Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ee58bc94-b659-41f6-9418-df2b947e97a7.roa
File:                     ee58bc94-b659-41f6-9418-df2b947e97a7.roa (raw, json)
Hash identifier:          qmFNunzUFI85h4dzFJtP0wy87UaiH5cGDmtzRm4ywto=
Subject key identifier:   BF:B6:3C:7A:C2:D2:0B:F3:DE:50:37:AB:7D:9E:D9:4C:CD:6A:11:C9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       385916040B1F97AB1570C28D962F00A07A385852
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ee58bc94-b659-41f6-9418-df2b947e97a7.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.85.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:59:16:04:0b:1f:97:ab:15:70:c2:8d:96:2f:00:a0:7a:38:58:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ba:ec:b2:54:b2:36:eb:a4:50:da:99:1a:3e:
                    fa:f0:60:0a:98:fb:83:80:38:8f:10:a9:b9:e9:35:
                    bc:47:d2:5b:7c:c2:7f:b8:32:79:56:d7:0f:46:4f:
                    59:48:bc:2b:9c:27:23:04:68:e0:77:4c:48:1a:e9:
                    43:a0:10:de:3d:a0:e7:e1:18:c3:a2:e8:61:67:1c:
                    b8:d6:20:9b:37:b7:c6:34:27:67:63:f7:c6:1e:fe:
                    db:6e:5b:bb:d6:44:ed:1d:2a:60:bd:09:b0:de:44:
                    35:6f:8a:6f:d0:79:1d:72:1f:4d:2b:d3:37:94:2d:
                    68:77:1b:cc:bd:66:9a:e9:29:1e:4d:b3:d2:2a:a5:
                    c8:42:1c:8f:ec:12:91:b0:8f:ad:2f:c6:b3:0f:75:
                    c0:57:18:36:ca:1c:64:b2:4b:7a:28:16:ba:ad:8b:
                    fc:aa:1d:28:91:e3:b8:86:9e:0a:f9:08:cd:a2:5a:
                    f6:16:4c:5e:fd:d1:39:6c:70:1d:05:b6:d0:2e:21:
                    ae:4f:9e:3e:f9:5e:5e:4f:d8:83:a9:c9:b2:4c:98:
                    81:23:e4:87:00:f3:c2:55:40:f6:6d:73:5a:61:0e:
                    65:81:63:95:82:a8:db:b4:f0:79:9d:85:f6:d3:73:
                    3c:f4:0b:73:93:7e:83:59:fe:1a:45:a9:18:45:5b:
                    fa:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:B6:3C:7A:C2:D2:0B:F3:DE:50:37:AB:7D:9E:D9:4C:CD:6A:11:C9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ee58bc94-b659-41f6-9418-df2b947e97a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.85.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         aa:45:29:cc:58:4e:5f:40:71:2d:9d:a9:3a:56:89:ca:64:d6:
         5b:1e:0d:96:b8:68:ee:d1:f7:4c:fa:5c:53:1c:e6:4e:e7:7f:
         35:5a:8b:09:ec:52:cb:08:11:a9:ab:2b:be:ee:05:5e:f5:90:
         30:ad:56:75:f9:fc:4f:75:f2:fa:83:dc:a4:b8:6a:1c:7e:8b:
         e2:06:39:3f:e0:35:2f:64:96:98:8e:a2:b8:0e:84:8c:8d:3f:
         82:6c:7e:4e:8f:6d:cf:4f:99:48:59:3c:16:f8:e6:ef:3b:8d:
         f3:a5:72:f9:4b:e7:01:86:5a:d0:5a:d1:68:be:26:21:9c:90:
         3d:f2:27:5d:64:3b:52:eb:3e:8f:4c:e0:01:80:3a:05:f1:ad:
         23:fc:b9:52:67:7c:cf:e5:73:50:70:28:b7:d8:45:b4:0c:a8:
         6e:00:c0:92:be:2f:a2:b8:db:55:d7:e9:ef:63:20:51:48:16:
         48:0a:ec:75:56:2b:f4:c3:98:c2:38:3a:63:ce:2c:be:4c:3b:
         19:2b:61:dc:2c:5d:37:ba:ee:62:7b:3d:c7:d1:08:d0:c3:43:
         ee:f7:2d:f7:77:c8:3c:c0:a0:47:70:40:c3:c8:2b:02:12:43:
         45:f2:d5:75:04:93:fc:a2:fb:0b:fc:4d:de:f6:8b:5e:90:fd:
         c4:e4:6c:7d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOFkWBAsfl6sVcMKNli8AoHo4WFIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZWRhOTE2NWFlZWU0ZjMwNDE5NzI3Y2UxYzVmMGNlY2Yw
MzExODk1OTkwZmFhMzE1Yjg3YTc4NDliMjkyMjY2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3uuyyVLI266RQ2pkaPvrwYAqY+4OAOI8QqbnpNbxH0lt8
wn+4MnlW1w9GT1lIvCucJyMEaOB3TEga6UOgEN49oOfhGMOi6GFnHLjWIJs3t8Y0
J2dj98Ye/ttuW7vWRO0dKmC9CbDeRDVvim/QeR1yH00r0zeULWh3G8y9ZprpKR5N
s9IqpchCHI/sEpGwj60vxrMPdcBXGDbKHGSyS3ooFrqti/yqHSiR47iGngr5CM2i
WvYWTF790TlscB0FttAuIa5Pnj75Xl5P2IOpybJMmIEj5IcA88JVQPZtc1phDmWB
Y5WCqNu08HmdhfbTczz0C3OTfoNZ/hpFqRhFW/rZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUv7Y8esLSC/PeUDerfZ7ZTM1qEckwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VlNThiYzk0LWI2NTktNDFmNi05NDE4LWRmMmI5NDdlOTdhNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASVTANBgkqhkiG9w0BAQsFAAOCAQEAqkUpzFhOX0BxLZ2pOlaJymTWWx4N
lrho7tH3TPpcUxzmTud/NVqLCexSywgRqasrvu4FXvWQMK1Wdfn8T3Xy+oPcpLhq
HH6L4gY5P+A1L2SWmI6iuA6EjI0/gmx+To9tz0+ZSFk8Fvjm7zuN86Vy+UvnAYZa
0FrRaL4mIZyQPfInXWQ7Uus+j0zgAYA6BfGtI/y5Umd8z+VzUHAot9hFtAyobgDA
kr4vorjbVdfp72MgUUgWSArsdVYr9MOYwjg6Y84svkw7GSth3CxdN7ruYns9x9EI
0MND7vct93fIPMCgR3BAw8grAhJDRfLVdQST/KL7C/xN3vaLXpD9xORsfQ==
-----END CERTIFICATE-----