Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7083e94-0597-4220-8f73-97f85a03a9ae.roa
File:                     f7083e94-0597-4220-8f73-97f85a03a9ae.roa (raw, json)
Hash identifier:          bZpC8r1OVi1j/uGamo04wIZneT1jrXXv6EQnxLxHlRE=
Subject key identifier:   E3:67:4A:D1:AD:B3:8B:AB:F2:1F:E7:D9:6C:C9:FA:F8:1C:C9:5E:4B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4626DB80B781C25745467B3119AECD225575BCFD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7083e94-0597-4220-8f73-97f85a03a9ae.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.204.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:26:db:80:b7:81:c2:57:45:46:7b:31:19:ae:cd:22:55:75:bc:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:26:d2:c5:00:4b:4a:01:0e:0d:ef:24:ba:72:
                    38:10:49:43:26:46:c4:b7:ba:41:29:df:e7:b1:67:
                    9f:64:ec:79:97:23:d8:4b:5c:f0:9b:c1:8e:86:47:
                    97:41:14:ed:74:67:03:f2:2a:04:47:51:94:34:63:
                    0f:8b:39:ec:67:ef:ee:92:60:9e:25:ef:0a:8e:43:
                    a5:40:db:db:88:2a:06:ad:3f:5a:99:ed:7b:e6:6a:
                    dc:63:12:9e:f5:61:f4:98:00:5d:c5:36:05:66:80:
                    b2:11:4a:32:b2:ff:78:58:0d:75:5e:be:00:b0:3c:
                    37:9f:22:7f:76:62:d2:41:bc:93:7d:46:f2:a5:e0:
                    94:87:7b:44:0a:05:29:d3:37:cf:4d:1d:b8:65:dc:
                    3d:ed:f3:b0:3d:d8:39:37:e4:8e:cd:6a:99:16:8c:
                    cb:86:13:48:c0:9b:a8:c3:12:bf:46:8d:c7:e6:97:
                    38:cf:da:dd:c9:8d:5f:b3:d0:b4:f7:8d:a3:4c:34:
                    87:b2:ab:d6:55:78:92:39:f1:da:54:c7:a2:41:f4:
                    e4:77:68:8f:84:bf:25:c9:da:dd:96:43:e4:e5:d1:
                    4e:ef:24:a4:16:be:80:9d:4f:79:88:ba:70:01:96:
                    e4:2e:fb:85:a5:48:2a:93:83:1f:ea:9e:c9:82:de:
                    e6:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:67:4A:D1:AD:B3:8B:AB:F2:1F:E7:D9:6C:C9:FA:F8:1C:C9:5E:4B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7083e94-0597-4220-8f73-97f85a03a9ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.204.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         63:dd:27:1c:b6:44:fc:66:22:3b:9b:60:e1:27:18:0d:4c:83:
         f9:30:88:5f:7a:cc:7c:d3:ff:84:b2:a4:92:7c:1d:d5:15:61:
         03:ee:16:72:15:50:fa:79:0b:8b:21:5e:5f:85:98:fc:a5:3e:
         b6:a5:48:43:b0:34:24:3e:35:0e:8e:27:2c:c8:ae:54:24:76:
         2d:12:87:5e:c7:d6:9b:b2:1e:f6:b5:8c:5f:52:b2:1e:5c:d4:
         0c:bd:c9:1b:ae:a0:53:16:e8:92:12:13:2f:97:dd:c6:a7:6f:
         cd:d3:a7:82:29:b3:e8:ea:0a:df:1e:27:76:cb:5f:3e:f9:f3:
         d4:8b:36:a8:e5:31:5a:43:b7:8f:c3:3f:42:eb:a0:d9:ee:d5:
         fc:27:01:67:58:47:9e:2c:cb:3c:52:ee:4e:49:11:ed:ba:8f:
         1b:f2:24:a9:40:64:7a:08:ee:31:2f:80:55:27:8a:81:8c:40:
         12:78:a5:5f:5f:e9:57:cc:23:49:1b:75:d6:c5:71:62:f4:83:
         df:dd:b8:18:e0:d6:7c:a2:a3:48:47:07:8c:a2:87:8c:b6:85:
         d9:33:6b:d7:e8:c8:87:6a:cf:21:d0:ca:4b:ef:32:50:2a:dd:
         fb:8f:b3:c8:fc:97:d1:74:e5:f0:69:60:aa:73:6a:d5:3b:ed:
         93:7c:0c:1a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURibbgLeBwldFRnsxGa7NIlV1vP0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEzMDAwMDAwWhcNMjUwMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjVkMGIyZmI0MzZiM2JmYmI5Yzk3ZTE1YWIyZGViZmM2
MDI1NzgxNDM1MzE0NjA0NjMwOWRhYjIzZDE0MjhjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtJtLFAEtKAQ4N7yS6cjgQSUMmRsS3ukEp3+exZ59k7HmX
I9hLXPCbwY6GR5dBFO10ZwPyKgRHUZQ0Yw+LOexn7+6SYJ4l7wqOQ6VA29uIKgat
P1qZ7XvmatxjEp71YfSYAF3FNgVmgLIRSjKy/3hYDXVevgCwPDefIn92YtJBvJN9
RvKl4JSHe0QKBSnTN89NHbhl3D3t87A92Dk35I7NapkWjMuGE0jAm6jDEr9Gjcfm
lzjP2t3JjV+z0LT3jaNMNIeyq9ZVeJI58dpUx6JB9OR3aI+EvyXJ2t2WQ+Tl0U7v
JKQWvoCdT3mIunABluQu+4WlSCqTgx/qnsmC3uYPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU42dK0a2zi6vyH+fZbMn6+BzJXkswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y3MDgzZTk0LTA1OTctNDIyMC04ZjczLTk3Zjg1YTAzYTlhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwISzDANBgkqhkiG9w0BAQsFAAOCAQEAY90nHLZE/GYiO5tg4ScYDUyD+TCI
X3rMfNP/hLKkknwd1RVhA+4WchVQ+nkLiyFeX4WY/KU+tqVIQ7A0JD41Do4nLMiu
VCR2LRKHXsfWm7Ie9rWMX1KyHlzUDL3JG66gUxbokhITL5fdxqdvzdOngimz6OoK
3x4ndstfPvnz1Is2qOUxWkO3j8M/Quug2e7V/CcBZ1hHnizLPFLuTkkR7bqPG/Ik
qUBkegjuMS+AVSeKgYxAEnilX1/pV8wjSRt11sVxYvSD3924GODWfKKjSEcHjKKH
jLaF2TNr1+jIh2rPIdDKS+8yUCrd+4+zyPyX0XTl8GlgqnNq1Tvtk3wMGg==
-----END CERTIFICATE-----