Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/039754ce-1b1a-43a0-baf8-9c4820b010e6.roa
File:                     039754ce-1b1a-43a0-baf8-9c4820b010e6.roa (raw, json)
Hash identifier:          LnxbmkSaKluGk8YVM8TXjbUHb7pr7YNTuK+mQ6MO3h4=
Subject key identifier:   1E:77:02:ED:EE:DC:53:19:1C:03:26:46:13:28:D6:B8:0E:42:9E:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       52E639A4D4E707A0D18F369C43D6346DCCFE849D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/039754ce-1b1a-43a0-baf8-9c4820b010e6.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        162.85.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:e6:39:a4:d4:e7:07:a0:d1:8f:36:9c:43:d6:34:6d:cc:fe:84:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=f58b7ee248a38225a1f501bb084e698e6c67e40e74fb470c109b989067239ce7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e2:67:3c:ea:ff:4d:3a:fd:30:d8:fe:c6:81:
                    d9:3b:ea:a0:4d:fb:94:1d:55:fb:06:9f:56:50:eb:
                    1a:5e:63:bd:a6:95:62:f7:a7:ed:30:3f:89:7e:e5:
                    98:80:53:d4:20:4a:a2:09:f4:e9:89:b1:6a:45:9d:
                    b1:f8:b0:8b:a2:66:2b:e7:2e:13:2b:14:04:aa:cc:
                    fb:58:df:6d:dd:d5:b6:35:fe:bd:f4:c1:71:45:35:
                    20:8e:97:ad:45:88:89:18:3f:50:ca:4b:45:0e:d5:
                    3d:65:0b:e5:f3:7e:d5:b5:85:27:c0:eb:20:d5:f1:
                    da:16:a9:c4:64:94:df:b2:ba:ce:44:a1:d9:fc:88:
                    66:c3:a4:9b:43:e6:84:6a:44:d0:02:e7:a1:a4:ab:
                    b4:0c:35:65:94:a4:e1:e5:ea:06:e2:6a:0e:55:59:
                    0b:f7:fd:b5:18:08:f5:51:6d:20:84:68:fc:9d:02:
                    e3:30:cf:94:17:ee:06:e2:9a:30:cf:d1:fb:31:86:
                    a1:96:df:22:43:98:9b:32:7d:8d:ff:bf:22:19:cb:
                    be:09:52:6e:a2:7c:4f:5b:89:d7:df:3a:09:39:bf:
                    85:49:da:30:89:59:f3:66:e5:77:e5:c4:0b:92:a9:
                    0e:dd:aa:e9:3a:5f:6b:a3:e8:83:6a:40:b7:02:1f:
                    88:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:77:02:ED:EE:DC:53:19:1C:03:26:46:13:28:D6:B8:0E:42:9E:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/039754ce-1b1a-43a0-baf8-9c4820b010e6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.85.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         89:75:59:bd:27:7a:f6:88:e8:b3:67:b0:83:f4:99:bb:b7:18:
         1e:5f:f1:00:63:28:64:fd:22:1f:74:a5:13:40:f4:05:f3:dc:
         d1:68:c0:ae:13:c7:64:e6:66:ce:cf:bf:27:25:32:43:e9:49:
         dd:2c:62:1f:a6:4c:45:97:4d:2f:75:16:49:74:34:0e:31:e2:
         99:49:02:6a:bc:46:0a:11:02:70:62:fb:19:f9:89:00:29:f7:
         23:0d:aa:60:2b:e2:5f:2c:38:fb:82:fc:5e:84:09:61:58:ca:
         63:f6:ad:53:65:75:3d:be:b8:5f:34:8a:3a:fb:9d:31:bb:bd:
         53:1d:70:06:dd:29:6c:86:db:38:68:89:ba:d6:70:0e:af:d6:
         09:2c:6c:aa:1a:c0:7c:92:0e:c8:1b:49:78:32:36:db:df:81:
         69:8f:69:66:7a:15:b4:cc:90:dd:98:b5:de:5e:99:a2:a6:7b:
         43:99:a1:b3:6b:84:be:cc:b4:63:f3:aa:85:e1:10:d0:9e:6f:
         3d:a4:84:bd:77:57:e5:be:26:76:d1:d5:b1:1e:8c:42:01:f8:
         67:2e:58:ed:a4:c2:a6:cb:e3:2e:87:a6:58:b9:bd:7d:e8:a1:
         10:51:03:5c:ba:54:86:79:ba:26:b8:ec:e6:d5:61:06:e0:9a:
         0b:a9:c1:91
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUuY5pNTnB6DRjzacQ9Y0bcz+hJ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNThiN2VlMjQ4YTM4MjI1YTFmNTAxYmIwODRlNjk4ZTZj
NjdlNDBlNzRmYjQ3MGMxMDliOTg5MDY3MjM5Y2U3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC24mc86v9NOv0w2P7Ggdk76qBN+5QdVfsGn1ZQ6xpeY72m
lWL3p+0wP4l+5ZiAU9QgSqIJ9OmJsWpFnbH4sIuiZivnLhMrFASqzPtY323d1bY1
/r30wXFFNSCOl61FiIkYP1DKS0UO1T1lC+XzftW1hSfA6yDV8doWqcRklN+yus5E
odn8iGbDpJtD5oRqRNAC56Gkq7QMNWWUpOHl6gbiag5VWQv3/bUYCPVRbSCEaPyd
AuMwz5QX7gbimjDP0fsxhqGW3yJDmJsyfY3/vyIZy74JUm6ifE9bidffOgk5v4VJ
2jCJWfNm5XflxAuSqQ7dquk6X2uj6INqQLcCH4gfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHncC7e7cUxkcAyZGEyjWuA5CnrowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzOTc1NGNlLTFiMWEtNDNhMC1iYWY4LTljNDgyMGIwMTBlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCiVTANBgkqhkiG9w0BAQsFAAOCAQEAiXVZvSd69ojos2ewg/SZu7cYHl/x
AGMoZP0iH3SlE0D0BfPc0WjArhPHZOZmzs+/JyUyQ+lJ3SxiH6ZMRZdNL3UWSXQ0
DjHimUkCarxGChECcGL7GfmJACn3Iw2qYCviXyw4+4L8XoQJYVjKY/atU2V1Pb64
XzSKOvudMbu9Ux1wBt0pbIbbOGiJutZwDq/WCSxsqhrAfJIOyBtJeDI229+BaY9p
ZnoVtMyQ3Zi13l6ZoqZ7Q5mhs2uEvsy0Y/OqheEQ0J5vPaSEvXdX5b4mdtHVsR6M
QgH4Zy5Y7aTCpsvjLoemWLm9feihEFEDXLpUhnm6Jrjs5tVhBuCaC6nBkQ==
-----END CERTIFICATE-----