Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f45b3999-d7eb-455f-9f33-69b0a5d3115c.roa
File:                     f45b3999-d7eb-455f-9f33-69b0a5d3115c.roa (raw, json)
Hash identifier:          /0mmim3MMyiyoVeiY7Huh0URwun9UdzMLk8NNtdjy3k=
Subject key identifier:   B1:71:FB:FC:B3:B5:E2:53:9E:BC:95:A7:41:14:2C:FF:36:66:35:00
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4669E0BFEC9DED6EF4C5E6B6EA3B18DFC6DA66EC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f45b3999-d7eb-455f-9f33-69b0a5d3115c.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.198.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:69:e0:bf:ec:9d:ed:6e:f4:c5:e6:b6:ea:3b:18:df:c6:da:66:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: serialNumber=185c6362fbc655d547d6d62019cf1be854ac0db45de84b0ad70afa5f6890cf39, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a7:2f:80:29:af:d8:08:3f:96:b6:ec:c3:9d:
                    8b:be:9e:84:ae:91:a9:42:fb:f1:b6:a1:b8:3b:f3:
                    9a:e6:15:57:c6:16:1d:de:70:4f:52:88:78:80:77:
                    a1:68:a4:89:d1:c8:b2:52:2a:07:04:01:21:e1:0b:
                    cf:3b:e5:08:52:60:bd:a2:f2:5e:d2:8b:6e:6b:10:
                    40:ec:92:26:88:9b:ff:a1:73:2b:f2:84:c6:c3:1a:
                    35:df:db:1a:27:eb:a4:80:32:1e:e4:89:ab:cb:9e:
                    3a:f6:a0:19:f9:c7:38:e3:cf:e4:db:b0:13:31:b7:
                    59:d1:2f:47:24:b9:bd:5a:16:c1:5b:bb:5c:8e:e7:
                    79:4a:c7:47:bd:65:5e:30:05:54:7b:ce:9c:a7:50:
                    a6:ab:a2:de:7b:ae:a4:e3:fd:fb:cf:50:dd:a9:5e:
                    92:5e:fd:32:ab:71:50:da:fe:8c:3f:60:85:e5:8a:
                    57:0c:13:33:a5:ec:01:89:4a:49:37:9c:4d:82:34:
                    4d:60:fd:d5:11:2d:4d:61:61:7e:66:68:e4:b5:ae:
                    07:e0:e7:eb:1a:e7:2d:17:aa:1b:ec:08:3d:f2:d7:
                    a4:ee:26:dc:b9:0e:f4:24:63:20:f5:6b:26:c8:89:
                    86:7b:11:5d:02:e8:b4:02:b7:51:b4:59:c0:e4:24:
                    9d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:71:FB:FC:B3:B5:E2:53:9E:BC:95:A7:41:14:2C:FF:36:66:35:00
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f45b3999-d7eb-455f-9f33-69b0a5d3115c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.198.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         66:2a:a6:9d:a9:7a:ee:c6:20:3b:cf:62:5b:31:8b:d3:75:a7:
         72:ad:b7:a0:20:b5:3b:47:66:0b:fc:fb:93:25:ee:9d:49:e3:
         10:1c:a6:aa:36:75:76:7c:91:24:be:bf:43:04:fc:93:5b:8c:
         45:88:72:38:e8:9f:45:ed:76:eb:08:35:c2:f9:fe:c2:e1:cc:
         94:8e:5e:28:9b:e2:89:eb:27:84:a0:29:21:7f:51:9f:f0:e4:
         54:39:a6:12:bc:79:73:68:7c:0e:91:52:5e:b8:da:93:fc:06:
         ea:04:1a:6c:48:ea:04:ce:93:8b:b8:a5:2f:4c:4d:6e:08:ff:
         8a:dd:82:53:d6:67:8b:dc:d0:52:d6:13:c1:9e:5b:68:cf:47:
         1b:78:2b:2a:64:8f:d6:ec:03:26:7b:d3:7b:0b:3e:c9:a7:cc:
         95:06:bc:b5:d0:2c:d7:80:c2:ba:b6:57:06:71:28:d0:fa:d4:
         b9:8a:ed:3c:16:dd:f9:82:2e:6e:39:aa:54:d0:1d:1b:07:21:
         57:e1:04:c2:9a:10:da:3f:61:3a:f4:dd:25:05:86:89:66:2f:
         14:91:36:59:c5:50:37:a2:d5:08:bf:c0:7f:c6:33:59:45:3f:
         92:25:db:40:1c:21:8f:a5:ad:fb:57:32:18:6f:4c:44:cc:fa:
         e7:2f:a3:09
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURmngv+yd7W70xea26jsY38baZuwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxODVjNjM2MmZiYzY1NWQ1NDdkNmQ2MjAxOWNmMWJlODU0
YWMwZGI0NWRlODRiMGFkNzBhZmE1ZjY4OTBjZjM5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2py+AKa/YCD+WtuzDnYu+noSukalC+/G2obg785rmFVfG
Fh3ecE9SiHiAd6FopInRyLJSKgcEASHhC8875QhSYL2i8l7Si25rEEDskiaIm/+h
cyvyhMbDGjXf2xon66SAMh7kiavLnjr2oBn5xzjjz+TbsBMxt1nRL0ckub1aFsFb
u1yO53lKx0e9ZV4wBVR7zpynUKarot57rqTj/fvPUN2pXpJe/TKrcVDa/ow/YIXl
ilcMEzOl7AGJSkk3nE2CNE1g/dURLU1hYX5maOS1rgfg5+sa5y0XqhvsCD3y16Tu
Jty5DvQkYyD1aybIiYZ7EV0C6LQCt1G0WcDkJJ1JAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUsXH7/LO14lOevJWnQRQs/zZmNQAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y0NWIzOTk5LWQ3ZWItNDU1Zi05ZjMzLTY5YjBhNWQzMTE1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPxjANBgkqhkiG9w0BAQsFAAOCAQEAZiqmnal67sYgO89iWzGL03Wncq23
oCC1O0dmC/z7kyXunUnjEBymqjZ1dnyRJL6/QwT8k1uMRYhyOOifRe126wg1wvn+
wuHMlI5eKJviiesnhKApIX9Rn/DkVDmmErx5c2h8DpFSXrjak/wG6gQabEjqBM6T
i7ilL0xNbgj/it2CU9Zni9zQUtYTwZ5baM9HG3grKmSP1uwDJnvTews+yafMlQa8
tdAs14DCurZXBnEo0PrUuYrtPBbd+YIubjmqVNAdGwchV+EEwpoQ2j9hOvTdJQWG
iWYvFJE2WcVQN6LVCL/Af8YzWUU/kiXbQBwhj6Wt+1cyGG9MRMz65y+jCQ==
-----END CERTIFICATE-----