Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/cf60d33d-adb0-4b6a-a12c-3d4b22ea84c0/d9dced0a-47bb-3a09-a926-a8a7720c265b.roa
File:                     d9dced0a-47bb-3a09-a926-a8a7720c265b.roa (raw, json)
Hash identifier:          NpshAPmv4nV8/7hl2Us86sVlMXvZ3iAC3MLl1ZtEyUc=
Subject key identifier:   63:11:EB:08:25:B1:FC:12:02:43:05:25:45:FA:DF:92:FA:38:50:4D
Certificate issuer:       /CN=cf60d33d-adb0-4b6a-a12c-3d4b22ea84c0
Certificate serial:       010D0C9F4328584498A4308967E27C70AAE0CD00
Authority key identifier: AE:FE:3F:1F:93:EA:39:58:6E:45:50:10:E7:00:77:6E:7A:D6:29:F2
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/cf60d33d-adb0-4b6a-a12c-3d4b22ea84c0.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/cf60d33d-adb0-4b6a-a12c-3d4b22ea84c0/d9dced0a-47bb-3a09-a926-a8a7720c265b.roa
Signing time:             Thu 18 Jan 2024 17:12:50 +0000
ROA not before:           Thu 18 Jan 2024 17:12:50 +0000
ROA not after:            Wed 17 Apr 2024 16:12:50 +0000
asID:                     14220
IP address blocks:        208.94.208.0/24 maxlen: 24
                          208.94.209.0/24 maxlen: 24
                          208.94.210.0/24 maxlen: 24
                          208.94.211.0/24 maxlen: 24
                          208.94.212.0/24 maxlen: 24
                          208.94.213.0/24 maxlen: 24
                          208.94.214.0/24 maxlen: 24
                          208.94.215.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:44:98:a4:30:89:67:e2:7c:70:aa:e0:cd:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf60d33d-adb0-4b6a-a12c-3d4b22ea84c0
        Validity
            Not Before: Jan 18 17:12:50 2024 GMT
            Not After : Apr 17 16:12:50 2024 GMT
        Subject: CN=fca86bdd-9b8f-4cb5-9363-6b6e19275dbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3d:e4:2d:19:45:4b:eb:d9:09:92:e3:fb:a9:
                    a7:c0:05:18:4a:d4:d6:d2:63:27:e6:14:6d:cd:ce:
                    60:14:7f:cd:05:54:1d:54:99:40:71:50:89:4f:15:
                    f8:63:b7:2b:8c:94:13:3c:77:82:5f:d6:95:9a:4e:
                    a6:ea:cc:de:7f:84:76:3d:58:8d:0d:c4:df:91:2e:
                    7f:37:e8:20:09:82:99:d9:8d:78:44:81:da:10:ff:
                    23:48:4f:b9:0f:b8:bf:5f:7d:c9:c5:34:0f:54:76:
                    16:0d:51:e1:2f:8f:21:dd:cf:9f:be:49:e9:3e:5d:
                    5c:ff:92:8d:2b:30:8e:5c:2f:ef:b1:84:fe:b2:ea:
                    6a:d3:27:37:75:29:e7:f6:25:57:7c:e3:9a:c4:73:
                    07:e1:29:7a:07:2e:94:cf:36:22:a2:f2:f0:0f:5f:
                    9e:70:b7:5d:3f:51:3d:ad:9b:83:f8:08:f4:82:06:
                    85:77:70:5f:62:c2:8f:c3:85:d3:92:e6:d0:7c:e9:
                    78:e5:05:75:f2:95:fd:9a:28:0f:ef:1d:c3:05:4a:
                    22:19:01:00:22:63:c4:8d:b1:d5:d7:ec:5f:66:83:
                    74:68:f5:9f:67:11:0f:52:0a:75:24:18:37:b0:25:
                    c8:6c:cd:60:ef:fa:d8:8d:71:53:b2:b3:0b:58:c2:
                    6d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:11:EB:08:25:B1:FC:12:02:43:05:25:45:FA:DF:92:FA:38:50:4D
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/cf60d33d-adb0-4b6a-a12c-3d4b22ea84c0/d9dced0a-47bb-3a09-a926-a8a7720c265b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/cf60d33d-adb0-4b6a-a12c-3d4b22ea84c0/cf60d33d-adb0-4b6a-a12c-3d4b22ea84c0.crl

            X509v3 Authority Key Identifier:
                keyid:AE:FE:3F:1F:93:EA:39:58:6E:45:50:10:E7:00:77:6E:7A:D6:29:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/cf60d33d-adb0-4b6a-a12c-3d4b22ea84c0.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.94.208.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         77:15:ec:8f:d4:2b:d7:47:2a:43:a9:5b:08:40:24:a5:9e:11:
         3c:7b:d5:f3:53:6f:7f:e1:38:8e:9c:8a:ba:5b:1d:e2:d8:f0:
         ce:3a:2f:2c:f7:90:a6:79:6d:f3:48:59:6d:3e:1e:60:1d:9f:
         6a:64:c9:ce:cb:05:30:14:16:53:d0:72:37:65:2f:48:4d:60:
         28:70:ae:e8:1a:56:fb:19:c6:c1:8d:36:49:33:ef:b9:2e:86:
         e9:df:61:e7:f8:ce:e9:65:13:9d:86:13:47:de:3a:7f:ef:ea:
         44:fb:71:bd:fc:5b:ba:14:5e:da:c5:11:3d:a5:c4:dc:eb:31:
         5c:0e:57:10:ca:4c:2d:f0:fc:48:76:43:d8:e1:b5:e3:20:4d:
         59:27:23:d1:dc:fb:8a:cc:7d:bb:93:f5:99:52:b9:c3:0a:20:
         7c:8f:1b:97:49:d5:02:5b:1d:5c:26:78:ad:a0:e8:4f:cc:c1:
         41:ca:77:46:42:17:21:41:ac:7a:cb:1b:0f:84:bd:43:14:a9:
         e5:e5:34:4b:73:d1:3b:1f:1f:0d:2d:1a:b5:e5:97:96:7f:89:
         0e:f0:f8:a7:8f:09:8f:fa:64:bb:cc:18:c1:89:6b:6b:c8:e9:
         47:d0:4e:a4:2c:31:dc:94:fc:37:ce:f7:93:e7:23:6e:04:26:
         c0:bc:62:31
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWESYpDCJZ+J8cKrgzQAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkY2Y2MGQzM2QtYWRiMC00YjZhLWExMmMtM2Q0YjIyZWE4
NGMwMB4XDTI0MDExODE3MTI1MFoXDTI0MDQxNzE2MTI1MFowLzEtMCsGA1UEAxMk
ZmNhODZiZGQtOWI4Zi00Y2I1LTkzNjMtNmI2ZTE5Mjc1ZGJmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1D3kLRlFS+vZCZLj+6mnwAUYStTW0mMn5hRt
zc5gFH/NBVQdVJlAcVCJTxX4Y7crjJQTPHeCX9aVmk6m6szef4R2PViNDcTfkS5/
N+ggCYKZ2Y14RIHaEP8jSE+5D7i/X33JxTQPVHYWDVHhL48h3c+fvknpPl1c/5KN
KzCOXC/vsYT+supq0yc3dSnn9iVXfOOaxHMH4Sl6By6UzzYiovLwD1+ecLddP1E9
rZuD+Aj0ggaFd3BfYsKPw4XTkubQfOl45QV18pX9migP7x3DBUoiGQEAImPEjbHV
1+xfZoN0aPWfZxEPUgp1JBg3sCXIbM1g7/rYjXFTsrMLWMJtEQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFGMR6wglsfwSAkMFJUX635L6OFBNMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIzMy05YTg4LTViMjJkMmE4MzM3ZC9jZjYw
ZDMzZC1hZGIwLTRiNmEtYTEyYy0zZDRiMjJlYTg0YzAvZDlkY2VkMGEtNDdiYi0z
YTA5LWE5MjYtYThhNzcyMGMyNjViLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy80YWI3YWU0ZC1i
ZDdiLTRiMzMtOWE4OC01YjIyZDJhODMzN2QvY2Y2MGQzM2QtYWRiMC00YjZhLWEx
MmMtM2Q0YjIyZWE4NGMwL2NmNjBkMzNkLWFkYjAtNGI2YS1hMTJjLTNkNGIyMmVh
ODRjMC5jcmwwHwYDVR0jBBgwFoAUrv4/H5PqOVhuRVAQ5wB3bnrWKfIwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIz
My05YTg4LTViMjJkMmE4MzM3ZC9jZjYwZDMzZC1hZGIwLTRiNmEtYTEyYy0zZDRi
MjJlYTg0YzAuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD0F7QMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAHcV7I/UK9dHKkOpWwhAJKWeETx71fNTb3/hOI6cirpbHeLY8M46Lyz3
kKZ5bfNIWW0+HmAdn2pkyc7LBTAUFlPQcjdlL0hNYChwrugaVvsZxsGNNkkz77ku
hunfYef4zullE52GE0feOn/v6kT7cb38W7oUXtrFET2lxNzrMVwOVxDKTC3w/Eh2
Q9jhteMgTVknI9Hc+4rMfbuT9ZlSucMKIHyPG5dJ1QJbHVwmeK2g6E/MwUHKd0ZC
FyFBrHrLGw+EvUMUqeXlNEtz0TsfHw0tGrXll5Z/iQ7w+KePCY/6ZLvMGMGJa2vI
6UfQTqQsMdyU/DfO95PnI24EJsC8YjE=
-----END CERTIFICATE-----