Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3e5bf7c-d63c-4e09-9a38-8f26d5a70736.roa
File:                     f3e5bf7c-d63c-4e09-9a38-8f26d5a70736.roa (raw, json)
Hash identifier:          BUAAqVmYbV8cnkgsHS6rEyI1NbYAT6+lO7W8lFlM8Qk=
Subject key identifier:   D1:51:1B:32:89:12:CF:BC:56:BB:21:38:F9:D1:9D:A3:4A:E5:05:F7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       487F70091D640F06D120DFD92BE052A93A10F42F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3e5bf7c-d63c-4e09-9a38-8f26d5a70736.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.34.72.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:7f:70:09:1d:64:0f:06:d1:20:df:d9:2b:e0:52:a9:3a:10:f4:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9e:04:f7:75:37:09:d3:81:f9:91:b1:88:c9:
                    2f:8b:74:e9:bf:1e:c3:2c:69:9a:10:ec:47:54:1c:
                    19:5b:77:33:57:c6:a0:25:5f:45:ea:4b:8a:51:da:
                    16:2e:6f:cf:29:9e:16:e5:9f:bd:f0:9c:a4:b5:e3:
                    c6:eb:fd:3b:fc:6c:02:3e:70:c4:c1:6d:17:e8:59:
                    f0:a6:4f:df:aa:a1:66:6f:d8:9e:e7:2b:83:ba:e8:
                    21:fc:40:6a:ba:f7:ff:30:52:4e:42:1b:b4:68:fa:
                    f0:52:22:f5:e0:f6:70:10:66:dd:52:fe:f3:d9:6c:
                    7c:f4:b0:b8:e9:f6:f1:e2:f7:44:7a:fd:1a:b8:9f:
                    99:de:31:9c:ce:9b:98:38:bf:d9:7b:58:38:b2:5d:
                    4a:e3:55:dc:8b:64:fa:77:ca:d3:6c:40:d6:80:0c:
                    c0:6b:36:1f:50:9d:9c:50:4c:ea:91:ed:76:4d:95:
                    3c:27:94:d3:34:ea:65:17:74:57:87:54:e7:e9:5e:
                    31:cf:45:e4:08:b0:61:a5:ea:7b:6b:fa:0a:8f:f9:
                    f0:91:1c:5b:2a:11:b0:51:d3:80:35:aa:ec:f3:87:
                    5e:37:78:03:5b:06:32:cf:81:3b:8e:00:d2:ef:90:
                    13:c5:58:1f:ca:05:7f:17:84:8d:89:5f:9f:0d:20:
                    96:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:51:1B:32:89:12:CF:BC:56:BB:21:38:F9:D1:9D:A3:4A:E5:05:F7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3e5bf7c-d63c-4e09-9a38-8f26d5a70736.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.34.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         05:ad:23:94:64:51:59:2d:64:c2:31:5e:8e:bb:11:9d:9c:b3:
         8a:a4:c3:bb:58:84:91:68:3e:62:cf:50:3e:dd:1d:e2:37:1f:
         47:6f:6d:5c:ea:bd:f7:8d:07:fa:f7:6c:ad:4f:4f:58:b2:05:
         c8:88:9c:0c:0f:55:d7:3a:b0:30:c4:56:6b:de:f0:2c:db:fe:
         3f:77:9d:6f:37:14:31:59:43:5c:dd:f2:da:26:4c:46:94:c7:
         ef:15:0d:70:47:25:68:ec:e0:65:1d:76:0b:cd:6f:e8:e8:c0:
         3f:d9:40:4f:37:20:1d:2f:49:7a:d1:ed:88:cf:00:67:1f:18:
         29:bf:20:c7:4d:9e:4d:5d:3c:da:d7:dc:f0:e9:6b:7f:fc:5f:
         a8:90:10:43:c8:dc:e3:68:21:db:11:1a:f8:8f:ca:18:36:9e:
         fe:54:75:bb:52:12:23:1f:5b:57:85:3a:7e:1b:e3:0d:45:0f:
         20:c3:ec:9f:85:71:65:14:28:da:14:3c:3d:81:ad:8b:54:73:
         ee:f1:f8:fa:4f:4a:4e:ee:ca:b6:ae:f3:cf:18:c7:fc:68:6d:
         5e:b9:dd:92:b2:8e:fa:9a:5e:e4:e2:22:cb:38:ac:14:2a:eb:
         b4:43:0d:98:38:0e:ab:58:31:01:c8:69:07:96:da:75:a9:c7:
         42:c7:18:5f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSH9wCR1kDwbRIN/ZK+BSqToQ9C8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YmU3MmNmZTgzZmE5ODI5NDBlYzliMjI2OGE2MDNjZDYy
MDQyZGMzMzNhOGYwZDVhOGY3ZDE4OWRlZWY3ZjczMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyngT3dTcJ04H5kbGIyS+LdOm/HsMsaZoQ7EdUHBlbdzNX
xqAlX0XqS4pR2hYub88pnhbln73wnKS148br/Tv8bAI+cMTBbRfoWfCmT9+qoWZv
2J7nK4O66CH8QGq69/8wUk5CG7Ro+vBSIvXg9nAQZt1S/vPZbHz0sLjp9vHi90R6
/Rq4n5neMZzOm5g4v9l7WDiyXUrjVdyLZPp3ytNsQNaADMBrNh9QnZxQTOqR7XZN
lTwnlNM06mUXdFeHVOfpXjHPReQIsGGl6ntr+gqP+fCRHFsqEbBR04A1quzzh143
eANbBjLPgTuOANLvkBPFWB/KBX8XhI2JX58NIJaRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0VEbMokSz7xWuyE4+dGdo0rlBfcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YzZTViZjdjLWQ2M2MtNGUwOS05YTM4LThmMjZkNWE3MDczNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSIkgwDQYJKoZIhvcNAQELBQADggEBAAWtI5RkUVktZMIxXo67EZ2cs4qk
w7tYhJFoPmLPUD7dHeI3H0dvbVzqvfeNB/r3bK1PT1iyBciInAwPVdc6sDDEVmve
8Czb/j93nW83FDFZQ1zd8tomTEaUx+8VDXBHJWjs4GUddgvNb+jowD/ZQE83IB0v
SXrR7YjPAGcfGCm/IMdNnk1dPNrX3PDpa3/8X6iQEEPI3ONoIdsRGviPyhg2nv5U
dbtSEiMfW1eFOn4b4w1FDyDD7J+FcWUUKNoUPD2BrYtUc+7x+PpPSk7uyrau888Y
x/xobV653ZKyjvqaXuTiIss4rBQq67RDDZg4DqtYMQHIaQeW2nWpx0LHGF8=
-----END CERTIFICATE-----