Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/132da6ff-a8f0-434d-86f2-458d471a0187.roa
File:                     132da6ff-a8f0-434d-86f2-458d471a0187.roa (raw, json)
Hash identifier:          60I+Q89CiEGBmZNKLWnNCU0/kUDtByK/tm3j/BGUx78=
Subject key identifier:   2E:81:A3:5A:CC:9C:A6:2D:2C:0C:2D:C7:84:37:B1:10:93:D4:D4:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3208A200C651CD9819B20FEA11F0F4436FE45968
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/132da6ff-a8f0-434d-86f2-458d471a0187.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        134.43.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:08:a2:00:c6:51:cd:98:19:b2:0f:ea:11:f0:f4:43:6f:e4:59:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: serialNumber=fd5647a38665b5e86d0347e545c7228672acc054b51bdfa0d2fcfd1246354cf5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ad:00:77:cd:7e:35:4f:13:ba:3e:ac:94:81:
                    60:f6:a7:c8:77:ae:0c:87:a8:cd:96:e9:1d:b4:e9:
                    14:ed:5b:88:d0:76:bf:34:78:0c:44:28:2d:16:c3:
                    a4:03:02:ee:d5:b7:6e:be:82:88:a5:f5:fd:bc:ce:
                    ba:1f:b7:d3:14:53:b3:7b:88:94:a0:ef:e5:77:7f:
                    62:b0:b4:01:cc:1e:a2:e1:0a:a9:b8:8b:36:bb:1d:
                    15:c3:f2:0a:a0:83:0d:5e:d4:76:52:36:ba:7f:f3:
                    ef:70:fd:67:1c:dd:66:18:fa:91:ce:3a:3d:e0:e1:
                    07:8d:f4:9e:07:54:e9:a8:75:ba:56:51:d2:80:df:
                    b3:34:ed:72:2a:0f:13:d3:73:52:86:3a:a3:c3:a4:
                    fa:c3:9e:d0:4d:d5:2f:de:7d:7e:e3:e1:8e:28:bc:
                    f9:15:72:6f:17:73:2a:d6:34:76:f2:58:a4:89:7f:
                    1f:60:81:df:f3:c3:27:fb:aa:93:1e:2d:90:46:67:
                    5c:54:30:f6:58:82:cc:ff:fb:b3:91:01:73:a1:fb:
                    20:df:b6:98:bb:9c:ec:22:34:fc:db:8a:b8:df:e1:
                    91:c6:d5:4c:3a:10:0b:5a:45:db:cb:d1:67:4e:61:
                    c7:73:04:8b:58:b8:e8:fa:d8:a3:ae:65:f6:f3:d5:
                    d8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:81:A3:5A:CC:9C:A6:2D:2C:0C:2D:C7:84:37:B1:10:93:D4:D4:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/132da6ff-a8f0-434d-86f2-458d471a0187.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.43.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a0:19:2b:ee:72:f1:85:58:8a:31:25:9d:e9:24:72:9b:c9:15:
         d2:e5:0f:ca:57:fd:5f:a6:8b:db:42:bc:ea:cc:2d:f2:08:63:
         8e:f2:3b:15:1a:9e:95:8c:c9:84:70:fe:8f:ea:cc:9f:2d:8f:
         9e:ce:81:58:9c:e3:cc:ca:ed:37:e2:70:7f:3c:1e:bd:23:83:
         79:f5:48:cb:37:09:10:31:d4:6b:08:72:45:81:9a:7a:6f:46:
         f0:6d:6d:3f:9c:46:1d:e1:bb:7e:15:69:dc:11:dc:45:a5:48:
         4c:c6:83:5c:52:be:ad:53:f7:0b:dc:85:23:2a:93:c4:87:a3:
         a4:e2:f3:d0:52:ae:56:cd:4e:a2:be:67:df:e4:fe:6f:3b:59:
         a3:35:8e:01:d6:7d:35:63:4a:ce:26:f3:e7:8f:55:3c:52:a3:
         df:ad:3a:99:7b:b1:64:a8:ff:2f:aa:5a:f3:35:28:48:d7:90:
         36:3e:2b:b0:a7:c1:b3:60:1a:0f:84:8a:33:32:a3:3e:7b:47:
         03:b6:6a:bd:90:7d:96:7d:70:b3:a0:b5:d8:c1:45:94:4c:d5:
         48:0f:c7:af:c7:c3:df:eb:6c:29:e9:2f:39:b2:8f:04:e8:10:
         af:a7:58:0d:ca:4b:75:a3:a9:c5:c0:1c:99:ce:bc:38:4c:7f:
         8f:9e:8e:b7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMgiiAMZRzZgZsg/qEfD0Q2/kWWgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI1MDAwMDAwWhcNMjUwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDU2NDdhMzg2NjViNWU4NmQwMzQ3ZTU0NWM3MjI4Njcy
YWNjMDU0YjUxYmRmYTBkMmZjZmQxMjQ2MzU0Y2Y1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPrQB3zX41TxO6PqyUgWD2p8h3rgyHqM2W6R206RTtW4jQ
dr80eAxEKC0Ww6QDAu7Vt26+goil9f28zroft9MUU7N7iJSg7+V3f2KwtAHMHqLh
Cqm4iza7HRXD8gqggw1e1HZSNrp/8+9w/Wcc3WYY+pHOOj3g4QeN9J4HVOmodbpW
UdKA37M07XIqDxPTc1KGOqPDpPrDntBN1S/efX7j4Y4ovPkVcm8XcyrWNHbyWKSJ
fx9ggd/zwyf7qpMeLZBGZ1xUMPZYgsz/+7ORAXOh+yDftpi7nOwiNPzbirjf4ZHG
1Uw6EAtaRdvL0WdOYcdzBItYuOj62KOuZfbz1dhPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQULoGjWsycpi0sDC3HhDexEJPU1GowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEzMmRhNmZmLWE4ZjAtNDM0ZC04NmYyLTQ1OGQ0NzFhMDE4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCGKzANBgkqhkiG9w0BAQsFAAOCAQEAoBkr7nLxhViKMSWd6SRym8kV0uUP
ylf9X6aL20K86swt8ghjjvI7FRqelYzJhHD+j+rMny2Pns6BWJzjzMrtN+Jwfzwe
vSODefVIyzcJEDHUawhyRYGaem9G8G1tP5xGHeG7fhVp3BHcRaVITMaDXFK+rVP3
C9yFIyqTxIejpOLz0FKuVs1Oor5n3+T+bztZozWOAdZ9NWNKzibz549VPFKj3606
mXuxZKj/L6pa8zUoSNeQNj4rsKfBs2AaD4SKMzKjPntHA7ZqvZB9ln1ws6C12MFF
lEzVSA/Hr8fD3+tsKekvObKPBOgQr6dYDcpLdaOpxcAcmc68OEx/j56Otw==
-----END CERTIFICATE-----