Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f293a620-0635-4a5a-9c8a-813c14a1700b.roa
File:                     f293a620-0635-4a5a-9c8a-813c14a1700b.roa (raw, json)
Hash identifier:          0H6u86xQ52b2ylI15dC1jkGDwbJ5SEBBdRaWsCCStO4=
Subject key identifier:   5C:7E:FB:20:9E:9F:31:8E:79:43:E1:0D:BD:3E:7B:19:E4:19:30:F1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5D73C91938E1E7CAD4668047BFF2945079FA6768
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f293a620-0635-4a5a-9c8a-813c14a1700b.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.5.76.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:73:c9:19:38:e1:e7:ca:d4:66:80:47:bf:f2:94:50:79:fa:67:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d9:f3:f2:b0:81:ae:28:90:10:1f:d5:07:90:
                    56:b4:a5:b3:3e:bd:2a:a2:44:d3:00:cd:05:ef:d0:
                    1f:48:f5:17:ed:ee:56:85:b7:aa:24:51:2d:a4:2c:
                    6b:5f:7b:47:57:cb:93:30:12:96:b6:04:c6:71:63:
                    85:28:11:ae:23:bd:ea:23:89:5c:d1:be:7a:fd:03:
                    f4:67:31:03:c7:5a:96:92:0d:ae:6b:78:1c:85:88:
                    de:99:ff:0c:52:09:5b:7e:20:cd:63:2a:1f:7b:e8:
                    36:54:de:8b:b5:53:25:0c:91:dd:bc:78:39:6a:a6:
                    f5:32:14:48:92:41:7e:b6:c2:d3:51:35:64:18:e5:
                    20:ba:8e:ca:a3:56:10:9e:51:0e:41:34:6d:ea:a1:
                    7e:3e:39:51:35:d3:7c:66:45:60:ed:04:b9:78:7a:
                    e9:6d:40:dd:58:48:05:64:8f:3a:95:1e:94:e5:da:
                    f3:64:e5:7c:76:b3:c1:f5:6e:50:d0:95:f4:e5:d9:
                    77:05:67:1d:21:90:d3:43:35:9d:d7:d9:b8:57:a1:
                    e3:0d:c6:d0:4a:ed:5e:c5:da:42:da:2b:b9:76:91:
                    99:5a:52:55:72:17:98:20:a8:94:9d:25:d4:f8:de:
                    17:1f:97:24:47:e5:a4:77:4a:06:2e:1c:5d:64:87:
                    3b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:7E:FB:20:9E:9F:31:8E:79:43:E1:0D:BD:3E:7B:19:E4:19:30:F1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f293a620-0635-4a5a-9c8a-813c14a1700b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.5.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:f6:89:3b:a9:d6:c5:a1:54:9c:bb:42:eb:76:16:88:e0:a9:
         85:84:b0:f8:da:ae:54:ed:71:5f:5d:54:a7:a9:94:64:ee:b9:
         c3:3e:cc:fb:36:b1:84:8f:91:6b:f8:df:5d:0e:46:22:2c:1c:
         5d:a1:7c:b1:31:55:31:33:17:a0:e4:23:83:42:00:fc:2c:db:
         3c:37:36:dc:d0:df:7e:72:89:9c:07:1c:3f:7d:7b:59:68:15:
         e7:dd:6b:5b:ed:0f:d4:aa:88:0b:42:9a:5d:e5:30:f1:3c:24:
         39:1d:0f:7e:7f:00:ea:c2:96:18:7d:c8:35:ec:6a:3d:36:2f:
         31:a6:ad:1a:ff:ea:c0:6e:32:78:77:14:ca:e3:fe:ef:c8:b1:
         38:50:b3:cb:f2:25:ee:54:77:2f:fb:4c:a7:88:0f:76:45:8b:
         0c:37:49:9c:35:0b:d9:c8:b6:55:ea:a2:5b:91:47:a8:8c:50:
         96:f8:db:a4:47:da:e2:2e:0d:11:2b:2d:ff:77:a8:69:c4:bf:
         e9:b7:3c:4a:1b:fc:05:86:ec:c2:ca:bb:2a:39:05:17:33:7a:
         3b:a6:68:6c:5d:97:c2:fe:6e:f8:b4:c1:bd:9d:ad:9e:c9:9a:
         cd:f1:b6:58:1a:3d:1d:c0:f9:e3:63:c6:c8:5e:02:05:05:06:
         34:df:15:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXXPJGTjh58rUZoBHv/KUUHn6Z2gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YzEyYjgyZmE3ZGU0MjE3MmM2MTk0YjM1MDQyZWZjNjdh
YzY5ZWY0ZjQzNzk3MTdlNDg2YzBjMmI1OWEyZWZjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDA2fPysIGuKJAQH9UHkFa0pbM+vSqiRNMAzQXv0B9I9Rft
7laFt6okUS2kLGtfe0dXy5MwEpa2BMZxY4UoEa4jveojiVzRvnr9A/RnMQPHWpaS
Da5reByFiN6Z/wxSCVt+IM1jKh976DZU3ou1UyUMkd28eDlqpvUyFEiSQX62wtNR
NWQY5SC6jsqjVhCeUQ5BNG3qoX4+OVE103xmRWDtBLl4eultQN1YSAVkjzqVHpTl
2vNk5Xx2s8H1blDQlfTl2XcFZx0hkNNDNZ3X2bhXoeMNxtBK7V7F2kLaK7l2kZla
UlVyF5ggqJSdJdT43hcflyRH5aR3SgYuHF1khzvhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXH77IJ6fMY55Q+ENvT57GeQZMPEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YyOTNhNjIwLTA2MzUtNGE1YS05YzhhLTgxM2MxNGExNzAwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDBUwwDQYJKoZIhvcNAQELBQADggEBALH2iTup1sWhVJy7Qut2FojgqYWE
sPjarlTtcV9dVKeplGTuucM+zPs2sYSPkWv4310ORiIsHF2hfLExVTEzF6DkI4NC
APws2zw3NtzQ335yiZwHHD99e1loFefda1vtD9SqiAtCml3lMPE8JDkdD35/AOrC
lhh9yDXsaj02LzGmrRr/6sBuMnh3FMrj/u/IsThQs8vyJe5Udy/7TKeID3ZFiww3
SZw1C9nItlXqoluRR6iMUJb426RH2uIuDRErLf93qGnEv+m3PEob/AWG7MLKuyo5
BRczejumaGxdl8L+bvi0wb2drZ7Jms3xtlgaPR3A+eNjxsheAgUFBjTfFW4=
-----END CERTIFICATE-----