Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c186747-e358-4d19-8457-c1e7d14e1944.roa
File:                     0c186747-e358-4d19-8457-c1e7d14e1944.roa (raw, json)
Hash identifier:          KLsplSyoWrlOHeM80dWFksqcl3Zzw3oPSNfPPOGRTV0=
Subject key identifier:   A8:8E:CB:4A:97:71:1A:C4:7C:BD:D3:D7:00:97:E9:43:43:5A:03:61
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F0397A82EB321582AE004CD68A3927F4E00C557
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c186747-e358-4d19-8457-c1e7d14e1944.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        194.148.64.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:03:97:a8:2e:b3:21:58:2a:e0:04:cd:68:a3:92:7f:4e:00:c5:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=9b2f622adee6cd09e07657d15631bcd259b622ec0bef3e34f60213e2167e6d3e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4f:6f:d0:48:56:63:71:80:52:5f:84:e9:19:
                    38:98:2e:30:02:22:7a:dc:e3:6d:54:02:d1:b7:4e:
                    a8:f0:32:7c:97:ec:a0:57:29:62:b0:a4:c6:49:15:
                    8b:5c:88:05:dc:13:e5:41:b2:6a:2b:fd:30:61:9c:
                    c2:0a:40:5d:96:ed:19:7f:75:31:01:a3:13:f8:bd:
                    39:28:8f:bb:23:a0:ec:84:f4:e6:00:f2:26:bc:87:
                    c0:3d:16:41:1b:5c:25:c5:9f:b0:37:f9:58:9d:74:
                    54:d4:d9:7e:d7:85:05:52:f2:75:2a:6b:f5:12:90:
                    a5:55:8c:95:4e:ac:4a:e6:e3:43:8e:bb:ba:81:bf:
                    ed:13:30:64:d2:2b:62:e1:04:ea:4c:bd:9d:7c:17:
                    f7:1c:51:a0:76:ed:45:39:6a:65:a8:65:e2:eb:12:
                    5f:ab:75:11:fa:48:11:50:9c:bf:c7:c2:a1:eb:f1:
                    4d:9f:a3:53:26:a6:85:d3:f7:64:45:78:60:36:51:
                    a6:60:81:57:e3:11:56:8d:a0:c4:fb:8b:f2:76:91:
                    22:9e:08:4b:94:22:4f:2d:7e:73:18:3b:63:4f:01:
                    43:7c:d9:dd:20:ce:0c:d8:a7:14:72:4a:c7:49:d6:
                    4b:d6:a6:4d:8e:c6:0c:1e:24:95:e9:8e:dd:61:1b:
                    91:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:8E:CB:4A:97:71:1A:C4:7C:BD:D3:D7:00:97:E9:43:43:5A:03:61
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c186747-e358-4d19-8457-c1e7d14e1944.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.148.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         c0:52:a6:6b:b1:71:d6:bb:81:d6:77:3c:9d:b8:12:a4:0e:0a:
         15:0c:4b:a1:72:1a:53:2d:d3:ee:6d:23:65:fb:14:26:fe:ec:
         4a:3f:4e:4b:9d:83:69:5e:75:7f:34:e9:84:52:54:f2:36:2f:
         68:c7:94:a3:7d:0b:a0:2a:8c:10:95:9a:3e:b0:1a:88:e3:66:
         56:c0:70:8b:3a:66:63:4f:24:09:59:3d:32:2e:e7:46:73:e2:
         dc:4a:67:fc:81:6a:98:18:7b:de:e0:6f:1d:8a:57:a5:67:4c:
         91:01:1e:35:08:49:bb:1f:5f:c3:b7:cf:90:ab:99:93:e0:34:
         a9:53:62:45:3c:c3:1c:1b:56:95:4e:d2:3e:b3:ef:bf:6d:ec:
         25:9d:5c:2b:b3:d0:f5:fc:2b:12:76:2a:65:11:9f:31:c9:e0:
         af:55:cf:cc:87:29:7a:d3:f2:ef:88:30:6a:da:4b:a9:82:7f:
         a1:11:0d:ec:ee:08:f5:bf:a4:69:2a:d7:5f:4c:3f:d5:f7:48:
         e0:85:fd:98:d2:3d:72:49:a1:3b:15:8d:c9:f8:83:89:0e:42:
         6f:5e:16:dc:11:27:60:b4:74:54:b4:1c:9f:5f:b7:bd:60:ae:
         7d:55:bf:4e:61:77:5c:2c:e1:6a:41:bd:9c:1e:52:a7:11:41:
         24:eb:3b:7e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULwOXqC6zIVgq4ATNaKOSf04AxVcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjJmNjIyYWRlZTZjZDA5ZTA3NjU3ZDE1NjMxYmNkMjU5
YjYyMmVjMGJlZjNlMzRmNjAyMTNlMjE2N2U2ZDNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFT2/QSFZjcYBSX4TpGTiYLjACInrc421UAtG3TqjwMnyX
7KBXKWKwpMZJFYtciAXcE+VBsmor/TBhnMIKQF2W7Rl/dTEBoxP4vTkoj7sjoOyE
9OYA8ia8h8A9FkEbXCXFn7A3+ViddFTU2X7XhQVS8nUqa/USkKVVjJVOrErm40OO
u7qBv+0TMGTSK2LhBOpMvZ18F/ccUaB27UU5amWoZeLrEl+rdRH6SBFQnL/HwqHr
8U2fo1MmpoXT92RFeGA2UaZggVfjEVaNoMT7i/J2kSKeCEuUIk8tfnMYO2NPAUN8
2d0gzgzYpxRySsdJ1kvWpk2OxgweJJXpjt1hG5F7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqI7LSpdxGsR8vdPXAJfpQ0NaA2EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBjMTg2NzQ3LWUzNTgtNGQxOS04NDU3LWMxZTdkMTRlMTk0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXClEAwDQYJKoZIhvcNAQELBQADggEBAMBSpmuxcda7gdZ3PJ24EqQOChUM
S6FyGlMt0+5tI2X7FCb+7Eo/Tkudg2ledX806YRSVPI2L2jHlKN9C6AqjBCVmj6w
GojjZlbAcIs6ZmNPJAlZPTIu50Zz4txKZ/yBapgYe97gbx2KV6VnTJEBHjUISbsf
X8O3z5CrmZPgNKlTYkU8wxwbVpVO0j6z779t7CWdXCuz0PX8KxJ2KmURnzHJ4K9V
z8yHKXrT8u+IMGraS6mCf6ERDezuCPW/pGkq119MP9X3SOCF/ZjSPXJJoTsVjcn4
g4kOQm9eFtwRJ2C0dFS0HJ9ft71grn1Vv05hd1ws4WpBvZweUqcRQSTrO34=
-----END CERTIFICATE-----