Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c66f342-55fa-4ae4-a07e-cf46986a2a4b.roa
File:                     0c66f342-55fa-4ae4-a07e-cf46986a2a4b.roa (raw, json)
Hash identifier:          ornyswUfhhyR5MvZ2DCb3VV1l2UrXrWleRgi0ods7mM=
Subject key identifier:   66:DE:76:9D:EA:3F:5D:45:CE:C9:A1:2A:53:54:01:97:3C:27:8B:8C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33D32710342EF49D472B4DC762E32856277872D3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c66f342-55fa-4ae4-a07e-cf46986a2a4b.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        166.108.0.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:d3:27:10:34:2e:f4:9d:47:2b:4d:c7:62:e3:28:56:27:78:72:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=ed45c919cb3132dc86297a5f3eeffb92143096b6efd29faf6ac0edea3bb8b9b3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:df:b8:1e:81:4a:9d:0b:d8:76:cf:1e:42:92:
                    c3:df:02:56:f1:ee:1c:16:6f:0f:86:46:79:0d:47:
                    62:3b:25:f0:9c:9a:af:2d:54:a2:39:17:20:f7:d4:
                    47:e8:9c:3a:9e:67:e3:69:3b:5c:a4:c0:c5:4b:31:
                    cf:b6:3f:33:80:2c:43:a8:7b:3e:0e:61:d1:5c:cf:
                    a6:99:6a:5f:3d:3a:f3:87:09:74:1a:b3:48:72:98:
                    d5:3f:08:44:c0:ea:73:38:cc:97:dc:4f:64:41:eb:
                    03:56:3c:48:69:34:93:58:20:0c:c2:6e:14:bb:88:
                    e1:72:84:1a:a9:ab:bf:a3:62:b3:17:d4:8c:b2:d3:
                    e2:fb:76:49:0a:ae:b3:72:22:f7:40:87:9b:e9:b6:
                    98:69:bc:ad:d3:91:8b:b0:e7:f7:36:ca:11:50:a2:
                    35:27:50:6f:09:c9:4b:2d:e2:e8:0c:b7:f7:41:4e:
                    1c:55:4f:54:8b:88:63:28:cd:dc:27:83:15:65:f3:
                    a0:8e:4b:6c:7a:5b:af:6f:04:e2:ff:fa:8c:1c:e8:
                    bc:ef:cc:b9:c7:af:7c:90:56:56:59:97:95:9b:0f:
                    59:72:5c:83:3e:e8:23:a3:df:2a:94:d3:a7:63:0a:
                    a7:04:59:12:6f:3f:a2:94:89:73:89:ce:e8:fd:ea:
                    48:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:DE:76:9D:EA:3F:5D:45:CE:C9:A1:2A:53:54:01:97:3C:27:8B:8C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c66f342-55fa-4ae4-a07e-cf46986a2a4b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.108.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         b1:91:49:f2:23:c1:09:87:47:08:5a:5e:52:47:67:86:fd:44:
         cd:99:c4:a6:17:c9:24:fb:e6:f3:f9:1a:c7:88:bf:f6:1f:01:
         ff:d2:bd:3e:53:9b:68:38:70:0b:8b:c0:93:77:48:04:dd:9e:
         b7:d1:be:1a:b6:86:98:70:70:b9:cd:6f:4a:b3:e6:84:f3:cf:
         fb:20:73:24:93:2f:62:7f:fa:a8:87:e5:01:1f:39:8b:fa:0a:
         c0:76:f8:af:5c:5d:d8:31:1c:8b:4a:3c:c6:68:f4:00:05:ef:
         1c:f3:9b:ab:55:a7:c9:03:f6:ed:cc:af:b2:02:d6:ef:cc:aa:
         5d:5f:9b:b0:06:c7:70:ef:f8:9d:b9:b3:e1:a4:f5:60:5d:7f:
         98:05:b2:e8:dd:a1:d5:a6:ba:ed:7f:17:6d:41:8d:80:d1:f0:
         2a:e5:82:6c:c0:b7:94:d6:df:c1:fb:4d:96:a6:3a:75:cb:44:
         24:7a:5d:4b:fe:db:c8:1e:f4:46:0f:81:83:71:ba:d2:6b:91:
         46:28:04:94:36:74:af:63:d5:21:e1:8f:88:66:bb:1b:84:60:
         e0:6f:47:42:0e:fa:bf:4a:f2:33:89:b0:07:0d:dd:fe:80:fe:
         2d:36:69:26:65:bc:11:25:c6:d5:3a:2e:d0:ce:18:db:6f:a3:
         b6:78:fc:e6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM9MnEDQu9J1HK03HYuMoVid4ctMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDQ1YzkxOWNiMzEzMmRjODYyOTdhNWYzZWVmZmI5MjE0
MzA5NmI2ZWZkMjlmYWY2YWMwZWRlYTNiYjhiOWIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDV37gegUqdC9h2zx5CksPfAlbx7hwWbw+GRnkNR2I7JfCc
mq8tVKI5FyD31EfonDqeZ+NpO1ykwMVLMc+2PzOALEOoez4OYdFcz6aZal89OvOH
CXQas0hymNU/CETA6nM4zJfcT2RB6wNWPEhpNJNYIAzCbhS7iOFyhBqpq7+jYrMX
1Iyy0+L7dkkKrrNyIvdAh5vptphpvK3TkYuw5/c2yhFQojUnUG8JyUst4ugMt/dB
ThxVT1SLiGMozdwngxVl86COS2x6W69vBOL/+owc6LzvzLnHr3yQVlZZl5WbD1ly
XIM+6COj3yqU06djCqcEWRJvP6KUiXOJzuj96kjNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZt52neo/XUXOyaEqU1QBlzwni4wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBjNjZmMzQyLTU1ZmEtNGFlNC1hMDdlLWNmNDY5ODZhMmE0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWmbAAwDQYJKoZIhvcNAQELBQADggEBALGRSfIjwQmHRwhaXlJHZ4b9RM2Z
xKYXyST75vP5GseIv/YfAf/SvT5Tm2g4cAuLwJN3SATdnrfRvhq2hphwcLnNb0qz
5oTzz/sgcySTL2J/+qiH5QEfOYv6CsB2+K9cXdgxHItKPMZo9AAF7xzzm6tVp8kD
9u3Mr7IC1u/Mql1fm7AGx3Dv+J25s+Gk9WBdf5gFsujdodWmuu1/F21BjYDR8Crl
gmzAt5TW38H7TZamOnXLRCR6XUv+28ge9EYPgYNxutJrkUYoBJQ2dK9j1SHhj4hm
uxuEYOBvR0IO+r9K8jOJsAcN3f6A/i02aSZlvBElxtU6LtDOGNtvo7Z4/OY=
-----END CERTIFICATE-----