Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d4323423-ba09-4034-9867-035c691f9f3d.roa
File:                     d4323423-ba09-4034-9867-035c691f9f3d.roa (raw, json)
Hash identifier:          DmBKLXcm+TSsZuzEz/hRizImFCi0M7Nw4XrD2ZTvfKc=
Subject key identifier:   79:7D:BE:C2:D8:FC:EC:8E:52:18:2E:D6:48:48:2C:FE:F2:D9:2E:66
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6B76243C9DA8CFE0FBE595AA1ED6F8A249C4E6D7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d4323423-ba09-4034-9867-035c691f9f3d.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.48.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:76:24:3c:9d:a8:cf:e0:fb:e5:95:aa:1e:d6:f8:a2:49:c4:e6:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f4:ef:65:05:3a:90:9f:fe:a5:70:75:60:2a:
                    d9:05:af:8e:87:4d:8a:cc:03:af:95:9e:5d:17:ab:
                    5a:6d:a9:a3:70:9f:3d:bb:7f:8b:30:64:57:3e:33:
                    4d:5e:e7:25:d4:0a:5e:5f:c1:5d:ae:be:b5:57:51:
                    ff:5b:70:71:cf:7f:b8:b5:98:b7:64:ea:fe:f7:98:
                    bd:ad:a6:b8:e9:17:57:e7:21:90:0c:3b:64:94:d0:
                    a8:f0:96:9a:28:6f:75:a3:19:c9:88:40:1d:5d:71:
                    0e:f7:b8:f8:0e:db:91:ce:ca:36:e6:3d:45:75:94:
                    b9:59:62:22:c2:be:b4:9f:b0:eb:a2:af:14:87:2f:
                    ec:bd:db:b0:f9:e7:88:5c:08:eb:3b:89:48:09:fd:
                    1a:8b:82:b2:9f:45:cb:71:c0:dd:be:67:4c:a1:04:
                    61:a7:ff:50:40:3a:60:08:ee:ed:3f:e3:26:17:1a:
                    05:b4:55:02:0f:90:f6:0e:f9:e4:81:25:33:9b:d1:
                    cd:eb:bf:72:c8:21:52:85:6c:39:8d:d3:14:a8:33:
                    74:99:53:28:0c:48:36:ea:a1:2b:b6:fd:dd:aa:c4:
                    2b:72:7b:75:e6:04:39:9f:eb:a4:4e:ac:8a:63:d9:
                    d2:1b:49:62:2a:e4:6c:19:37:02:55:10:ae:bd:1e:
                    19:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:7D:BE:C2:D8:FC:EC:8E:52:18:2E:D6:48:48:2C:FE:F2:D9:2E:66
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d4323423-ba09-4034-9867-035c691f9f3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         89:8f:32:db:28:4d:ee:30:75:cd:ef:b0:ee:1b:f2:7d:a2:f5:
         b1:7d:1a:db:f2:b0:54:c5:bf:fe:68:3e:2a:82:35:f9:56:eb:
         bf:68:82:06:be:a1:81:a2:61:06:5b:93:eb:33:96:07:cf:b2:
         6e:22:e1:5d:a7:91:26:7e:e8:9f:ed:73:78:61:d3:0b:6c:cf:
         60:05:68:43:5b:01:9a:88:9a:5b:83:c6:a8:56:87:2e:c1:58:
         c4:06:05:c2:7b:fe:fd:b5:52:72:4b:a9:5e:b7:19:b5:01:4b:
         44:b8:14:b5:a7:b7:1f:01:99:cf:51:fd:af:94:2c:20:d7:82:
         0f:f5:2f:28:b6:5d:65:a3:1b:85:4e:dd:f4:8a:86:17:2a:d4:
         ba:08:e9:78:39:02:19:53:e6:d7:f9:56:74:74:3e:d1:56:6d:
         dc:24:fe:a2:ec:8c:b6:79:92:42:4b:1c:3e:aa:4b:6b:32:78:
         5f:02:3f:1a:eb:c7:45:60:a6:d4:24:cc:05:45:ae:8b:14:4c:
         3b:d2:29:c5:a4:bb:49:f3:8a:46:e2:3b:ce:1d:36:ff:08:14:
         cd:8b:3e:cf:e8:81:fc:53:63:2e:18:ee:aa:89:43:f1:a0:86:
         22:8f:05:a0:ae:0b:76:f6:35:b8:77:ba:13:a1:98:08:d1:36:
         33:a9:2b:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa3YkPJ2oz+D75ZWqHtb4oknE5tcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZDFhNmM0NDU5YTIzODBjNmNmM2Q4YWM1ZDdmOWZlOTQ4
ZmRmYWJmOTc3MzVkYTM0NWM3ZmVlMWI3NWQ4ZDUyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCY9O9lBTqQn/6lcHVgKtkFr46HTYrMA6+Vnl0Xq1ptqaNw
nz27f4swZFc+M01e5yXUCl5fwV2uvrVXUf9bcHHPf7i1mLdk6v73mL2tprjpF1fn
IZAMO2SU0Kjwlpoob3WjGcmIQB1dcQ73uPgO25HOyjbmPUV1lLlZYiLCvrSfsOui
rxSHL+y927D554hcCOs7iUgJ/RqLgrKfRctxwN2+Z0yhBGGn/1BAOmAI7u0/4yYX
GgW0VQIPkPYO+eSBJTOb0c3rv3LIIVKFbDmN0xSoM3SZUygMSDbqoSu2/d2qxCty
e3XmBDmf66ROrIpj2dIbSWIq5GwZNwJVEK69HhkLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeX2+wtj87I5SGC7WSEgs/vLZLmYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Q0MzIzNDIzLWJhMDktNDAzNC05ODY3LTAzNWM2OTFmOWYzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3DAwDQYJKoZIhvcNAQELBQADggEBAImPMtsoTe4wdc3vsO4b8n2i9bF9
GtvysFTFv/5oPiqCNflW679ogga+oYGiYQZbk+szlgfPsm4i4V2nkSZ+6J/tc3hh
0wtsz2AFaENbAZqImluDxqhWhy7BWMQGBcJ7/v21UnJLqV63GbUBS0S4FLWntx8B
mc9R/a+ULCDXgg/1Lyi2XWWjG4VO3fSKhhcq1LoI6Xg5AhlT5tf5VnR0PtFWbdwk
/qLsjLZ5kkJLHD6qS2syeF8CPxrrx0VgptQkzAVFrosUTDvSKcWku0nzikbiO84d
Nv8IFM2LPs/ogfxTYy4Y7qqJQ/GghiKPBaCuC3b2Nbh3uhOhmAjRNjOpK+g=
-----END CERTIFICATE-----