Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b4cb002-893b-40a2-aad0-90e2c0b80597.roa
File:                     2b4cb002-893b-40a2-aad0-90e2c0b80597.roa (raw, json)
Hash identifier:          JSDIR/odSx42JA+/dUTF5Zq0nT1vQ6tGZBLQGrh2G3s=
Subject key identifier:   51:1E:4B:E8:41:D0:05:4E:03:FA:AE:23:93:DB:3A:9A:E4:EA:9E:DA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77CE9FFF3C3FDEB1D077FC26EDDDD855FA36A54F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b4cb002-893b-40a2-aad0-90e2c0b80597.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        192.210.48.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:ce:9f:ff:3c:3f:de:b1:d0:77:fc:26:ed:dd:d8:55:fa:36:a5:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=9e8561700b3a02890f7e72244e304e950ed1e88d9c109772199556d3e683b1bc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1a:f4:eb:d5:db:69:70:5a:24:6e:fb:e1:e2:
                    49:46:e1:33:71:0e:d9:22:cd:33:e7:a4:fa:b0:a9:
                    6d:4f:11:ba:fc:50:52:da:be:55:d1:74:62:3c:77:
                    3a:0e:09:74:d6:a4:1f:5e:03:d9:50:fb:b7:a2:b0:
                    48:f5:5a:49:79:b4:b7:ba:40:4d:78:37:00:d9:b2:
                    ef:b6:29:26:ad:64:6b:58:27:b1:e9:24:5e:7e:62:
                    a0:58:14:8f:47:af:d3:ae:55:3c:b4:73:c2:f6:3a:
                    26:40:8b:2f:16:d0:04:d7:f6:c8:06:09:39:a0:34:
                    58:a5:a3:81:bd:e8:ee:c7:30:1e:fe:9b:ad:c4:50:
                    7c:c5:ce:da:d8:8e:46:46:06:4d:d6:45:4f:1e:b5:
                    7a:93:df:ad:f4:fe:13:fd:49:78:3e:2a:32:6f:87:
                    86:31:de:75:a6:56:b0:f0:a9:05:6c:13:28:e3:88:
                    a1:44:d9:25:79:77:9c:43:92:61:38:2e:17:cb:54:
                    88:14:70:5f:ab:9e:5c:70:a2:44:e8:f9:c5:e0:9f:
                    85:e6:9c:e8:8f:29:93:16:0f:40:a1:38:2e:40:d3:
                    e8:56:30:a0:e4:63:be:a5:89:77:25:ea:82:1e:c0:
                    1c:97:83:fd:ea:9b:2a:a9:f6:1d:85:fa:7a:ca:6e:
                    67:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:1E:4B:E8:41:D0:05:4E:03:FA:AE:23:93:DB:3A:9A:E4:EA:9E:DA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b4cb002-893b-40a2-aad0-90e2c0b80597.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.210.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a5:92:7f:9c:af:b5:a0:d5:e6:db:d2:94:92:25:bc:06:eb:31:
         cb:03:37:eb:9f:37:31:21:fc:b7:76:ea:4e:b6:c7:23:b6:46:
         3c:d1:7f:c7:92:dc:de:a1:28:b1:65:8c:da:d1:ae:4f:ce:ef:
         d8:0a:b7:9e:be:8a:05:10:d8:28:ad:cf:85:0f:d6:ff:67:30:
         a1:3f:80:4c:7b:7a:f0:38:b5:86:4b:42:06:22:04:e6:97:4b:
         de:03:65:1c:67:97:44:29:a2:ba:fa:8f:d9:11:82:e7:41:37:
         1f:29:a9:c5:d5:f9:06:31:be:a8:b0:b8:1c:e6:28:e6:66:1e:
         4f:8a:00:f1:8d:15:12:91:af:88:d8:f3:9d:aa:5c:a8:d5:a6:
         3f:ef:cb:ff:b6:11:6a:e9:11:f4:c2:8b:a8:bf:95:6f:6c:ae:
         2e:79:b2:bf:6e:47:9d:16:45:44:cb:9c:3d:7b:b7:25:ff:88:
         85:29:0f:35:45:11:85:6c:a7:98:68:26:69:99:bf:b4:63:87:
         87:38:8d:43:04:90:eb:f0:cb:b4:85:ca:ee:2b:72:ca:21:3e:
         25:4b:ad:37:96:e6:e8:c5:aa:2c:32:4d:48:07:2a:06:21:07:
         37:04:23:5f:db:48:ea:c6:db:cf:59:60:17:a7:66:e6:70:05:
         a2:61:33:ab
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd86f/zw/3rHQd/wm7d3YVfo2pU8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZTg1NjE3MDBiM2EwMjg5MGY3ZTcyMjQ0ZTMwNGU5NTBl
ZDFlODhkOWMxMDk3NzIxOTk1NTZkM2U2ODNiMWJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9GvTr1dtpcFokbvvh4klG4TNxDtkizTPnpPqwqW1PEbr8
UFLavlXRdGI8dzoOCXTWpB9eA9lQ+7eisEj1Wkl5tLe6QE14NwDZsu+2KSatZGtY
J7HpJF5+YqBYFI9Hr9OuVTy0c8L2OiZAiy8W0ATX9sgGCTmgNFilo4G96O7HMB7+
m63EUHzFztrYjkZGBk3WRU8etXqT3630/hP9SXg+KjJvh4Yx3nWmVrDwqQVsEyjj
iKFE2SV5d5xDkmE4LhfLVIgUcF+rnlxwokTo+cXgn4XmnOiPKZMWD0ChOC5A0+hW
MKDkY76liXcl6oIewByXg/3qmyqp9h2F+nrKbmcHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUR5L6EHQBU4D+q4jk9s6muTqntowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJiNGNiMDAyLTg5M2ItNDBhMi1hYWQwLTkwZTJjMGI4MDU5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATA0jAwDQYJKoZIhvcNAQELBQADggEBAKWSf5yvtaDV5tvSlJIlvAbrMcsD
N+ufNzEh/Ld26k62xyO2RjzRf8eS3N6hKLFljNrRrk/O79gKt56+igUQ2Citz4UP
1v9nMKE/gEx7evA4tYZLQgYiBOaXS94DZRxnl0Qporr6j9kRgudBNx8pqcXV+QYx
vqiwuBzmKOZmHk+KAPGNFRKRr4jY852qXKjVpj/vy/+2EWrpEfTCi6i/lW9sri55
sr9uR50WRUTLnD17tyX/iIUpDzVFEYVsp5hoJmmZv7Rjh4c4jUMEkOvwy7SFyu4r
csohPiVLrTeW5ujFqiwyTUgHKgYhBzcEI1/bSOrG289ZYBenZuZwBaJhM6s=
-----END CERTIFICATE-----