Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a43f6dc4-7103-435e-a8a5-d25ff6b03557.roa
File:                     a43f6dc4-7103-435e-a8a5-d25ff6b03557.roa (raw, json)
Hash identifier:          fYGn4GuUvpT2Isu201UXAJIJsqVSuLdMleobmUtDbZE=
Subject key identifier:   09:6B:89:7C:05:AC:DF:23:C9:D9:1A:DD:85:99:2F:4B:42:FB:9F:F9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1A59668638090BF1ACA9170F0A3DE574F99A484C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a43f6dc4-7103-435e-a8a5-d25ff6b03557.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.2.48.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:59:66:86:38:09:0b:f1:ac:a9:17:0f:0a:3d:e5:74:f9:9a:48:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:36:af:27:44:8e:3a:8a:33:10:3c:36:37:de:
                    d0:9a:ed:45:d7:5f:c1:a7:6b:8c:26:6d:58:c9:ac:
                    2c:e0:d1:5c:21:85:fe:4e:fd:9a:ef:4a:11:88:b6:
                    eb:b5:79:d4:2e:1e:03:b0:d4:49:49:cc:f6:cb:a6:
                    b1:74:72:14:5b:d4:aa:e3:7e:92:b2:79:33:14:1c:
                    30:31:5b:f2:aa:db:3d:b9:19:d3:14:6c:49:dc:7f:
                    a5:6c:dd:5a:67:17:6f:82:51:3f:39:5d:4d:4e:c8:
                    47:0a:38:ee:13:cb:e2:ec:ae:01:4f:d9:15:af:95:
                    c9:f7:ea:a9:b3:b5:97:1e:7b:45:31:4f:58:4e:fb:
                    b4:d1:1b:d1:ab:8e:c1:b4:4c:2f:ec:58:63:bf:59:
                    18:75:03:c6:d3:26:5d:c4:ab:b0:80:36:4c:c5:b6:
                    0f:bf:31:27:51:8e:ad:5d:06:89:17:d2:5e:6d:96:
                    59:aa:86:aa:d0:cf:5d:50:09:49:1f:5d:3e:2a:ec:
                    84:80:62:99:63:85:02:69:24:52:e6:9e:6f:e8:ba:
                    36:f5:19:2a:39:dd:d8:d4:94:d5:c5:7e:26:ba:06:
                    25:16:ba:3d:4b:28:ff:c2:b5:d1:6d:2e:f9:37:cf:
                    24:55:9f:5c:52:3c:b4:10:38:4e:d1:ce:36:ec:d7:
                    06:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:6B:89:7C:05:AC:DF:23:C9:D9:1A:DD:85:99:2F:4B:42:FB:9F:F9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a43f6dc4-7103-435e-a8a5-d25ff6b03557.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:66:f5:ce:64:4d:d9:70:cb:36:c5:20:bf:b8:db:36:63:a4:
         00:9a:2e:6f:aa:44:60:87:eb:97:50:a7:b8:f5:7e:71:0d:3f:
         2e:b6:74:dd:f3:72:ab:50:74:7f:f2:82:d9:65:ae:a9:03:6e:
         52:a1:87:de:f7:d4:5f:c6:cf:8f:1f:52:00:24:b2:18:32:a5:
         4e:57:e7:2f:ee:45:f6:54:b9:59:c4:53:03:7f:41:fb:dd:5e:
         e1:fd:c4:96:43:20:f2:71:f2:1c:ed:09:50:1e:d6:a2:f4:9d:
         2c:dc:cd:0e:3e:35:f8:fc:29:f6:ee:db:53:66:c4:a5:e6:ef:
         44:49:1e:5f:ef:cc:84:02:9a:21:e9:7b:93:da:03:b1:46:f6:
         0d:45:0b:5c:fd:6f:90:91:55:42:97:ef:39:b9:5a:f3:f8:6d:
         08:b2:bf:11:87:13:d8:2a:50:cf:c9:0c:fc:78:47:60:87:37:
         6e:79:ee:41:4e:8e:7d:94:b4:94:81:f6:ab:0c:ab:93:0e:d8:
         61:b9:10:3b:ef:f6:53:72:90:9b:e8:3f:e1:1a:87:4b:63:ba:
         f9:b9:a3:4a:b9:35:5a:f5:2a:6b:0b:a9:7b:28:3f:b9:9f:7a:
         2b:e6:5f:5d:6f:bb:cb:ed:79:ff:9c:83:1b:43:6c:27:03:d7:
         47:0e:87:2f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGllmhjgJC/GsqRcPCj3ldPmaSEwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZGViNGJmYjUzMjU4MzQ2YjIxNTUxZmZjODNlN2Y0OWE0
Y2I0YzU5NDA3YzliZjZkMTkzNmYzN2M5MWY2NGZjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnNq8nRI46ijMQPDY33tCa7UXXX8Gna4wmbVjJrCzg0Vwh
hf5O/ZrvShGItuu1edQuHgOw1ElJzPbLprF0chRb1KrjfpKyeTMUHDAxW/Kq2z25
GdMUbEncf6Vs3VpnF2+CUT85XU1OyEcKOO4Ty+LsrgFP2RWvlcn36qmztZcee0Ux
T1hO+7TRG9GrjsG0TC/sWGO/WRh1A8bTJl3Eq7CANkzFtg+/MSdRjq1dBokX0l5t
llmqhqrQz11QCUkfXT4q7ISAYpljhQJpJFLmnm/oujb1GSo53djUlNXFfia6BiUW
uj1LKP/CtdFtLvk3zyRVn1xSPLQQOE7Rzjbs1wblAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCWuJfAWs3yPJ2RrdhZkvS0L7n/kwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E0M2Y2ZGM0LTcxMDMtNDM1ZS1hOGE1LWQyNWZmNmIwMzU1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAjAwDQYJKoZIhvcNAQELBQADggEBAGVm9c5kTdlwyzbFIL+42zZjpACa
Lm+qRGCH65dQp7j1fnENPy62dN3zcqtQdH/ygtllrqkDblKhh9731F/Gz48fUgAk
shgypU5X5y/uRfZUuVnEUwN/QfvdXuH9xJZDIPJx8hztCVAe1qL0nSzczQ4+Nfj8
Kfbu21NmxKXm70RJHl/vzIQCmiHpe5PaA7FG9g1FC1z9b5CRVUKX7zm5WvP4bQiy
vxGHE9gqUM/JDPx4R2CHN2557kFOjn2UtJSB9qsMq5MO2GG5EDvv9lNykJvoP+Ea
h0tjuvm5o0q5NVr1KmsLqXsoP7mfeivmX11vu8vtef+cgxtDbCcD10cOhy8=
-----END CERTIFICATE-----