Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ea0a008e-4a4a-4430-bd3f-5c8aaa38abc0.roa
File:                     ea0a008e-4a4a-4430-bd3f-5c8aaa38abc0.roa (raw, json)
Hash identifier:          QP6/o8i/zk0PYKdDHcu5bpBeIYUcHO/hh8Fq+d9QulE=
Subject key identifier:   1D:A6:02:7F:37:9A:81:0A:6E:18:F4:9B:F8:28:32:F0:C7:40:9D:DB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6201993CA0A8BE2CDAD7E343E57EC2B2168B2545
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ea0a008e-4a4a-4430-bd3f-5c8aaa38abc0.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.177.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:01:99:3c:a0:a8:be:2c:da:d7:e3:43:e5:7e:c2:b2:16:8b:25:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:82:b6:b4:d1:31:b7:44:f4:72:b2:fb:b7:38:
                    10:9a:d6:d3:cb:69:dc:0a:de:d3:b5:a5:ab:8f:3e:
                    1d:60:ed:83:00:fa:a6:95:84:42:4b:4d:b0:e4:3f:
                    e3:d8:50:8e:f5:d1:59:cc:d8:9c:7b:09:02:03:94:
                    2a:9a:2f:1e:0a:7b:1a:c3:06:f9:85:df:2f:cc:b0:
                    dd:fb:a6:d8:d9:12:e6:0a:a8:01:0e:23:c3:70:54:
                    d0:c4:09:77:49:c3:8e:b7:a4:65:cd:8c:a4:5c:9c:
                    b2:21:90:4d:51:db:00:ca:8c:e1:53:90:d5:a9:ff:
                    92:a4:d6:17:7c:42:ef:b6:93:22:e0:6c:15:15:c8:
                    fa:fc:ae:b6:e5:64:f1:f6:29:78:67:cc:54:9d:cd:
                    af:da:91:a0:44:9a:bd:46:4f:ab:89:16:8d:bb:90:
                    2a:c1:81:26:e2:15:ee:75:64:49:6b:0e:b3:5d:21:
                    81:0f:9a:4c:02:d2:d2:6f:2e:4a:22:80:e6:8a:0a:
                    b4:df:fb:f5:cc:ed:3d:78:0a:74:c9:aa:06:f1:de:
                    6b:af:83:cf:29:e6:fc:6c:51:c9:e2:2d:bc:26:e4:
                    44:4c:10:72:56:d2:97:77:4e:2d:eb:72:f6:04:c1:
                    f5:0e:b4:86:e0:92:38:fb:ed:99:f3:40:6b:e5:ab:
                    9d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:A6:02:7F:37:9A:81:0A:6E:18:F4:9B:F8:28:32:F0:C7:40:9D:DB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ea0a008e-4a4a-4430-bd3f-5c8aaa38abc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.177.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         62:c5:1a:c7:1b:1d:4f:7f:b0:7e:1d:f7:c8:65:f6:fa:f3:c8:
         25:af:e9:5c:b7:b8:f1:b5:88:9d:55:07:37:ac:5f:75:b6:fc:
         7b:83:ea:e9:2b:f2:ef:e8:de:5a:5c:9f:aa:32:75:fa:e4:85:
         48:9f:a8:4a:75:c5:39:57:5f:e4:30:05:dc:3a:50:cb:12:06:
         33:83:8d:e4:7c:27:24:54:26:60:33:85:6d:f4:7f:71:dd:d1:
         fd:ee:76:6b:5f:28:b6:ca:c4:4b:63:f2:1e:c5:c0:1e:5d:6f:
         13:29:10:94:ee:b9:17:80:5c:b2:b4:48:12:a2:2e:92:c2:23:
         51:5b:50:f7:d2:49:03:83:26:9d:7e:93:9e:c0:c7:f6:7a:11:
         ea:93:5e:7c:a0:b5:ec:3b:54:fa:7a:1c:7c:a3:c2:17:e7:bf:
         68:5f:49:d2:e9:cb:f7:64:3e:70:f2:9e:47:14:5c:dd:c9:96:
         33:5e:ae:47:93:7c:f6:0d:2f:9b:f0:f8:fd:4b:ef:9c:5c:34:
         a7:05:59:05:12:75:58:79:1d:28:5b:27:a1:22:89:2a:7d:6a:
         7b:37:56:67:86:14:c1:8e:6e:93:fb:f9:14:8d:be:91:20:1d:
         3a:c5:d4:b0:f1:25:fd:0d:48:1d:a9:97:24:17:4a:a4:4c:8d:
         80:58:d6:bf
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYgGZPKCoviza1+ND5X7CshaLJUUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZmFmMGJlYTBmMGUzODlhMDRlOTc5OGFjZjU3ZTA0ZjZk
OGMzZGNlNTEzZjA1OTA0NzBhMTZjYmM5MzQwZDZjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLgra00TG3RPRysvu3OBCa1tPLadwK3tO1pauPPh1g7YMA
+qaVhEJLTbDkP+PYUI710VnM2Jx7CQIDlCqaLx4KexrDBvmF3y/MsN37ptjZEuYK
qAEOI8NwVNDECXdJw463pGXNjKRcnLIhkE1R2wDKjOFTkNWp/5Kk1hd8Qu+2kyLg
bBUVyPr8rrblZPH2KXhnzFSdza/akaBEmr1GT6uJFo27kCrBgSbiFe51ZElrDrNd
IYEPmkwC0tJvLkoigOaKCrTf+/XM7T14CnTJqgbx3muvg88p5vxsUcniLbwm5ERM
EHJW0pd3Ti3rcvYEwfUOtIbgkjj77ZnzQGvlq52dAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHaYCfzeagQpuGPSb+Cgy8MdAndswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VhMGEwMDhlLTRhNGEtNDQzMC1iZDNmLTVjOGFhYTM4YWJjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPsTANBgkqhkiG9w0BAQsFAAOCAQEAYsUaxxsdT3+wfh33yGX2+vPIJa/p
XLe48bWInVUHN6xfdbb8e4Pq6Svy7+jeWlyfqjJ1+uSFSJ+oSnXFOVdf5DAF3DpQ
yxIGM4ON5HwnJFQmYDOFbfR/cd3R/e52a18otsrES2PyHsXAHl1vEykQlO65F4Bc
srRIEqIuksIjUVtQ99JJA4MmnX6TnsDH9noR6pNefKC17DtU+nocfKPCF+e/aF9J
0unL92Q+cPKeRxRc3cmWM16uR5N89g0vm/D4/UvvnFw0pwVZBRJ1WHkdKFsnoSKJ
Kn1qezdWZ4YUwY5uk/v5FI2+kSAdOsXUsPEl/Q1IHamXJBdKpEyNgFjWvw==
-----END CERTIFICATE-----