Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f167ba2-3d62-4a61-8543-28364bba0ece.roa
File:                     1f167ba2-3d62-4a61-8543-28364bba0ece.roa (raw, json)
Hash identifier:          a4bluIORky84rKM9SH8oQF9IRnHp2uRV/GeFCT1ma60=
Subject key identifier:   26:BE:2D:18:28:0A:61:F4:7F:6D:62:54:32:F9:67:A1:A4:14:5A:68
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       678D1535F1130F9889A18F9C852750A25E0A2C63
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f167ba2-3d62-4a61-8543-28364bba0ece.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        63.249.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:8d:15:35:f1:13:0f:98:89:a1:8f:9c:85:27:50:a2:5e:0a:2c:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=538fc1775bf808e4f15b50196de0589770462f6f1cc6448d900919ed2a2d4478, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9d:3f:4e:43:07:3b:1c:06:67:75:fc:03:6f:
                    b8:8f:09:56:45:a4:91:03:d9:9b:ff:4c:c7:10:bc:
                    b4:6b:7c:05:8a:bc:7b:c1:3e:18:98:81:3e:cf:19:
                    d0:80:a6:f6:9b:46:72:30:eb:5a:87:a5:78:82:f2:
                    b9:77:2c:c9:c1:4b:9d:9c:bf:f8:80:78:ad:37:c6:
                    f2:09:cf:50:9b:5c:d1:c3:4d:46:7b:9f:7c:bb:61:
                    9a:15:7c:d3:87:f3:70:e3:36:ef:56:90:56:72:5e:
                    37:5c:9d:0f:12:bd:33:93:62:4c:d1:ec:8f:b2:60:
                    01:ad:08:e3:7c:92:63:96:2e:91:b8:3c:9e:49:e6:
                    c6:31:3f:89:94:81:ae:59:5c:7b:f6:d6:5d:0b:4b:
                    bb:ee:d6:3a:e5:92:3d:fb:7c:d2:92:20:6f:47:de:
                    fa:70:d8:ce:14:e5:11:35:0e:9a:f9:5c:5d:46:d6:
                    5f:12:ef:90:99:e2:d8:c1:92:fe:ef:e0:99:9e:0c:
                    7d:78:94:1b:e7:cc:c1:24:ad:a3:6a:30:43:fd:37:
                    98:ff:f2:e3:fa:0a:ea:4d:74:0a:94:2d:4b:a9:7e:
                    d7:ed:c2:ea:e9:29:b7:c5:96:09:cb:f3:fb:3d:22:
                    57:1a:a6:27:10:4e:b0:47:56:bb:76:96:ac:2b:2e:
                    d9:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:BE:2D:18:28:0A:61:F4:7F:6D:62:54:32:F9:67:A1:A4:14:5A:68
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f167ba2-3d62-4a61-8543-28364bba0ece.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.249.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         95:85:78:97:4f:77:77:11:fd:28:b4:95:ed:dc:66:32:64:23:
         55:86:e5:7f:01:3a:72:fb:73:10:ed:2f:a0:a4:fd:99:c3:ab:
         1e:0a:32:d3:bc:35:bc:3b:c7:5d:72:5b:2a:a3:d7:c5:6c:2e:
         91:19:27:6b:d8:6b:9d:13:eb:c4:43:6a:9c:d5:9d:73:50:86:
         f4:ea:09:7b:0c:ae:26:65:47:27:4d:57:66:da:bb:c6:4b:65:
         1f:84:8e:3d:b5:e7:7e:0d:38:fd:36:cb:1f:9e:dc:11:77:89:
         5a:09:7b:cf:07:c1:0d:de:f6:3c:91:ff:35:bc:5e:20:f2:07:
         89:59:9a:a1:ee:3a:ee:3e:53:6d:90:f8:bd:99:3c:75:f4:d2:
         78:8f:28:bc:a5:29:04:27:26:56:84:5d:42:e2:0b:13:75:0e:
         1f:43:c4:d2:53:10:66:67:87:31:14:03:38:60:ab:74:32:49:
         5c:9a:1e:fc:85:a5:23:8b:2c:7a:b7:d3:ae:75:91:54:e5:3a:
         01:bc:67:96:27:36:50:b2:e7:81:94:58:57:2f:f1:2f:e2:d5:
         0d:38:37:b8:b4:ac:f1:f0:36:24:b1:9c:a1:20:d6:8b:f7:a3:
         d2:61:60:13:f6:d8:c5:c9:45:2c:95:37:9d:48:d1:94:cd:6c:
         d2:55:3e:68
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ40VNfETD5iJoY+chSdQol4KLGMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MzhmYzE3NzViZjgwOGU0ZjE1YjUwMTk2ZGUwNTg5Nzcw
NDYyZjZmMWNjNjQ0OGQ5MDA5MTllZDJhMmQ0NDc4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqnT9OQwc7HAZndfwDb7iPCVZFpJED2Zv/TMcQvLRrfAWK
vHvBPhiYgT7PGdCApvabRnIw61qHpXiC8rl3LMnBS52cv/iAeK03xvIJz1CbXNHD
TUZ7n3y7YZoVfNOH83DjNu9WkFZyXjdcnQ8SvTOTYkzR7I+yYAGtCON8kmOWLpG4
PJ5J5sYxP4mUga5ZXHv21l0LS7vu1jrlkj37fNKSIG9H3vpw2M4U5RE1Dpr5XF1G
1l8S75CZ4tjBkv7v4JmeDH14lBvnzMEkraNqMEP9N5j/8uP6CupNdAqULUupftft
wurpKbfFlgnL8/s9IlcapicQTrBHVrt2lqwrLtlhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJr4tGCgKYfR/bWJUMvlnoaQUWmgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmMTY3YmEyLTNkNjItNGE2MS04NTQzLTI4MzY0YmJhMGVjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc/+YAwDQYJKoZIhvcNAQELBQADggEBAJWFeJdPd3cR/Si0le3cZjJkI1WG
5X8BOnL7cxDtL6Ck/ZnDqx4KMtO8Nbw7x11yWyqj18VsLpEZJ2vYa50T68RDapzV
nXNQhvTqCXsMriZlRydNV2bau8ZLZR+Ejj21534NOP02yx+e3BF3iVoJe88HwQ3e
9jyR/zW8XiDyB4lZmqHuOu4+U22Q+L2ZPHX00niPKLylKQQnJlaEXULiCxN1Dh9D
xNJTEGZnhzEUAzhgq3QySVyaHvyFpSOLLHq30651kVTlOgG8Z5YnNlCy54GUWFcv
8S/i1Q04N7i0rPHwNiSxnKEg1ov3o9JhYBP22MXJRSyVN51I0ZTNbNJVPmg=
-----END CERTIFICATE-----