Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ae729738-d220-40d1-8420-ba0e211ac920.roa
File:                     ae729738-d220-40d1-8420-ba0e211ac920.roa (raw, json)
Hash identifier:          HjJRCGAugsMzlIlRZw65q76HZY7lNfCPujuLAog5zoU=
Subject key identifier:   71:C9:29:35:37:77:34:D3:FD:53:17:AA:DA:29:35:6B:73:7A:DD:CC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       196954ACBE3265020B35368DF89B529954C1E2D5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ae729738-d220-40d1-8420-ba0e211ac920.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        161.191.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:69:54:ac:be:32:65:02:0b:35:36:8d:f8:9b:52:99:54:c1:e2:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:46:5f:57:c5:1b:2c:9f:66:ec:fd:c5:38:3b:
                    e8:10:a8:bf:4b:3f:8f:03:78:25:af:fa:ee:43:d7:
                    cd:5c:ba:42:43:47:00:71:32:96:a3:73:b1:24:91:
                    2d:e7:28:9a:43:8c:30:32:25:19:c6:2c:2f:89:2c:
                    26:3f:5b:59:37:17:34:17:a0:80:e7:7a:8d:2f:a7:
                    cd:b4:0a:a3:36:b3:e3:43:b5:cb:1a:3c:12:0e:50:
                    16:1f:cb:b6:a7:25:e6:82:ea:3f:df:05:60:9c:03:
                    63:6a:89:19:ee:01:e1:f0:54:c4:0d:de:89:cc:11:
                    d3:10:1e:a2:9e:06:43:d3:2e:fd:25:09:9b:9d:6b:
                    2c:67:77:f0:cb:3c:36:16:4a:23:82:eb:75:61:71:
                    98:0f:b4:e6:ad:1d:94:ab:90:e6:e4:7f:d9:ec:b0:
                    70:3a:2d:c8:0f:39:dd:0a:dc:b5:4b:a3:15:fa:24:
                    cc:ec:e5:18:0e:0d:d1:e9:ca:24:db:0d:06:be:69:
                    7b:ca:5f:69:2a:e0:da:25:e6:e0:87:01:14:dd:76:
                    f7:1e:c5:27:82:72:2d:02:35:b0:61:6a:94:a7:76:
                    f8:74:78:80:31:81:49:b9:24:98:ab:87:2c:a5:20:
                    67:34:cc:2b:20:06:8d:c0:9f:bf:6d:91:ad:be:5e:
                    e0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:C9:29:35:37:77:34:D3:FD:53:17:AA:DA:29:35:6B:73:7A:DD:CC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ae729738-d220-40d1-8420-ba0e211ac920.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.191.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4f:cd:a1:a3:48:3a:36:43:04:61:bb:fe:a3:79:c7:eb:10:a4:
         8f:30:a4:fb:73:ec:14:32:c3:0f:29:aa:38:ab:cd:0a:c5:5c:
         fd:aa:2d:9d:57:b4:88:2e:7a:ae:57:46:bb:03:8c:b7:e2:77:
         5f:40:28:d0:85:27:f6:56:6f:5b:14:44:60:8c:50:27:05:4b:
         74:95:9c:b3:c6:76:b9:26:30:df:93:ba:2d:03:7f:de:5c:ac:
         3a:15:4b:09:c6:24:9a:9c:af:72:f4:9e:76:e4:4b:3f:22:d8:
         78:56:f8:06:d9:d9:f8:81:23:4c:b7:2f:2c:83:5c:1c:85:67:
         cc:d1:ad:5f:e3:b7:80:01:33:d4:40:b7:7d:9d:0a:b5:ac:6f:
         55:ed:61:e7:92:63:06:23:c6:cf:fd:94:96:fb:cc:58:0d:a1:
         60:b5:29:d4:bb:d9:bf:c4:d9:fe:f0:87:f2:a5:f8:4b:d0:59:
         8a:ea:30:e3:eb:d9:49:1b:1d:d9:fd:d6:46:cc:53:a6:d6:0a:
         3e:5d:60:2b:59:91:f5:0e:95:26:59:cb:92:04:26:4e:93:8d:
         58:86:40:d4:d1:b8:2a:7d:90:59:2a:be:39:0e:ca:3f:d6:c8:
         8e:f7:4e:d9:27:50:a1:60:1a:95:93:dd:41:ae:9c:36:0f:dc:
         74:0b:1a:c1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGWlUrL4yZQILNTaN+JtSmVTB4tUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NmIyNTA1ZDdjMzNjOWE5NWI2MzRhZjBlNmVkZWFlMzBk
MGE4YmUxYjRhMjIzM2RmNDI1ZmVjOTg0ZTY3YmU0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWRl9XxRssn2bs/cU4O+gQqL9LP48DeCWv+u5D181cukJD
RwBxMpajc7EkkS3nKJpDjDAyJRnGLC+JLCY/W1k3FzQXoIDneo0vp820CqM2s+ND
tcsaPBIOUBYfy7anJeaC6j/fBWCcA2NqiRnuAeHwVMQN3onMEdMQHqKeBkPTLv0l
CZudayxnd/DLPDYWSiOC63VhcZgPtOatHZSrkObkf9nssHA6LcgPOd0K3LVLoxX6
JMzs5RgODdHpyiTbDQa+aXvKX2kq4Nol5uCHARTddvcexSeCci0CNbBhapSndvh0
eIAxgUm5JJirhyylIGc0zCsgBo3An79tka2+XuBvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcckpNTd3NNP9Uxeq2ik1a3N63cwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FlNzI5NzM4LWQyMjAtNDBkMS04NDIwLWJhMGUyMTFhYzkyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwChvzANBgkqhkiG9w0BAQsFAAOCAQEAT82ho0g6NkMEYbv+o3nH6xCkjzCk
+3PsFDLDDymqOKvNCsVc/aotnVe0iC56rldGuwOMt+J3X0Ao0IUn9lZvWxREYIxQ
JwVLdJWcs8Z2uSYw35O6LQN/3lysOhVLCcYkmpyvcvSeduRLPyLYeFb4BtnZ+IEj
TLcvLINcHIVnzNGtX+O3gAEz1EC3fZ0KtaxvVe1h55JjBiPGz/2UlvvMWA2hYLUp
1LvZv8TZ/vCH8qX4S9BZiuow4+vZSRsd2f3WRsxTptYKPl1gK1mR9Q6VJlnLkgQm
TpONWIZA1NG4Kn2QWSq+OQ7KP9bIjvdO2SdQoWAalZPdQa6cNg/cdAsawQ==
-----END CERTIFICATE-----