Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc5f1a79-2d45-43c6-83ec-d98225952205.roa
File:                     bc5f1a79-2d45-43c6-83ec-d98225952205.roa (raw, json)
Hash identifier:          0Fmhkn+IlI+4Mg9Y56K56w3uKeT7AqjBTaFed0eLFWk=
Subject key identifier:   17:67:13:6D:0A:DE:C9:2A:00:66:B8:CF:03:D8:85:26:14:B2:63:6F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       682004AB0A20ED442A049B69F7304CE4E05A9252
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc5f1a79-2d45-43c6-83ec-d98225952205.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.0.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:20:04:ab:0a:20:ed:44:2a:04:9b:69:f7:30:4c:e4:e0:5a:92:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:fd:f1:85:fb:a6:5e:2e:2a:7a:96:98:f4:f0:
                    c6:d8:b9:9b:81:b0:2d:7a:78:5c:77:ad:01:c6:5c:
                    34:b4:72:cf:93:51:e5:dd:fd:38:16:85:40:e7:a9:
                    b6:11:a1:1d:8e:60:56:93:e2:bb:89:f7:9f:cd:4f:
                    f2:e6:90:45:af:36:e7:56:53:cf:50:f2:8b:8d:f5:
                    c1:ae:b3:4e:b1:26:74:19:ee:35:b0:d3:b7:78:18:
                    f5:08:2e:0d:57:4d:f4:f6:dd:e6:f4:c8:8c:0d:ee:
                    01:fa:63:d3:e3:e0:31:4c:e1:77:20:fe:cb:c2:d9:
                    44:33:b0:a6:92:01:75:0b:29:13:42:2e:a6:3b:da:
                    93:b7:06:ea:cb:11:48:2b:68:01:e0:66:84:d9:b6:
                    ff:f4:62:01:51:68:bf:bc:64:2a:18:c4:ac:fd:b2:
                    36:e7:57:e0:7e:47:97:98:89:73:39:3b:94:db:13:
                    59:4e:aa:78:a7:d1:0c:e8:a5:79:c0:96:b0:49:a4:
                    98:7c:55:bc:e5:c1:e1:71:14:ef:f2:f3:0c:58:d8:
                    3e:1f:ca:f2:41:19:28:9e:e2:f5:ee:1e:35:86:05:
                    7b:b8:81:59:8e:d1:85:be:ee:48:46:9c:ab:c2:47:
                    3e:19:fe:de:33:49:f3:e6:80:7f:98:62:94:0a:be:
                    b0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:67:13:6D:0A:DE:C9:2A:00:66:B8:CF:03:D8:85:26:14:B2:63:6F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc5f1a79-2d45-43c6-83ec-d98225952205.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.0.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         15:36:60:62:0c:2f:37:7d:f7:39:af:31:4f:c2:b6:4f:06:05:
         d7:05:ff:6a:72:a5:05:5d:2b:4d:16:be:c1:7c:cf:5f:7a:36:
         ab:15:de:fa:90:af:83:74:64:dd:83:be:3a:1e:47:d6:b9:de:
         f1:fe:dc:0d:b1:01:82:80:0f:c2:01:56:ae:22:81:04:29:ab:
         8b:e0:5b:35:48:73:c0:e9:42:c3:06:21:9b:90:84:ab:97:cb:
         6b:d3:30:72:82:b7:d3:6f:8d:c8:4d:73:51:c5:c1:46:b6:93:
         e0:d8:e5:47:f8:f7:d0:08:21:5b:e3:fd:83:80:7f:12:dd:1e:
         03:20:a2:41:a4:5e:2b:02:17:59:d3:08:dc:fd:ca:7a:4b:03:
         1e:76:5f:44:15:d2:41:cb:7b:0a:4b:d9:55:a4:5d:94:a9:a5:
         12:69:c7:43:4a:54:24:92:c7:d8:b0:bd:b2:84:14:af:7b:52:
         0b:c3:b0:9f:ab:c1:06:f2:88:79:65:36:74:ec:9a:62:c0:eb:
         e7:1c:be:0d:a9:0a:00:15:e4:ba:77:a3:3f:dd:35:c6:e3:49:
         1b:98:b4:59:e5:9f:82:92:41:3c:ba:05:5e:a4:c6:d2:25:4e:
         4f:c5:c1:75:2c:87:4e:0d:04:1b:28:64:b2:67:d0:f6:36:91:
         ef:81:b4:7b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaCAEqwog7UQqBJtp9zBM5OBaklIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YjNkMzY1ZmUwNGQ5YWVkY2YxM2FmNDJhZmIwZTNlZmI3
NDc5NTFmZDAxNDBjZjU1NGVlYzU2MWYzNDhjZjcwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDc/fGF+6ZeLip6lpj08MbYuZuBsC16eFx3rQHGXDS0cs+T
UeXd/TgWhUDnqbYRoR2OYFaT4ruJ95/NT/LmkEWvNudWU89Q8ouN9cGus06xJnQZ
7jWw07d4GPUILg1XTfT23eb0yIwN7gH6Y9Pj4DFM4Xcg/svC2UQzsKaSAXULKRNC
LqY72pO3BurLEUgraAHgZoTZtv/0YgFRaL+8ZCoYxKz9sjbnV+B+R5eYiXM5O5Tb
E1lOqnin0QzopXnAlrBJpJh8VbzlweFxFO/y8wxY2D4fyvJBGSie4vXuHjWGBXu4
gVmO0YW+7khGnKvCRz4Z/t4zSfPmgH+YYpQKvrBTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUF2cTbQreySoAZrjPA9iFJhSyY28wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JjNWYxYTc5LTJkNDUtNDNjNi04M2VjLWQ5ODIyNTk1MjIwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEDADANBgkqhkiG9w0BAQsFAAOCAQEAFTZgYgwvN333Oa8xT8K2TwYF1wX/
anKlBV0rTRa+wXzPX3o2qxXe+pCvg3Rk3YO+Oh5H1rne8f7cDbEBgoAPwgFWriKB
BCmri+BbNUhzwOlCwwYhm5CEq5fLa9MwcoK302+NyE1zUcXBRraT4NjlR/j30Agh
W+P9g4B/Et0eAyCiQaReKwIXWdMI3P3KeksDHnZfRBXSQct7CkvZVaRdlKmlEmnH
Q0pUJJLH2LC9soQUr3tSC8Own6vBBvKIeWU2dOyaYsDr5xy+DakKABXkunejP901
xuNJG5i0WeWfgpJBPLoFXqTG0iVOT8XBdSyHTg0EGyhksmfQ9jaR74G0ew==
-----END CERTIFICATE-----