4f4a-95ef-57202780478d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.170.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         15:86:2a:6f:55:de:ac:ab:4a:df:7d:1f:1e:38:1d:25:88:6f:
         13:8b:9d:2e:8b:43:8e:b1:d9:63:f7:a5:d2:ef:d5:30:1c:60:
         63:8c:58:16:d1:1e:ad:65:8d:93:56:13:a2:d0:36:f8:b8:30:
         0f:23:dd:5b:46:44:b0:0a:01:93:ae:4e:90:c6:5e:d2:e5:14:
         64:b6:01:fe:fe:4e:44:bf:5c:19:7f:e3:c6:1b:6e:0b:5f:0c:
         42:a6:04:f4:42:ae:54:aa:97:ce:3d:08:85:07:e2:1f:96:d8:
         51:83:15:7a:f6:83:95:ae:4c:d2:32:b8:fe:81:5d:c9:a0:7a:
         f1:89:13:c5:e4:cd:bc:81:0b:d0:4c:58:0d:1f:6d:ab:00:43:
         2e:de:80:21:2e:a3:61:8a:92:af:22:cb:c2:d9:62:10:88:2d:
         70:fd:0a:0d:3f:00:58:2e:a6:b1:54:f9:83:5f:9e:a7:22:30:
         f1:85:e5:cf:b5:0a:ce:6b:29:c5:b5:e8:cf:f1:e7:be:b0:19:
         11:65:f0:c9:84:dd:7f:c6:59:88:3d:06:2d:d9:a1:eb:d7:74:
         73:f9:26:cf:59:51:77:cd:ea:ed:77:1b:ca:bb:06:ef:1e:b3:
         9f:ab:22:b3:8b:21:9f:56:54:6a:44:a8:6b:b8:81:78:e2:72:
         33:24:fb:59
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAUb03wLMirvMfeubBAOWsRAP3TEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjUyNDI5YTBlYzdiZWI1MGMzZTQwZjQ3MWU2MjhiZDky
MzJkMGQ1YzVhMmQxNTkyMjkzYmNmOGNkMmU5MWJkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjVel4PXPWZY1VV+9pULjlNw4CbCIwFoXMMJ3b8okS5scM
iFV+tjZy28jZEkkC/OwHa4kNpu7rsD6ng6vaYG0z8mf7vFVTWhTgkrLBWW4C6tf3
Tco8QdAmBK8C/zJr/TXqxOHkxYsZFbz2+C3pNrKcCNmeTh3lJnU9h7sA1sRg69SK
G2CWajTQOudWq6EmrT4CIdVL9RGJB3/QZtV4dLra3CjPD0CSUP13ANtbfUXhHtAZ
yWddcX85lqZmXlXZa9Nqsaen7gXN95n7RvsFZ8YTf7Jk2pWR6KfZ5AcEWmVZP89L
pG5kEDF1McQ0f/GQA/YbRFR9k6XwjAZB3wR3durFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU9KcnclqK2efXEfrTkeGzgCbLiWAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EzODYyMmY4LTVmYjItNGY0YS05NWVmLTU3MjAyNzgwNDc4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPqjANBgkqhkiG9w0BAQsFAAOCAQEAFYYqb1XerKtK330fHjgdJYhvE4ud
LotDjrHZY/el0u/VMBxgY4xYFtEerWWNk1YTotA2+LgwDyPdW0ZEsAoBk65OkMZe
0uUUZLYB/v5ORL9cGX/jxhtuC18MQqYE9EKuVKqXzj0IhQfiH5bYUYMVevaDla5M
0jK4/oFdyaB68YkTxeTNvIEL0ExYDR9tqwBDLt6AIS6jYYqSryLLwtliEIgtcP0K
DT8AWC6msVT5g1+epyIw8YXlz7UKzmspxbXoz/HnvrAZEWXwyYTdf8ZZiD0GLdmh
69d0c/kmz1lRd83q7XcbyrsG7x6zn6sis4shn1ZUakSoa7iBeOJyMyT7WQ==
-----END CERTIFICATE-----