Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1bcdda66-b966-422c-8b0e-6689e85a5d1c.roa
File:                     1bcdda66-b966-422c-8b0e-6689e85a5d1c.roa (raw, json)
Hash identifier:          RxJ4JvdMBARCdHzKzAMK9K3NHsmXo8TSpjirEHGoWmY=
Subject key identifier:   22:C8:5A:55:42:94:71:DA:8E:12:0B:EE:48:A6:E4:E7:1D:78:08:32
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       03AAB25F6D9E55C68D6C71E825948BB3DC4BBCE2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1bcdda66-b966-422c-8b0e-6689e85a5d1c.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        5.60.212.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:aa:b2:5f:6d:9e:55:c6:8d:6c:71:e8:25:94:8b:b3:dc:4b:bc:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=805bf016594f1d9f229172305590ead2d8ea118fc54665c88c21e0f85d787458, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2a:f2:f4:d0:a7:48:5f:4a:70:0c:df:82:53:
                    61:81:70:5d:fb:5d:a2:03:4e:91:6d:fc:d8:30:f5:
                    b5:68:2f:4c:c4:92:5a:f8:7f:7b:a2:f9:60:b7:dd:
                    ef:da:49:e7:49:ca:f7:f4:20:78:3d:24:58:21:ac:
                    6b:67:4d:14:68:24:d3:2f:5d:95:8d:2d:d0:b7:93:
                    d1:b1:63:52:1d:8b:27:71:a5:6e:03:de:4e:3c:b7:
                    56:ce:86:60:3b:a7:d5:57:7d:b1:1d:88:38:34:a4:
                    4f:97:ea:ca:f2:64:d8:12:a0:45:0c:9e:95:69:76:
                    5d:30:d1:06:c9:2b:e7:19:df:94:d5:bd:c6:a5:ff:
                    2d:cc:36:74:0c:6c:cd:bd:52:2d:c8:43:5e:2e:6e:
                    84:54:b3:d1:69:b7:f5:7c:31:83:76:dd:b4:f6:24:
                    32:30:e9:ad:53:fe:a9:4c:1d:a9:5e:6a:e9:11:c2:
                    82:66:57:75:94:d0:60:27:62:fe:2a:fc:30:72:e4:
                    55:70:33:c8:b0:71:27:22:1c:0d:5f:58:b9:ab:70:
                    a6:67:cc:c3:a1:4b:b5:fd:da:3c:7c:4a:fc:46:1d:
                    8c:27:3f:56:8d:76:44:5f:3e:a0:59:15:8a:51:d8:
                    a4:ef:9c:67:3d:59:cb:e5:9f:00:24:40:a9:66:49:
                    3b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:C8:5A:55:42:94:71:DA:8E:12:0B:EE:48:A6:E4:E7:1D:78:08:32
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1bcdda66-b966-422c-8b0e-6689e85a5d1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.60.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:bf:29:32:9b:62:33:58:2d:8f:25:62:7f:17:0d:6a:75:5d:
         ef:03:51:67:72:62:86:3f:06:60:14:de:48:8b:f9:a6:20:27:
         a9:42:8c:18:bc:3a:f6:bb:7b:a9:7c:35:2f:c7:f3:1e:dc:64:
         f6:7c:71:d3:6d:e0:6e:4e:34:46:65:8a:b3:e8:12:61:6b:45:
         5c:88:fc:4c:00:d4:45:98:09:ca:f6:bb:c1:da:d1:d4:43:f2:
         7a:9b:5e:b9:d8:c7:30:3a:46:67:54:99:ed:3b:61:46:ec:9a:
         17:0e:12:c1:83:f7:f2:93:e9:c4:e6:43:51:05:b1:f4:30:24:
         3c:2d:74:a3:6d:7d:9b:7a:f1:75:48:75:f3:bc:00:b7:b5:4c:
         e1:c2:41:67:7d:72:77:03:6b:01:70:b0:fb:c7:22:dc:c7:be:
         cb:be:56:f5:53:75:31:2a:a4:52:3f:58:29:97:5d:59:0a:48:
         c4:ba:3c:49:a4:0b:fc:e4:cd:3b:2e:ad:07:01:91:20:f8:56:
         36:8d:cd:6d:ec:13:cd:01:a6:1a:f5:8a:e2:32:12:5b:4d:18:
         b1:cb:fa:b1:e1:78:8f:30:9e:cf:54:ef:0c:6d:13:ab:77:ee:
         1b:b0:83:24:40:c2:b0:e9:45:5d:fe:27:90:78:dc:90:32:29:
         26:16:16:a0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA6qyX22eVcaNbHHoJZSLs9xLvOIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDViZjAxNjU5NGYxZDlmMjI5MTcyMzA1NTkwZWFkMmQ4
ZWExMThmYzU0NjY1Yzg4YzIxZTBmODVkNzg3NDU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3KvL00KdIX0pwDN+CU2GBcF37XaIDTpFt/Ngw9bVoL0zE
klr4f3ui+WC33e/aSedJyvf0IHg9JFghrGtnTRRoJNMvXZWNLdC3k9GxY1Idiydx
pW4D3k48t1bOhmA7p9VXfbEdiDg0pE+X6sryZNgSoEUMnpVpdl0w0QbJK+cZ35TV
vcal/y3MNnQMbM29Ui3IQ14uboRUs9Fpt/V8MYN23bT2JDIw6a1T/qlMHaleaukR
woJmV3WU0GAnYv4q/DBy5FVwM8iwcSciHA1fWLmrcKZnzMOhS7X92jx8SvxGHYwn
P1aNdkRfPqBZFYpR2KTvnGc9WcvlnwAkQKlmSTtpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIshaVUKUcdqOEgvuSKbk5x14CDIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFiY2RkYTY2LWI5NjYtNDIyYy04YjBlLTY2ODllODVhNWQxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIFPNQwDQYJKoZIhvcNAQELBQADggEBAEW/KTKbYjNYLY8lYn8XDWp1Xe8D
UWdyYoY/BmAU3kiL+aYgJ6lCjBi8Ova7e6l8NS/H8x7cZPZ8cdNt4G5ONEZlirPo
EmFrRVyI/EwA1EWYCcr2u8Ha0dRD8nqbXrnYxzA6RmdUme07YUbsmhcOEsGD9/KT
6cTmQ1EFsfQwJDwtdKNtfZt68XVIdfO8ALe1TOHCQWd9cncDawFwsPvHItzHvsu+
VvVTdTEqpFI/WCmXXVkKSMS6PEmkC/zkzTsurQcBkSD4VjaNzW3sE80Bphr1iuIy
EltNGLHL+rHheI8wns9U7wxtE6t37huwgyRAwrDpRV3+J5B43JAyKSYWFqA=
-----END CERTIFICATE-----