Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/da391d06-7bbc-481b-a4f5-529518e8fc2a.roa
File:                     da391d06-7bbc-481b-a4f5-529518e8fc2a.roa (raw, json)
Hash identifier:          0x1mNBlcUOAStB03giJlH6Kb1JojE/ooBP+tgr0Msso=
Subject key identifier:   29:D4:B2:3A:5F:18:55:6A:22:F1:91:1E:38:6B:C5:26:31:9F:25:F0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0F0C1F17109B469ED9EA98C1E0EE9C27B1AC62E3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/da391d06-7bbc-481b-a4f5-529518e8fc2a.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        152.155.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:0c:1f:17:10:9b:46:9e:d9:ea:98:c1:e0:ee:9c:27:b1:ac:62:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:87:03:1e:87:f9:57:32:31:07:e2:db:c3:3c:
                    30:b4:f1:8c:e6:38:a9:ee:44:40:8a:45:4e:fd:cf:
                    b0:26:9c:a2:1a:b5:14:cc:52:f2:76:e9:ae:5e:21:
                    d8:62:f4:7a:33:69:46:a6:cf:fc:49:88:d4:88:5c:
                    86:41:33:77:2d:e1:d1:35:18:0f:dd:c0:fb:24:f0:
                    2d:06:d0:46:b9:00:58:1e:5a:80:bc:9c:97:cb:1e:
                    d5:f1:97:83:31:31:fb:e4:54:1c:d5:7c:04:7e:39:
                    4a:71:4f:0e:9f:1c:cf:8c:b1:5f:54:1a:73:4b:10:
                    3d:32:52:2a:1a:0a:44:9c:ec:58:fc:a8:57:e0:49:
                    57:e7:64:56:d1:07:34:c8:b6:05:5a:f6:a7:ff:0d:
                    eb:50:97:f7:60:80:d6:7d:0f:5f:68:c3:7c:11:8b:
                    75:b0:c3:cf:8d:b0:01:e4:61:cb:ee:10:ef:21:5b:
                    d5:37:77:d4:39:b4:af:0e:26:cb:8e:10:fc:a4:58:
                    5a:89:88:c3:ec:30:3b:cd:ba:7b:7f:d5:4c:c8:5e:
                    5e:1e:52:a0:56:27:2e:7e:e9:51:30:c6:d7:24:f5:
                    09:e1:83:58:1d:19:68:00:99:85:05:e7:08:68:d6:
                    c6:63:42:f4:b3:2b:f7:2c:5c:d1:42:97:26:5c:43:
                    56:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:D4:B2:3A:5F:18:55:6A:22:F1:91:1E:38:6B:C5:26:31:9F:25:F0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/da391d06-7bbc-481b-a4f5-529518e8fc2a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.155.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7e:af:b9:ed:93:4c:fd:6c:c5:df:c8:85:a3:91:d8:ba:0c:68:
         79:10:e3:fb:ee:ee:ed:b4:d3:1d:b3:32:52:39:ba:cf:3b:94:
         87:4a:6d:1f:6d:8b:de:7a:24:b8:a5:b8:00:62:f4:7b:33:f4:
         0b:d7:1e:48:4d:fc:eb:48:7c:cf:65:00:bf:61:5c:90:91:2a:
         e8:fc:9b:e5:03:c8:a4:2e:ee:28:bf:8f:54:1b:8a:7f:d1:6e:
         8c:d1:34:43:4a:ce:5c:d5:ea:3b:33:81:1e:fe:fb:9c:07:18:
         6c:56:04:ff:12:19:c3:31:1f:d1:c3:57:04:13:2c:0e:aa:81:
         88:20:76:17:35:35:cf:08:48:33:3b:42:71:41:96:56:72:5b:
         8a:9f:c3:2f:48:ed:bc:7a:e4:06:7c:8d:25:7d:b9:e1:94:df:
         8d:bc:a8:53:97:81:de:29:6c:19:5f:7a:9d:cc:0d:2c:1c:69:
         fd:27:5c:33:ff:37:22:67:78:79:fa:8e:32:2d:8f:72:19:64:
         44:0c:95:7e:f3:39:ac:ab:1a:1a:2c:c8:06:09:40:f6:95:94:
         0c:cc:96:50:fa:6e:9a:96:a8:d5:63:3a:e5:7f:d6:e6:a4:99:
         ce:63:3e:fe:5c:b6:f7:e0:1d:1e:3a:81:31:a4:f9:6b:de:89:
         b8:25:9e:11
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDwwfFxCbRp7Z6pjB4O6cJ7GsYuMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhODE2ZTY3NTIzZDE0MGYwNWRmZjgzYmZhYTFjNDgyZTlh
YWQ2Mjc2OTYwNjc3NDM5NTJhZDYzMzcyOGZmYmFjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPhwMeh/lXMjEH4tvDPDC08YzmOKnuRECKRU79z7AmnKIa
tRTMUvJ26a5eIdhi9HozaUamz/xJiNSIXIZBM3ct4dE1GA/dwPsk8C0G0Ea5AFge
WoC8nJfLHtXxl4MxMfvkVBzVfAR+OUpxTw6fHM+MsV9UGnNLED0yUioaCkSc7Fj8
qFfgSVfnZFbRBzTItgVa9qf/DetQl/dggNZ9D19ow3wRi3Www8+NsAHkYcvuEO8h
W9U3d9Q5tK8OJsuOEPykWFqJiMPsMDvNunt/1UzIXl4eUqBWJy5+6VEwxtck9Qnh
g1gdGWgAmYUF5who1sZjQvSzK/csXNFClyZcQ1ZzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKdSyOl8YVWoi8ZEeOGvFJjGfJfAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RhMzkxZDA2LTdiYmMtNDgxYi1hNGY1LTUyOTUxOGU4ZmMyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCYmzANBgkqhkiG9w0BAQsFAAOCAQEAfq+57ZNM/WzF38iFo5HYugxoeRDj
++7u7bTTHbMyUjm6zzuUh0ptH22L3nokuKW4AGL0ezP0C9ceSE3860h8z2UAv2Fc
kJEq6Pyb5QPIpC7uKL+PVBuKf9FujNE0Q0rOXNXqOzOBHv77nAcYbFYE/xIZwzEf
0cNXBBMsDqqBiCB2FzU1zwhIMztCcUGWVnJbip/DL0jtvHrkBnyNJX254ZTfjbyo
U5eB3ilsGV96ncwNLBxp/SdcM/83Imd4efqOMi2PchlkRAyVfvM5rKsaGizIBglA
9pWUDMyWUPpumpao1WM65X/W5qSZzmM+/ly29+AdHjqBMaT5a96JuCWeEQ==
-----END CERTIFICATE-----