Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2085a7d7-637a-4a5c-ab19-0a2ec094db2c.roa
File:                     2085a7d7-637a-4a5c-ab19-0a2ec094db2c.roa (raw, json)
Hash identifier:          Y7otn+eiy03gVMpGu0Lp+2sE8EmFD2gr1tNyNOjOnFE=
Subject key identifier:   C9:E1:10:51:D6:22:BA:B7:E5:13:77:77:B7:D8:FB:55:88:E7:16:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4EEF8E8BAC1662C1A6A4A08373E6DDC4EEEC8BE0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2085a7d7-637a-4a5c-ab19-0a2ec094db2c.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        199.182.240.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ef:8e:8b:ac:16:62:c1:a6:a4:a0:83:73:e6:dd:c4:ee:ec:8b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=ddb20458c5f4a3387e6228b77ab7ff3f59b12b0920464e987691244434122b60, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:1a:17:12:a9:b4:0c:f7:32:9f:e9:8b:1e:90:
                    93:c4:25:a1:7c:0f:f3:bf:27:7a:50:cc:ab:7e:2d:
                    23:ae:c1:92:53:44:b0:09:af:4e:af:19:d0:53:52:
                    e8:f3:a5:dc:07:5b:b7:33:51:9e:38:c4:bc:3e:50:
                    4a:fd:3e:8d:c1:21:5b:22:81:f1:12:ec:73:a6:20:
                    55:1b:82:a3:3b:1c:32:72:3c:00:6d:42:79:35:d2:
                    ac:c3:c2:1f:d8:68:b0:41:d5:1b:7b:6f:0c:f6:cc:
                    88:bd:64:10:33:23:e3:5b:04:5f:a9:73:96:cc:dd:
                    52:e0:83:d1:ed:76:68:7e:79:d1:da:ff:48:37:55:
                    3b:66:1c:6a:cc:54:9b:e1:15:e0:73:06:34:ab:84:
                    67:c4:ba:33:16:db:e5:b5:9f:d4:6e:f0:19:f5:54:
                    ca:25:67:35:0f:2b:b1:65:f3:9a:22:a4:32:77:7b:
                    ea:82:ab:cf:bc:ff:cd:fd:34:0c:91:aa:d4:6c:f2:
                    0b:0a:c0:aa:02:13:f2:6f:c8:62:02:36:0c:ab:ce:
                    da:bc:99:c5:16:66:a9:04:4c:b5:37:6a:68:35:ae:
                    e9:75:0e:2a:e3:89:5a:67:1b:c9:8c:ae:d8:7c:23:
                    45:99:5e:7a:ee:97:81:61:e6:a0:92:85:a0:10:67:
                    74:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:E1:10:51:D6:22:BA:B7:E5:13:77:77:B7:D8:FB:55:88:E7:16:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2085a7d7-637a-4a5c-ab19-0a2ec094db2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.182.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         76:27:6a:64:fc:bd:32:1a:b3:a0:59:ca:24:8c:9a:e4:03:20:
         2f:8b:98:06:25:01:e6:e6:94:b9:39:8a:dc:50:13:22:6f:ac:
         c9:6a:34:85:e3:3b:5a:49:57:e4:c0:0f:0e:36:42:cf:e4:2f:
         4a:34:60:a7:dd:15:3b:7f:0f:97:85:a8:c1:14:54:0c:d4:16:
         c3:3d:90:04:97:78:1b:e7:0e:89:ff:94:84:58:dc:9c:6d:a4:
         4c:ac:f7:9b:cd:c5:db:d2:c1:c5:61:22:52:9b:88:94:1f:84:
         35:03:fd:c0:37:92:31:43:2d:9b:f3:2d:0c:dc:5f:0e:81:0d:
         cc:fc:24:9e:85:0c:a1:7c:5b:97:8d:08:02:06:2f:7c:43:29:
         b1:41:06:ac:d3:34:c8:4b:f2:fc:d7:da:4a:6c:48:03:c6:0a:
         8e:37:75:e8:84:6a:8f:ab:ef:24:b8:b6:0c:8b:22:9b:43:42:
         33:6e:d5:eb:51:4b:e4:50:3c:79:76:55:11:cb:ae:12:fb:db:
         29:c7:18:54:1f:6a:4d:f8:83:cc:a8:37:f5:fd:07:d7:f2:7d:
         1e:ab:7a:3b:9d:c9:3e:1d:bd:bf:4d:00:1a:ab:47:89:62:05:
         c8:9d:f4:48:9c:b3:60:9d:e9:81:89:7a:a2:75:2f:25:43:42:
         7f:ed:2f:01
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTu+Oi6wWYsGmpKCDc+bdxO7si+AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZGIyMDQ1OGM1ZjRhMzM4N2U2MjI4Yjc3YWI3ZmYzZjU5
YjEyYjA5MjA0NjRlOTg3NjkxMjQ0NDM0MTIyYjYwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD2GhcSqbQM9zKf6YsekJPEJaF8D/O/J3pQzKt+LSOuwZJT
RLAJr06vGdBTUujzpdwHW7czUZ44xLw+UEr9Po3BIVsigfES7HOmIFUbgqM7HDJy
PABtQnk10qzDwh/YaLBB1Rt7bwz2zIi9ZBAzI+NbBF+pc5bM3VLgg9Htdmh+edHa
/0g3VTtmHGrMVJvhFeBzBjSrhGfEujMW2+W1n9Ru8Bn1VMolZzUPK7Fl85oipDJ3
e+qCq8+8/839NAyRqtRs8gsKwKoCE/JvyGICNgyrztq8mcUWZqkETLU3amg1rul1
DirjiVpnG8mMrth8I0WZXnrul4Fh5qCShaAQZ3RbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyeEQUdYiurflE3d3t9j7VYjnFnMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIwODVhN2Q3LTYzN2EtNGE1Yy1hYjE5LTBhMmVjMDk0ZGIyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATHtvAwDQYJKoZIhvcNAQELBQADggEBAHYnamT8vTIas6BZyiSMmuQDIC+L
mAYlAebmlLk5itxQEyJvrMlqNIXjO1pJV+TADw42Qs/kL0o0YKfdFTt/D5eFqMEU
VAzUFsM9kASXeBvnDon/lIRY3JxtpEys95vNxdvSwcVhIlKbiJQfhDUD/cA3kjFD
LZvzLQzcXw6BDcz8JJ6FDKF8W5eNCAIGL3xDKbFBBqzTNMhL8vzX2kpsSAPGCo43
deiEao+r7yS4tgyLIptDQjNu1etRS+RQPHl2VRHLrhL72ynHGFQfak34g8yoN/X9
B9fyfR6rejudyT4dvb9NABqrR4liBcid9Eics2Cd6YGJeqJ1LyVDQn/tLwE=
-----END CERTIFICATE-----