Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ba5e76ef-72d7-4aad-a055-88bc9734f69d.roa
File:                     ba5e76ef-72d7-4aad-a055-88bc9734f69d.roa (raw, json)
Hash identifier:          Ck59GSjVVXqvKa/Zkl7TBoc/KW7wIW5eGqqlv6xBVn0=
Subject key identifier:   8B:D7:64:8C:53:D3:14:14:BE:F8:78:8B:BD:8E:79:80:09:DF:73:1B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       539AB7432F16A8D0876D4DE376EE64ECB8FCB17F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ba5e76ef-72d7-4aad-a055-88bc9734f69d.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.90.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:9a:b7:43:2f:16:a8:d0:87:6d:4d:e3:76:ee:64:ec:b8:fc:b1:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:b3:68:dc:2c:14:3e:58:a0:3c:fe:16:e4:9f:
                    03:fe:3f:e1:eb:3a:9b:ae:f0:31:99:2f:65:6f:76:
                    92:7c:1e:03:cc:27:81:67:1e:4a:30:6d:ca:32:f1:
                    37:41:71:a1:5a:f7:bf:b7:fa:ba:79:c2:52:20:b4:
                    6e:34:9a:fb:e6:ec:b5:d0:48:af:b7:fe:37:c4:7b:
                    5b:73:50:76:ea:a4:f8:15:de:f4:8a:35:65:e0:52:
                    02:d8:df:c1:24:ac:97:e6:46:6a:4d:59:99:62:2a:
                    34:6a:19:3f:dc:a0:05:bc:4b:6b:12:7c:78:71:71:
                    c1:57:57:dc:70:fc:72:2e:d3:b3:2d:ef:ba:1f:7b:
                    8b:f0:ea:56:ba:35:4e:45:2b:c1:84:bf:38:47:3a:
                    4c:bc:4d:aa:a5:08:d1:27:bd:ae:97:bf:63:df:f3:
                    8f:72:fe:d8:50:ab:bb:ba:13:82:ed:f2:81:82:89:
                    8f:db:f1:df:f5:eb:e9:d7:82:6c:8f:bb:e6:a0:db:
                    eb:a4:21:4a:74:ee:fc:a4:b0:60:06:f1:31:39:4d:
                    92:c5:0c:ee:f9:36:44:4c:12:e1:0f:cc:51:02:e8:
                    de:92:5f:8e:30:bb:d2:fa:a9:c1:87:aa:7d:b0:92:
                    9c:b1:28:cf:3f:e6:57:aa:43:68:82:e8:c0:42:0e:
                    8c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:D7:64:8C:53:D3:14:14:BE:F8:78:8B:BD:8E:79:80:09:DF:73:1B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ba5e76ef-72d7-4aad-a055-88bc9734f69d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:68:80:08:91:52:1e:8a:ef:7c:f6:4c:ff:9e:25:3d:e3:bb:
         4c:42:93:02:cc:3f:0a:94:19:ae:7d:ab:af:2d:7a:67:25:87:
         bf:b3:df:2f:37:32:3d:99:23:fd:cf:ab:be:b2:9d:c4:94:e9:
         79:ab:0f:fd:bc:85:3c:2b:b5:c9:1d:af:4d:61:42:4d:8d:29:
         2e:a2:9d:39:e3:93:1e:80:58:6a:54:d9:eb:99:09:0e:b2:cd:
         56:44:17:3c:47:74:91:75:c7:5c:63:4b:00:fb:1c:dd:19:f4:
         41:03:8e:c0:dd:60:28:a4:1d:dc:c8:53:7d:4f:f3:f6:b7:81:
         cc:59:a7:80:e2:d8:3f:bf:8b:af:17:69:5f:a9:3c:c4:05:2d:
         20:42:2b:aa:ca:19:26:3c:d6:c0:16:1f:30:ad:62:58:ac:c7:
         2c:d4:22:67:dd:dc:94:59:00:44:fb:ca:ae:7d:73:bc:13:15:
         fe:af:10:9e:ab:75:4c:80:cf:ff:5e:69:e3:e7:83:1e:cc:a8:
         a2:90:e4:48:04:1e:5c:95:9e:e7:30:e1:73:df:06:5f:80:79:
         04:59:6a:e4:c6:95:6a:05:09:a2:c9:ed:ee:b1:2d:d1:3f:4f:
         6b:31:7a:0d:ab:4b:d5:f3:4d:a5:29:9e:97:bd:b1:37:84:23:
         e1:29:e8:76
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU5q3Qy8WqNCHbU3jdu5k7Lj8sX8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMjIzNzM3MGI3ZmZkMDgwMDk5ZmVkNTJhYmExNjcwMWZh
NTQ0ODdlZDkwNDQyNTgyNjQzNzkwNDliNzg4ZDdkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjs2jcLBQ+WKA8/hbknwP+P+HrOpuu8DGZL2VvdpJ8HgPM
J4FnHkowbcoy8TdBcaFa97+3+rp5wlIgtG40mvvm7LXQSK+3/jfEe1tzUHbqpPgV
3vSKNWXgUgLY38EkrJfmRmpNWZliKjRqGT/coAW8S2sSfHhxccFXV9xw/HIu07Mt
77ofe4vw6la6NU5FK8GEvzhHOky8TaqlCNEnva6Xv2Pf849y/thQq7u6E4Lt8oGC
iY/b8d/16+nXgmyPu+ag2+ukIUp07vyksGAG8TE5TZLFDO75NkRMEuEPzFEC6N6S
X44wu9L6qcGHqn2wkpyxKM8/5leqQ2iC6MBCDoyZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUi9dkjFPTFBS++HiLvY55gAnfcxswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JhNWU3NmVmLTcyZDctNGFhZC1hMDU1LTg4YmM5NzM0ZjY5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3lowDQYJKoZIhvcNAQELBQADggEBAAJogAiRUh6K73z2TP+eJT3ju0xC
kwLMPwqUGa59q68temclh7+z3y83Mj2ZI/3Pq76yncSU6XmrD/28hTwrtckdr01h
Qk2NKS6inTnjkx6AWGpU2euZCQ6yzVZEFzxHdJF1x1xjSwD7HN0Z9EEDjsDdYCik
HdzIU31P8/a3gcxZp4Di2D+/i68XaV+pPMQFLSBCK6rKGSY81sAWHzCtYlisxyzU
Imfd3JRZAET7yq59c7wTFf6vEJ6rdUyAz/9eaePngx7MqKKQ5EgEHlyVnucw4XPf
Bl+AeQRZauTGlWoFCaLJ7e6xLdE/T2sxeg2rS9XzTaUpnpe9sTeEI+Ep6HY=
-----END CERTIFICATE-----